215553 matches found
The vulnerability of the Kerberos protocol for Windows operating systems allows attackers to increase their privileges.
The vulnerability of the Kerberos protocol for Windows operating systems is related to errors in the mechanism for handling relative pathnames to the directory. Exploiting this vulnerability can allow a malicious actor to increase their privileges remotely...
Oracle E-Business Suite 12.1.3/12.2.x - Open Redirect
The Oracle Applications Framework component of Oracle E-Business Suite subcomponent: Popup windows lists of values, datepicker, etc. is impacted by open redirect issues in versions 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. These easily exploitable vulnerabilities allow unauthenticated attackers...
Gradio - Absolute Path Traversal
Gradio 6.7 on Windows with Python 3.13+ contains an absolute path traversal caused by incorrect path validation in path joining logic, letting unauthenticated attackers read arbitrary files from the server. id: CVE-2026-28414 info: name: Gradio - Absolute Path Traversal author: 0xAkoko severity:...
MPDV Mikrolab GmbH HYDRA X, MIP 2 & FEDRA 2 - Path Traversal
MPDV Mikrolab GmbH HYDRA X, MIP 2, and FEDRA 2 = Maintenance Pack 36 with Servicepack 8 week 36/2025 contain an unauthenticated local file disclosure vulnerability caused by improper validation of the "Filename" parameter in the public $SCHEMAS$ resource, letting attackers read arbitrary Windows ...
PerkinElmer ProcessPlus <= 1.11.6507.0 - Local File Inclusion
Files on the Windows system are accessible without authentication to external parties due to a local file inclusion in PerkinElmer ProcessPlus.This issue affects ProcessPlus through 1.11.6507.0. id: CVE-2024-6911 info: name: PerkinElmer ProcessPlus = 1.11.6507.0 - Local File Inclusion author:...
WebIQ 2.15.9 - Directory Traversal
The Windows version of WebIQ 2.15.9 is affected by a directory traversal vulnerability that allows remote attackers to read any file on the system. id: CVE-2024-8752 info: name: WebIQ 2.15.9 - Directory Traversal author: s4e-io severity: high description: | The Windows version of WebIQ 2.15.9 is...
Splunk Enterprise - Local File Inclusion
In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. This vulnerability should only affect Splunk Enterprise on Windows. id: CVE-2024-36991 info: name: Splunk...
EasySpider 0.6.2 - Arbitrary File Read
A vulnerability classified as problematic was found in NaiboWang EasySpider 0.6.2 on Windows. Affected by this vulnerability is an unknown functionality of the file \EasySpider\resources\app\server.js of the component HTTP GET Request Handler. The manipulation with the input...
Academy LMS 6.2 - Cross-Site Scripting
A vulnerability was found in Academy LMS 6.2 on Windows. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /academy/tutor/filter of the component GET Parameter Handler. The manipulation of the argument...
ShokoServer System - Local File Inclusion (LFI)
ShokoServer is a media server which specializes in organizing anime. In affected versions the /api/Image/WithPath endpoint is accessible without authentication and is supposed to return default server images. The endpoint accepts the parameter serverImagePath, which is not sanitized in any way...
Qlik Sense Enterprise - Path Traversal
A path traversal vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows an unauthenticated remote attacker to generate an anonymous...
Apache OFBiz - Remote Code Execution
Apache OFBiz below 18.12.16 is vulnerable to unauthenticated remote code execution on Linux and Windows. An attacker with no valid credentials can exploit missing view authorization checks in the web application to execute arbitrary code on the server id: CVE-2024-45195 info: name: Apache OFBiz -...
Kaseya VSA < 9.5.7 - Credential Disclosure via Windows Agent
Kaseya VSA before 9.5.7 allows credential disclosure, as exploited in the wild in July 2021. By default Kaseya VSA on premise offers a download page where the clients for the installation can be downloaded. The default URL for this page is https://x.x.x.x/dl.asp When an attacker download a client...
Ivanti Avalanche 6.3.2 - Local File Inclusion
Ivanti Avalanche 6.3.2 is vulnerable to local file inclusion because it allows remote unauthenticated user to access files that reside outside the 'image' folder. id: CVE-2021-30497 info: name: Ivanti Avalanche 6.3.2 - Local File Inclusion author: gy741 severity: high description: Ivanti Avalanch...
LOLLMS WebUI - Absolute Path Traversal
An absolute path traversal vulnerability exists in parisneo/lollms-webui v9.6, specifically in the openfile endpoint of lollmsadvanced.py. The sanitizepath function with allowabsolutepath=True allows an attacker to access arbitrary files and directories on a Windows system. This vulnerability can...
CVE-2026-57211
RabbitMQ on Windows with the management plugin is affected prior to versions 4.1.11 and 4.2.6. The static file handler rabbit_mgmt_wm_static can pass URL-encoded backslashes to erl_prim_loader:read_file_info before path validation when multiple management extension plugins are enabled, enabling o...
FTP Fetch, Windows Command Shell, Bind TCP Inline
Fetch and execute an x86 payload from an FTP server. Listen for a connection and spawn a command shell Module Options msf use payload/cmd/windows/ftp/x86/shellbindtcp msf payloadshellbindtcp show actions ...actions... msf payloadshellbindtcp set ACTION msf payloadshellbindtcp show options ...show...
FTP Fetch, Windows Disable Windows ICF, Command Shell, Bind TCP Inline
Fetch and execute an x86 payload from an FTP server. Disable the Windows ICF, then listen for a connection and spawn a command shell Module Options msf use payload/cmd/windows/ftp/x86/shellbindtcpxpfw msf payloadshellbindtcpxpfw show actions ...actions... msf payloadshellbindtcpxpfw set ACTION ms...
FTP Fetch, Windows Command Shell, Reverse UDP Stager with UUID Support
Fetch and execute an x86 payload from an FTP server. Spawn a piped command shell staged. Connect back to the attacker with UUID Support Module Options msf use payload/cmd/windows/ftp/x86/shell/reverseudp msf payloadreverseudp show actions ...actions... msf payloadreverseudp set ACTION msf...
FTP Fetch, Windows Upload/Execute, Reverse Ordinal TCP Stager (No NX or Win7)
Fetch and execute an x86 payload from an FTP server. Uploads an executable and runs it staged. Connect back to the attacker Module Options msf use payload/cmd/windows/ftp/x86/upexec/reverseordtcp msf payloadreverseordtcp show actions ...actions... msf payloadreverseordtcp set ACTION msf...