CVE-2025-30170

CVE-2025-30170 is an information disclosure vulnerability in ABB ASPECT product line (ASPECT-Enterprise, NEXUS Series, MATRIX Series) affecting versions up to 3.08.03. The issue arises from exposure of file path, file size, or file existence information, which can be accessed if a session adminis...

CVE-2025-30170 Admin Authorized Exposure of file path, file size or file existence

Exposure of file path, file size or file existence vulnerabilities in ASPECT provide attackers access to file system information if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through...

CVE-2025-44021

A flaw was found in Ironic. It did not filter file:// paths when used as an image source except to ensure they were a file. This issue could cause config files from well-known paths to be written to disk on a node. Mitigation Currently, no mitigation is available for this vulnerability...

CVE-2022-25882

Versions of the package onnx before 1.13.0 are vulnerable to Directory Traversal as the externaldata field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory, for example "../../../etc/passwd"...

Meta4 HR security breach

Cegid Meta4 HR is a human resource management software HRM platform from Cegid Corporation. A security vulnerability exists in Meta4 HR version 819.001.022 and prior versions, which stems from a configuration page being placed on an Internet-facing web server, resulting in a file path being expos...

PrestaShop Authorization Issues Vulnerability

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides multiple payment methods, short message alerts, and product image scaling. An authorization issue vulnerability exists in PrestaShop blockreassurance versions prior to 5.1.4. The...

WordPress plugin Vrm 360 3D Model Viewer security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in the WordPress plugin...

UBUNTU-CVE-2022-25882

Versions of the package onnx before 1.13.0 are vulnerable to Directory Traversal as the externaldata field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory, for example "../../../etc/passwd"...

WordPress plugin SP Project & Document Manager 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. An information disclosure vulnerability exists in...

PT-2021-22534 · WordPress · Bulletproof Security

Name of the Vulnerable Software and Affected Versions: BulletProof Security WordPress plugin versions up to, and including, 5.1 Description: The issue concerns sensitive information disclosure due to a file path disclosure in the publicly accessible /db backup log.txt file. This grants attackers...

PT-2018-11724 · Synology · Synology Diskstation Manager

Name of the Vulnerable Software and Affected Versions: Synology DiskStation Manager DSM versions prior to 6.2-23739-2 Description: The issue allows remote authenticated users to determine the existence and obtain the metadata of arbitrary files via the file path parameter. This is related to an...

MGASA-2014-0483 Updated moodle package fixes security vulnerabilities

In Moodle before 2.6.5, without forcing encoding, it was possible that UTF7 characters could be used to force cross-site scripts to AJAX scripts although this is unlikely on modern browsers and on most Moodle pages MSA-14-0035. In Moodle before 2.6.5, an XSS issue through $searchcourse in...

oracle.9i.path.txt

Product: Oracle 9i Application Server. Description: The Oracle 9i Application Server uses the Apache web server for HTTP service. However, if a request is made for a non-existent .jsp file, the complete path is shown. For instance, if you were to make the following request at a server running...

CVE-2001-0031

BroadVision One-To-One Enterprise allows remote attackers to determine the physical path of server files by requesting a .JSP file name that does not exist...

BluePanda Vulnerability Announcement: WFTPD/WFTPD Pro 2.41 RC11

================================================================ BluePanda Vulnerability Announcement: WFTPD/WFTPD Pro 2.41 RC11 21/07/2000 dd/mm/yyyy [email protected] http://bluepanda.box.sk/ ================================================================ Problem: STAT command devulges...