In versions 3.06 and prior, the file `panorama.pm` is vulnerable to a Path Traversal vulnerability which allows an attacker to upload a file to any folder which has write permissions on the affected system. Thruk is a multibackend monitoring webinterface which currently supports Naemon, Icinga, Shinken and Nagios as backends. OfflinePlayerService.exe in Harbinger Offline Player 4.0.6.0.2 allows directory traversal as LocalSystem via.
This allows an unauthenticated remote user, when a crafted POST request is made against unauthenticated API routes, to access otherwise protected API routes leading to escalation of privileges and information disclosure. In Percona Monitoring and Management (PMM) server 2.x before 2.37.1, the authenticate function in auth_server.go does not properly formalize and sanitize URL paths to reject path traversal attempts. This vulnerability allows attackers to execute arbitrary code and perform a local file inclusion.ĭirectory traversal vulnerability in ujcms 6.0.2 allows attackers to move files via the rename feature. Cmseasy v7.7.7.7 20230520 was discovered to contain a path traversal vulnerability via the add_action method at lib/admin/language_admin.php.
0 kommentar(er)
