350 matches found
CVE-2020-11585
There is an information disclosure issue in DNN formerly DotNetNuke 9.5 within the built-in Activity-Feed/Messaging/Userid/ Message Center module. A registered user is able to enumerate any file in the Admin File Manager other than ones contained in a secure folder by sending themselves a message...
CVE-2020-9323
Aquaforest TIFF Server 4.0 allows Unauthenticated File and Directory Enumeration via tiffserver/tssp.aspx...
CVE-2020-3798
Adobe Digital Editions versions 4.5.11.187212 and below have a file enumeration host or local network vulnerability. Successful exploitation could lead to information disclosure...
CVE-2019-6512
An issue was discovered in WSO2 API Manager 2.6.0. It is possible to force the application to perform requests to the internal workstation SSRF port-scanning, other adjacent workstations SSRF network scanning, or to enumerate files because of the existence of the file:// wrapper...
CVE-2019-14671
Firefly III 4.7.17.3 is vulnerable to local file enumeration. An attacker can enumerate local files due to the lack of protocol scheme sanitization, such as for file:/// URLs. This is related to fintsurl to import/job/configuration, and import/create/fints...
EulerOS 2.0 SP10 : rsync (EulerOS-SA-2025-1537)
According to the versions of the rsync package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in rsync. When using the --safe-links option, the rsync client fails to properly verify if a symbolic link destination sent from th...
EulerOS 2.0 SP12 : rsync (EulerOS-SA-2025-1438)
According to the versions of the rsync package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in rsync. When using the --safe-links option, the rsync client fails to properly verify if a symbolic link destination sent from th...
CVE-2025-32373 DNN allows a registered user to enumerate and access files they should not have access to
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. In limited configurations, registered users may be able to craft a request to enumerate/access some portal files they should not have access to. This vulnerability is fixed in 9.13.8...
K000150363: Multiple rsync vulnerabilities
Security Advisory Description CVE-2024-12084 A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths s2length in the code. When MAXDIGESTLEN exceeds the fixed SUMLENGTH 16 bytes, an attacker can write out of...
Linux Distros Unpatched Vulnerability : CVE-2024-12086
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are...
Azure Linux 3.0 Security Update: rsync (CVE-2024-12086)
The version of rsync installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-12086 advisory. - A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the...
podman: buildah: Container breakout by using --jobs=2 and a race condition when building a malicious Containerfile
A vulnerability was found in podman build and buildah. This issue occurs in a container breakout by using --jobs=2 and a race condition when building a malicious Containerfile. SELinux might mitigate it, but even with SELinux on, it still allows the enumeration of files and directories on the hos...
CVE-2025-23212
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. The external storage feature allows any user to enumerate the name and content of files on the server. This vulnerability is fixed in 1.5.28...
CVE-2025-23212
CVE-2025-23212 affects Tandoor Recipes. The vulnerability stems from the external storage feature, which allows any user to enumerate the names and contents of files on the server, yielding a local file disclosure. The issue is fixed in version 1.5.28 . Multiple connected sources corroborate this...
CVE-2025-23212 Tandoor Recipes - Local file disclosure - Users can read the content of any file on the server
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. The external storage feature allows any user to enumerate the name and content of files on the server. This vulnerability is fixed in 1.5.28...
Tandoor Recipes 安全漏洞
Tandoor Recipes is a Tandoor Recipes open source application for managing recipes, planning meals, creating shopping lists, and more. A security vulnerability exists in Tandoor Recipes versions prior to 1.5.28, which stems from an external storage feature that allows any user to enumerate the nam...
PT-2025-4851 · Unknown · Tandoor Recipes
Name of the Vulnerable Software and Affected Versions: Tandoor Recipes versions prior to 1.5.28 Description: Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. The external storage feature allows any user to enumerate the name and content of files...
Exploit for Path Traversal in Grafana
CVE-2021-43798 Python script Description: Grafana 8.3...
CVE-2024-11218
A vulnerability was found in podman build and buildah. This issue occurs in a container breakout by using --jobs=2 and a race condition when building a malicious Containerfile. SELinux might mitigate it, but even with SELinux on, it still allows the enumeration of files and directories on the hos...
AZL-55959 CVE-2024-11218 affecting package buildah for versions less than 1.41.4-2
A vulnerability was found in podman build and buildah. This issue occurs in a container breakout by using --jobs=2 and a race condition when building a malicious Containerfile. SELinux might mitigate it, but even with SELinux on, it still allows the enumeration of files and directories on the hos...