CVE-2025-55193 Active Record logging vulnerable to ANSI escape injection

Active Record connects classes to relational database tables. Prior to versions 7.1.5.2, 7.2.2.2, and 8.0.2.1, the ID passed to find or similar methods may be logged without escaping. If this is directly to the terminal it may include unescaped ANSI sequences. This issue has been patched in...

GHSA-76R7-HHXJ-R776 Active Record logging vulnerable to ANSI escape injection

This vulnerability has been assigned the CVE identifier CVE-2025-55193 Impact The ID passed to find or similar methods may be logged without escaping. If this is directly to the terminal it may include unescaped ANSI sequences. Releases The fixed releases are available at the normal locations...

Active Record logging vulnerable to ANSI escape injection

This vulnerability has been assigned the CVE identifier CVE-2025-55193 Impact The ID passed to find or similar methods may be logged without escaping. If this is directly to the terminal it may include unescaped ANSI sequences. Releases The fixed releases are available at the normal locations...

CVE-2011-10010

QuickShare File Server 1.2.1 contains a path traversal vulnerability in its FTP service due to improper sanitation of user-supplied file paths. Authenticated users can exploit this flaw by submitting crafted sequences to access or write files outside the intended virtual directory. When the...

CVE-2011-10009

S40 CMS v0.4.2 contains a path traversal vulnerability in its index.php page handler. The p parameter is not properly sanitized, allowing attackers to traverse the file system and access arbitrary files outside the web root. This can be exploited remotely without authentication by appending...

CVE-2011-10009 S40 CMS 0.4.2 Path Traversal

S40 CMS v0.4.2 contains a path traversal vulnerability in its index.php page handler. The p parameter is not properly sanitized, allowing attackers to traverse the file system and access arbitrary files outside the web root. This can be exploited remotely without authentication by appending...

CVE-2011-10009 S40 CMS 0.4.2 Path Traversal

S40 CMS v0.4.2 contains a path traversal vulnerability in its index.php page handler. The p parameter is not properly sanitized, allowing attackers to traverse the file system and access arbitrary files outside the web root. This can be exploited remotely without authentication by appending...

CVE-2011-10009

Affected software: S40 CMS v0.4.2. Vulnerability: path traversal via the index.php page handler; the p parameter is not properly sanitized, enabling traversal of the file system and access to arbitrary files outside the web root. Impact: remote, unauthenticated exploitation leading to potential e...

CVE-2011-10010

The CVE-2011-10010 entry affects QuickShare File Server 1.2.1 and describes a path traversal flaw in the FTP service caused by improper sanitation of user-supplied file paths. Authenticated users can submit crafted sequences to access/write files outside the virtual directory, and when the Writab...

CVE-2011-10010 QuickShare File Server 1.2.1 Path Traversal RCE

QuickShare File Server 1.2.1 contains a path traversal vulnerability in its FTP service due to improper sanitation of user-supplied file paths. Authenticated users can exploit this flaw by submitting crafted sequences to access or write files outside the intended virtual directory. When the...

CVE-2011-10010 QuickShare File Server 1.2.1 Path Traversal RCE

QuickShare File Server 1.2.1 contains a path traversal vulnerability in its FTP service due to improper sanitation of user-supplied file paths. Authenticated users can exploit this flaw by submitting crafted sequences to access or write files outside the intended virtual directory. When the...

CVE-2011-10010

QuickShare File Server 1.2.1 contains a path traversal vulnerability in its FTP service due to improper sanitation of user-supplied file paths. Authenticated users can exploit this flaw by submitting crafted sequences to access or write files outside the intended virtual directory. When the...

Directory Traversal

Overview nemo-toolkit is a NeMo - a toolkit for Conversational AI Affected versions of this package are vulnerable to Directory Traversal via the model loading process. An attacker can execute arbitrary code and tamper with data by supplying a .nemo file containing maliciously crafted metadata...

Exploit for Path Traversal in Rarlab Winrar

CVE-2025-8088 WinRAR Proof of Concept PoC-Exploit !PoCht...

Directory Traversal

Overview studio-42/elfinder is an open-source file manager for web, written in JavaScript using jQuery UI. Affected versions of this package are vulnerable to Directory Traversal via the onShutdown function in the elFinder.class.php file. An attacker can delete arbitrary files by sending crafted...

Rails 安全漏洞

Rails is a set of open source web application frameworks based on the Ruby language from the US-based Rails team. A security vulnerability exists in versions prior to Rails 7.1.5.2, 7.2.2.2, and 8.0.2.1, which stems from the possibility that unescaped IDs may contain ANSI sequences, which could...

PT-2025-33099

Name of the Vulnerable Software and Affected Versions: Active Record versions prior to 7.1.5.2 Active Record versions prior to 7.2.2.2 Active Record versions prior to 8.0.2.1 Description: Active Record connects classes to relational database tables. The ID passed to find or similar methods may be...

PT-2025-33078 · S40 Cms · S40 Cms

Name of the Vulnerable Software and Affected Versions: S40 CMS version 0.4.2 Description: S40 CMS version 0.4.2 contains a path traversal vulnerability in its index.php page handler. The p parameter is not properly sanitized, allowing attackers to traverse the file system and access arbitrary fil...

PT-2025-33079 · Unknown · Quickshare File Server

Name of the Vulnerable Software and Affected Versions: QuickShare File Server version 1.2.1 Description: QuickShare File Server version 1.2.1 contains a path traversal vulnerability in its FTP service due to improper sanitation of user-supplied file paths. Authenticated users can exploit this fla...

Active Record logging vulnerable to ANSI escape injection

This vulnerability has been assigned the CVE identifier CVE-2025-55193 Impact The ID passed to find or similar methods may be logged without escaping. If this is directly to the terminal, it may include unescaped ANSI sequences. Releases The fixed releases are available at the normal locations...