Only few specific folder hierarchies can be exposed by this flaw Ī vulnerability was found in keycloak, where path traversal using URL-encoded path segments in the request is possible because the resources endpoint applies a transformation of the url path to the file path. An attacker controlling a remote repository may be able to copy files outside of the destination directory on the targeted system via. A directory traversal vulnerability was found where it failed to sanitize paths in remote repository metadata. Intelbras TIP 200 60.61.75.15, TIP 200 LITE 60.61.75.15, and TIP 300 65.61.75.22 devices allow cgi-bin/cgiServer.exx?page=./ Directory Traversal.Ī flaw was found in librepo in versions before 1.12.1. HWRResProvider allows path traversal for data exposure. ProcessMaker =8.14, =13.4, =13.5, is used, directory traversal validation can be bypassed.Īn issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. ProcessMaker Local File inclusion Vulnerability. An arbitrary file download vulnerability exists in Modern POS due to improper validation of 'path' parameter in file download action. Modern POS Arbitrary File Download Vulnerability. The flaw exists due to insufficient validation of input passed via multiple parameters. A local file inclusion vulnerability exists in Samsung WLAN AP router due to an improper validation of used supplied input passed via HTTP GET request. Samsung WLAN AP Local File Inclusion Vulnerability. The flaw exists due to improper access restrictions imposed on the files WordPress Ultimate Form Builder Plugins Information Disclosure Vulnerability. The flaw exists due to insufficient validation of input passed via 'path' parameter to 'admin.php' script. Wordpress Loco Translate Plugin LFI Vulnerability. The flaw exists as the configuration including passwords is downloadable without authentication. Lupusec XT2 Plus Main Panel Information Disclosure Vulnerability. The flaw exists due to insufficient validation of input passed via 'page' parameter to 'admin-ajax.php' script. The flaw exists as the application allows any user to read files from the server without authentication.įorm Maker Wordpress Plugin LFI Vulnerability. gSOAP is prone to a directory traversal vulnerability which allows an unauthorized attacker to read files or directories.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |