20763 matches found
CVE-2026-33292
WWBN AVideo is an open source video platform. Prior to version 26.0, the HLS streaming endpoint view/hls.php is vulnerable to a path traversal attack that allows an unauthenticated attacker to stream any private or paid video on the platform. The videoDirectory GET parameter is used in two...
CVE-2026-33292
Summary (CVE-2026-33292) : WWBN AVideo is vulnerable prior to 26.0 due to a path traversal split-oracle in the HLS endpoint view/hls.php. The GET parameter videoDirectory is processed in two code paths: an authorization path that truncates after the first slash, and a file-access path that preser...
CVE-2026-33292 AVideo has Authorization Bypass via Path Traversal in HLS Endpoint Allows Streaming Private/Paid Videos
WWBN AVideo is an open source video platform. Prior to version 26.0, the HLS streaming endpoint view/hls.php is vulnerable to a path traversal attack that allows an unauthenticated attacker to stream any private or paid video on the platform. The videoDirectory GET parameter is used in two...
EUVD-2019-19961
NetNumber Titan Master 7.9.1 contains a path traversal vulnerability in the drp endpoint that allows authenticated users to download arbitrary files by injecting directory traversal sequences. Attackers can manipulate the path parameter with base64-encoded payloads containing ../ sequences to...
CVE-2019-25610
NetNumber Titan Master 7.9.1 contains a path traversal vulnerability in the drp endpoint that allows authenticated users to download arbitrary files by injecting directory traversal sequences. Attackers can manipulate the path parameter with base64-encoded payloads containing ../ sequences to...
CVE-2019-25610
NetNumber Titan Master 7.9.1 contains a path traversal vulnerability in the drp endpoint that allows authenticated users to download arbitrary files by injecting directory traversal sequences. An attacker can manipulate the path parameter with base64-encoded payloads containing ../ sequences to b...
CVE-2019-25610 NetNumber Titan Master 7.9.1 Path Traversal via drp
NetNumber Titan Master 7.9.1 contains a path traversal vulnerability in the drp endpoint that allows authenticated users to download arbitrary files by injecting directory traversal sequences. Attackers can manipulate the path parameter with base64-encoded payloads containing ../ sequences to...
CVE-2019-25610 NetNumber Titan Master 7.9.1 Path Traversal via drp
NetNumber Titan Master 7.9.1 contains a path traversal vulnerability in the drp endpoint that allows authenticated users to download arbitrary files by injecting directory traversal sequences. Attackers can manipulate the path parameter with base64-encoded payloads containing ../ sequences to...
CVE-2019-25610
NetNumber Titan Master 7.9.1 contains a path traversal vulnerability in the drp endpoint that allows authenticated users to download arbitrary files by injecting directory traversal sequences. Attackers can manipulate the path parameter with base64-encoded payloads containing ../ sequences to...
WWBN AVideo 路径遍历漏洞
WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 26.0 contained a path traversal vulnerability. This vulnerability stemmed from the deleteDump parameter in the cloneServer.json.php file being passed directly to the unlink...
PT-2026-26998
NetNumber Titan Master 7.9.1 contains a path traversal vulnerability in the drp endpoint that allows authenticated users to download arbitrary files by injecting directory traversal sequences. Attackers can manipulate the path parameter with base64-encoded payloads containing ../ sequences to...
EUVD-2019-19902
phpTransformer 2016.9 contains a directory traversal vulnerability that allows unauthenticated attackers to access arbitrary files by manipulating the path parameter. Attackers can send requests to the jQueryFileUploadmaster server endpoint with traversal sequences ../../../../../../ to list and...
EUVD-2019-19900
SeoToaster Ecommerce 3.0.0 contains a local file inclusion vulnerability that allows authenticated attackers to read arbitrary files by manipulating path parameters in backend theme endpoints. Attackers can send POST requests to /backend/backendtheme/editcss/ or /backend/backendtheme/editjs/ with...
EUVD-2019-19896
Green CMS 2.x contains a path traversal vulnerability that allows authenticated attackers to download arbitrary files and directories by injecting directory traversal sequences. Attackers can manipulate the themename parameter in the themeexporthandle action or supply base64-encoded file paths to...
Exploit for XML Injection (aka Blind XPath Injection) in Fonttools
fontvarlib.py — CVE-2025-66034 fontTools varLib — Arbi...
CVE-2019-25577
SeoToaster Ecommerce 3.0.0 contains a local file inclusion vulnerability that allows authenticated attackers to read arbitrary files by manipulating path parameters in backend theme endpoints. Attackers can send POST requests to /backend/backendtheme/editcss/ or /backend/backendtheme/editjs/ with...
CVE-2019-25579
phpTransformer 2016.9 contains a directory traversal vulnerability that allows unauthenticated attackers to access arbitrary files by manipulating the path parameter. Attackers can send requests to the jQueryFileUploadmaster server endpoint with traversal sequences ../../../../../../ to list and...
CVE-2019-25574
Green CMS 2.x contains a path traversal vulnerability that allows authenticated attackers to download arbitrary files and directories by injecting directory traversal sequences. Attackers can manipulate the themename parameter in the themeexporthandle action or supply base64-encoded file paths to...
eBPF-Guard
eBPF Guard eBPF-based Container Runtime Security Tool...
CVE-2019-25579
CVE-2019-25579 affects phpTransformer 2016.9. The vulnerability is a directory traversal in the jQueryFileUploadmaster endpoint: an unauthenticated attacker can manipulate the path parameter to access arbitrary files outside the intended directory by using traversal sequences (../../../../../../)...