Directory Traversal

Overview @saltcorn/server is a Server app for Saltcorn, open-source no-code platform Affected versions of this package are vulnerable to Directory Traversal via the POST /sync/offlinechanges and GET /sync/uploadfinished endpoints, which improperly handle user-supplied input in path construction. ...

CVE-2026-33669

SiYuan (personal knowledge management system) had a vulnerability prior to version 3.6.2 where document IDs could be retrieved via /api/file/readDir and then /api/block/getChildBlocks could be used to view content of all documents, effectively enabling arbitrary document reading within the Publis...

Flowise Security Vulnerabilities

Flowise is a tool for easily building LLM applications. A security vulnerability exists in Flowise version 1.4.3, which stems from the presence of a reflective cross-site scripting vulnerability that could allow an attacker to read arbitrary files from the server...

Arbitrary File Disclosure Via Password Leakage

vrana/adminer is vulnerable to arbitrary file disclosure. The vulnerability exists because the user credential requests when connecting to the database are not properly validated which allows an attacker to send requests to establish a database connection and arbitrarily read files on the server...

Adobe Illustrator 资源管理错误漏洞

Adobe Illustrator 2021 is a vector drawing software. A security vulnerability exists in Adobe Illustrator 2021 25.2.3 and earlier versions when handling specially crafted files. An attacker can exploit the vulnerability to read arbitrary file systems...

CVE-2019-9791

The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time JIT compiler and when the constructor function is entered through on-stack replacement OSR. This allows for possible arbitrary...

Android Binder Use-After-Free Exploit

This module exploits CVE-2019-2215, which is a use-after-free in Binder in the Android kernel. The bug is a local privilege escalation vulnerability that allows for a full compromise of a vulnerable device. If chained with a browser renderer exploit, this bug could fully compromise a device throu...

CVE-2019-9791

The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time JIT compiler and when the constructor function is entered through on-stack replacement OSR. This allows for possible arbitrary...

CVE-2019-9791

The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time JIT compiler and when the constructor function is entered through on-stack replacement OSR. This allows for possible arbitrary...

CVE-2019-9791

The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time JIT compiler and when the constructor function is entered through on-stack replacement OSR. This allows for possible arbitrary...

Oracle Outside In Technology RTF Parsing Code Execution Vulnerability(CVE-2017-3293)

Summary An exploitable Use After Free vulnerability exists in the RTF parser functionality of Oracle Outside In Technology SDK. A specially crafted RTF document can cause a reuse of a reference to the previously freed memory which can be manipulated into achieving arbitrary code execution. Tested...

Google Urchin 5.7.03 LFI Vulnerability 0day

Exploit for cgi platform in category web applications Summary: Google Urchin is vulnerable to a Local File Include LFI vulnerability that allows arbitrary reading of files. Confirmed in version 5.7.03 running on Linux. Issue may exist in other versions as well. Analysis: During normal usage, Goog...

Google Urchin 5.7.03 Local File Inclusion

Summary: Google Urchin is vulnerable to a Local File Include LFI vulnerability that allows arbitrary reading of files. Confirmed in version 5.7.03 running on Linux. Issue may exist in other versions as well. Windows builds seemingly affected too. Analysis: During normal usage, Google Urchin creat...

Exploit Labs Security Advisory 2005.2

------------------------------------------------------------ - EXPL-A-2005-002 exploitlabs.com Advisory 031 - ------------------------------------------------------------ - Samsung ADSL Modem - AFFECTED PRODUCTS ================= Samsung ADSL Modem Samgsung Eletronics http://www.samsung.com DETAI...