2855 matches found
CVE-2020-37034
HelloWeb 2.0 contains an arbitrary file download vulnerability that allows remote attackers to download system files by manipulating filepath and filename parameters. Attackers can send crafted GET requests to download.asp with directory traversal to access sensitive configuration and system file...
ESET Inspect Connector security vulnerabilities
ESET Inspect Connector is a lightweight terminal agent component developed by ESET Singapore. There is a security vulnerability in ESET Inspect Connector, which stems from the possibility of loading malicious DLLs due to the embedding of custom configuration files...
CVE-2020-37015
The Ruijie Networks Switch eWeb S29RGOS version 11.4 contains a directory traversal vulnerability that allows unauthenticated attackers to access sensitive configuration files by manipulating file path parameters. Attackers can exploit the /download.do endpoint with '../' sequences to retrieve...
CVE-2020-37015
CVE-2020-37015 affects Ruijie Networks Switch eWeb S29_RGOS 11.4. The vulnerability is a directory traversal in the web interface where an unauthenticated user can manipulate the file path on the /download.do endpoint using ’../’ sequences to retrieve sensitive configuration files that may contai...
CVE-2020-37015 Ruijie Networks Switch eWeb S29_RGOS 11.4 - Directory Traversal
The Ruijie Networks Switch eWeb S29RGOS version 11.4 contains a directory traversal vulnerability that allows unauthenticated attackers to access sensitive configuration files by manipulating file path parameters. Attackers can exploit the /download.do endpoint with '../' sequences to retrieve...
CVE-2020-37015 Ruijie Networks Switch eWeb S29_RGOS 11.4 - Directory Traversal
The Ruijie Networks Switch eWeb S29RGOS version 11.4 contains a directory traversal vulnerability that allows unauthenticated attackers to access sensitive configuration files by manipulating file path parameters. Attackers can exploit the /download.do endpoint with '../' sequences to retrieve...
EUVD-2020-30919
Ruijie Networks Switch eWeb S29RGOS 11.4 contains a directory traversal vulnerability that allows unauthenticated attackers to access sensitive configuration files by manipulating file path parameters. Attackers can exploit the /download.do endpoint with '../' sequences to retrieve system...
Ruijie Switch eWeb S29_RGOS path traversal vulnerability
Ruijie Switch eWeb S29RGOS is a web management interface system developed by the Chinese company Ruijie. The version 11.4 of Ruijie Switch eWeb S29RGOS contains a path traversal vulnerability. This vulnerability stems from the /download.do endpoint, which allows for directory traversal, potential...
PT-2026-5289
Name of the Vulnerable Software and Affected Versions Ruijie Networks Switch eWeb S29 RGOS version 11.4 Description The software contains a directory traversal flaw that permits unauthenticated attackers to access sensitive configuration files by manipulating file path parameters. Attackers can...
SiYuan File Read API Case Sensitivity Bypass can Lead to Path Traversal
File Read Interface Case Bypass Vulnerability Vulnerability Name File Read Interface Case Bypass Vulnerability Overview The /api/file/getFile endpoint uses case-sensitive string equality checks to block access to sensitive files. On case-insensitive file systems such as Windows, attackers can...
Intelbras Router RF 301K: Access control error vulnerability
The Intelbras Router RF 301K is a router produced by the Brazilian company Intelbras. Version 1.1.2 of the Intelbras Router RF 301K contains an access control vulnerability. This vulnerability stems from an authentication bypass mechanism, which may lead to the download of the router’s...
Exploit for Improper Input Validation in N8N
🛡️ RulesGuard !Testshttps://github.com/NOTTIBOY137/RulesG...
Malicious code in icloud-recovery (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 3639028f2f9d36c20b55c655b1d71bc053827f4703e7954b12a4ec3da8edd8d2 On importing the module, the code exfiltrates text files, with the focus on configuration files --- Category: MALICIOUS - The campaign has clearly malicious...
MAL-2026-467 Malicious code in icloud-recovery (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 3639028f2f9d36c20b55c655b1d71bc053827f4703e7954b12a4ec3da8edd8d2 On importing the module, the code exfiltrates text files, with the focus on configuration files --- Category: MALICIOUS - The campaign has clearly malicious...
CVE-2023-7335
EduSoho versions prior to 22.4.7 contain an arbitrary file read vulnerability in the classroom-course-statistics export functionality. A remote, unauthenticated attacker can supply crafted path traversal sequences in the fileNames parameter to read arbitrary files from the server filesystem,...
CVE-2026-20092
CVE-2026-20092 affects Cisco Intersight Virtual Appliance. A read-only maintenance shell exposes a privilege-escalation path: improper file permissions on system-account configuration files allow an authenticated local admin to elevate to root, potentially gaining full control over the appliance ...
Astra Linux – Vulnerability in c-ares
c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and, if using a c-ares version prior to 1.27.0, the /etc/hosts file. If any of these configuration files contains a NULL...
CasaOS <= 0.4.15 Information Disclosure Vulnerability - Version Check
CasaOS is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:icewhale:casaos"; if...
Exploit for Out-of-bounds Write in Mikrotik Routeros
Mikrotik Exploit Scan and Export RouterOS Password A security...
CVE-2021-22751
A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition Def.exe V15.0.0.21140 and prior that could result in disclosure of information or execution of arbitrary code due to lack of input validation, when a malicious CGF Configuration Group File file is imported to IGSS Definition...