USN-8182-1: Rack vulnerabilities

Andrew Lacambra discovered that Rack did not properly parse certain regular expressions. An attacker could possibly use this issue to bypass network security filters. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 25.10. CVE-2026-26961 William T. Nelson...

CVE-2022-26973

The Barco Control Room Management Suite web application (TransForm N) prior to version 3.14 exposes a license file upload mechanism. The root cause is a flaw in handling the license file name, where manipulating the filename causes the application to return an error message that reveals internal ...

Tiny File Manager 2.4.6 Shell Upload

Exploit Title: Tiny File Manager 2.4.6 - Remote Code Execution RCE Date: 14/03/2022 Exploit Author: FEBIN MON SAJI Software Link: https://github.com/prasathmani/tinyfilemanager Version: Tiny File Manager Example: $0 http://files.ubuntu.local/index.php admin "admin@123" " log-in URL=$1 admin=$2...

CVE-2021-29022

In InvoicePlane 1.5.11, the upload feature discloses the full path of the file upload directory...

CVE-2019-10247

In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context that matches...

CVE-2016-9855

An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the expo...

CVE-2016-9854

An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the expo...

CVE-2016-9852

An issue in phpMyAdmin (CVE-2016-9852) allows PHP errors revealing the full installation path to be produced when calling certain scripts, and during export time, those errors can be written into the export file. Affected are all 4.6.x versions prior to 4.6.5 and 4.4.x versions prior to 4.4.15.9....

CVE-2016-9854

An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the expo...

Fedora 14 : java-1.6.0-openjdk-1.6.0.0-54.1.9.9.fc14 (2011-9523)

PR744: icedtea6-1.10.2 : patching error - PR748: Icedtea6 fails to build with Linux 3.0. - RH718164, CVE-2011-2513: Home directory path disclosure to untrusted applications Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory...

Fedora 15 : icedtea-web-1.0.4-1.fc15 (2011-9541)

This security fix that addresses the following issues : - RH718164: Home directory path disclosure to untrusted applications - RH718170: Java Web Start security warning dialog manipulation Note that Tenable Network Security has extracted the preceding description block directly from the Fedora...

[Full-disclosure] Uebimiau Webmail Multiple Vulnerabilities

Synopsis: Multiple Vulnerabilities Introduction: Uebimiau is an open source webmail interface. Details: Uebimiau doesn't correctly handle the $GET array in error.php. Many vulnerabilities have been already discovered, but I would like to introduce few new ones: 1 XSS 2 Three Web Server Directory...