CVE-2025-13879 Directory traversal vulnerability in EfficientIP's SOLIDserver IPAM

Directory traversal vulnerability in SOLIDserver IPAM v8.2.3. This vulnerability allows an authenticated user with administrator privileges to list directories other than those to which the have authorized access using the 'directory' parameter in '/mod/ajax.php?action=sections/list/list'.For...

PT-2025-48667

Name of the Vulnerable Software and Affected Versions SOLIDserver IPAM version 8.2.3 Description A directory traversal issue exists in SOLIDserver IPAM version 8.2.3. An authenticated user with administrator privileges can list directories beyond their authorized access. This is possible by...

EUVD-2025-198992

Ruijie NBR series routers contain an unauthenticated arbitrary file upload vulnerability via /ddi/server/fileupload.php. The endpoint accepts attacker-supplied values in the name and uploadDir parameters and saves the provided multipart file content without adequate validation or sanitization of...

EUVD-2007-6104

Malware in sbrugna...

EUVD-2018-17776

Malware in sbrugna...

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack via the dir parameter. An attacker can cause files or directories to be written to arbitrary locations by supplying a crafted symbolic link that resolves outside the intended temporary directory. PoC const tmp =...

CVE-2024-21516

This affects versions of the package opencart/opencart from 4.0.0.0 and before 4.1.0.0. A reflected XSS issue was identified in the directory parameter of admin common/filemanager.list route. An attacker could obtain a user's token by tricking the user to click on a maliciously crafted URL. The...

PT-2024-12646 · Automatic Systems · Soc Fl9600 Fastline Lego T04E00

Name of the Vulnerable Software and Affected Versions: Automatic-Systems SOC FL9600 FastLine lego T04E00 affected versions not specified Description: The issue allows a remote attacker to obtain sensitive information via a directory traversal attack. This can be achieved by exploiting the...

CVE-2023-43360

Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Top Directory parameter in the File Picker Menu component...

Cross site scripting

Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Top Directory parameter in the File Picker Menu component...

Chengdu Flash Flood Disaster Monitoring and Warning System Path Traversal Vulnerability

Chengdu Flash Flood Disaster Monitoring and Warning System is a flash flood disaster monitoring and warning system for Chengdu. A security vulnerability exists in Chengdu Flash Flood Disaster Monitoring and Warning System version 2.0, which stems from an incorrect operation of the parameter...

CVE-2022-28863

An issue was discovered in Nokia NetAct 22. A remote user, authenticated to the website, can visit the Site Configuration Tool section and arbitrarily upload potentially dangerous files without restrictions via the /netact/sct dir parameter in conjunction with the operation=upload value...

UJCMS 信息泄露漏洞

UJCMS is a Java open source content management system from UJCMS Open Source. UJCMS version 6.0.2 before the information leakage vulnerability , the vulnerability stems from the wrong operation of the parameter dir will lead to information leakage...

Surpass 路径遍历漏洞

Surpass is a PHP package developed primarily for Laravel by the individual developer Sukohi Kuhoh. It is used to manage uploading images and displaying thumbnails using Ajax. A path traversal vulnerability exists in Surpass versions prior to 1.0.0, which stems from unknown code in the file...

PT-2022-6051 · Hirschmann · Hirschmann Bat-C2

Name of the Vulnerable Software and Affected Versions: Hirschmann BAT-C2 versions prior to 09.13.01.00R04 Description: The issue is related to insufficient argument checking in the FsCreateDir Ajax function of the Hirschmann BAT-C2's web interface, allowing an authenticated attacker to inject...

Open Source Social Network 跨站脚本漏洞

Open Source Social Network OSSN is a source social network engine from the Swiss OSSN team. A cross-site scripting vulnerability exists in Open Source Social Network version v6.3 LTS, which originates from an attacker being able to cause HTML injection via a directory-specific location parameter...

CVE-2021-35967

The directory page parameter of the Orca HCM digital learning platform does not filter special characters. Remote attackers can access the system directory thru Path Traversal without logging in...

WUZHI CMS 路径遍历漏洞

WUZHI CMS is a high-performance open source content management system , support for LNAMP architecture , suitable for portals , corporate website building , cell phone sites , microblogging promotion. WUZHI CMS 4.1.0 coreframe/app/template/admin/index.php directory traversal vulnerability exists...

CentOS Web Panel Cross-Site Scripting Vulnerability

CentOS Web Panel CWP is a free web hosting control panel. A cross-site scripting vulnerability exists in the filemanager2.php file the 'fmcurrentdir' parameter in CWP version 0.9.8.846. The vulnerability stems from a lack of proper validation of client data by the WEB application. An attacker can...

PT-2019-12689 · Centos · Centos Web Panel

Name of the Vulnerable Software and Affected Versions: CentOS Web Panel versions through 0.9.8.747 Description: A cross-site scripting XSS issue was found in the CentOS Web Panel. The issue is related to the fm current dir or filename parameter in the testacc/fileManager2.php endpoint...