![]() ![]() ![]() JFinalCMS 5.0.0 could allow a remote attacker to read files via. Zoho ManageEngine ADAudit Plus before 7270 allows admin users to view names of arbitrary directories via path traversal. This vulnerability allows an unauthenticated, remote attacker to obtain arbitrary sensitive file contents by uploading a specially crafted symbolic link file. An unauthenticated directory traversal, exploitable with a GET request to a /resource-data/.txt URI (from views.py), allows attackers to read arbitrary files.įLIR AX8 thermal sensor cameras up to and including 1.46.16 are vulnerable to Directory Traversal due to improper access restriction. To be vulnerable to the bypass, the application must use toolkit version URI (from views.py), allows attackers to write to arbitrary files.Īn issue was discovered in the flaskcode package through 0.0.8 for Python. ![]() `ZipSecurity#isBelowCurrentDirectory` is vulnerable to a partial-path traversal bypass. The Pixee Java Code Security Toolkit is a set of security APIs meant to help secure Java code. In JetBrains TeamCity before 2023.11.2 limited directory traversal was possible in the Kotlin DSL documentation XenForo before 2.2.14 allows Directory Traversal (with write access) by an authenticated user who has permissions to administer styles, and uses a ZIP archive for Styles Import. This occurs because the value of the gpg -use-embedded-filenames option is trusted. ssh/id_rsa, may be disclosed to an attacker. Diffoscope before 256 allows directory traversal via an embedded filename in a GPG file. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |