CVE-2025-64407

Apache OpenOffice documents can contain links. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. Such links could also be used to transmit system information, such as environment variable...

Apache OpenOffice 安全漏洞

Apache OpenOffice is an open source office software suite from the American Apache Apache Foundation. A security vulnerability exists in Apache OpenOffice, which stems from improper authorization checking, and can be exploited by remote attackers to automatically load external files containing DD...

EUVD-2025-36329

Dell SupportAssist OS Recovery, versions prior to 5.5.15.0, contain an Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure...

Dell SupportAssist OS Recovery 安全漏洞

DELL SupportAssist OS Recovery is a standalone recovery tool pre-installed by Dell on some Windows 10/11 computers to diagnose hardware problems, repair the system, backup files or restore factory settings. DELL SupportAssist OS Recovery suffers from an information disclosure vulnerability that...

EUVD-2020-9308

Malware in sbrugna...

The vulnerability of software for installing NVIDIA video card drivers lies in the use of files and directories accessible from external parties. This allows a hacker to exploit their privileges and execute arbitrary code.

The vulnerability of software for installing NVIDIA video card drivers is related to the use of files and directories accessible from external parties. Exploiting this vulnerability can allow attackers to enhance their privileges and execute arbitrary code...

The vulnerability of the SmartFabric OS10 network operating system, related to the use of files and directories accessible from external parties, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the SmartFabric OS10 network operating system is related to the use of files and directories accessible from external parties. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...

WordPress plugin Vikinger 路径遍历漏洞

WordPress Vikinger is a WordPress blog theme developed by a foreign developer. WordPress Vikinger has a path traversal vulnerability that stems from insufficient file path validation in the function vikingerdeleteactivitymediaajax, which can be exploited by an attacker to tamper with the system...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the AddTemp function. An attacker can access or modify files outside the intended directory by supplying crafted input to the filename parameter. Details A Directory Traversal attack also known as path traversal...

CVE-2020-24985

An issue was discovered in Quadbase EspressReports ES 7 Update 9. An authenticated user is able to navigate to the MenuPage section of the application, and change the frmsrc parameter value to retrieve and execute external files or payloads...

The vulnerability of the Git-based software platform for collaborative code development in GitLab EE lies in the use of files and directories accessible from external parties, which allows attackers to gain unauthorized access to protected information.

The vulnerability of the Git-based software platform for collaborative code development in GitLab EE is related to the use of files and directories accessible from external parties. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to...

CVE-2024-51966

There is a path traversal vulnerability in ESRI ArcGIS Server versions 11.3 and below. Successful exploitation may allow a remote authenticated attacker with admin privileges to traverse the file system to access files outside of the intended directory. There is no impact to integrity or...

CVE-2024-51958

There is a path traversal vulnerability in ESRI ArcGIS Server versions 11.3 and below. Successful exploitation may allow a remote authenticated attacker with admin privileges to traverse the file system to access files outside of the intended directory. There is no impact to integrity or...

The vulnerability of the M-Files Server platform, which is related to the use of files and directories accessible to external parties, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the M-Files Server platform for document automation involves the use of files and directories accessible to external parties. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

PT-2025-7694 · Unknown · Divi Donation Modules

Name of the Vulnerable Software and Affected Versions: Give – Divi Donation Modules versions prior to 2.0.0 Description: The issue allows the retrieval of embedded sensitive data due to the insertion of sensitive information into externally-accessible files or directories. Recommendations: For...

EsafeNet CDG 安全漏洞

EsafeNet CDG is a document security management system from EsafeNet, China. A security vulnerability exists in EsafeNet CDG version 5. An attacker can exploit the vulnerability to access files and directories stored outside the web root folder...

National Keep CyberMath 安全漏洞

National Keep CyberMath is a cybersecurity risk analysis tool for organizations from National Keep. A security vulnerability exists in versions prior to National Keep CyberMath CYBM.240816253, which stems from the presence of an external-party-accessible file or directory vulnerability that could...

SailPoint Delimited File Connector 安全漏洞

SailPoint Delimited File Connector is a read-only and rule-driven connector from SailPoint. A security vulnerability exists in the SailPoint Delimited File Connector that stems from a file path traversal vulnerability that could allow an authenticated administrator to set arbitrary connector...

The vulnerability of the microprogramming software of Schneider Electric Easergy T200 remote control devices allows a intruder to gain unauthorized access to protected information.

The vulnerability of the microprogramming software used in Schneider Electric Easergy T200 remote control devices lies in the use of files and directories accessible to external parties. Exploiting this vulnerability could allow an intruder to gain unauthorized access to protected information...

PT-2024-1682 · Vmware · Vmware Aria Operations For Networks

Name of the Vulnerable Software and Affected Versions: VMware Aria Operations for Networks affected versions not specified Description: The issue is related to a local file read vulnerability in VMware Aria Operations for Networks. This vulnerability can be exploited by a malicious actor with adm...