104 matches found
EUVD-2016-10813
ZKTeco ZKBioSecurity 3.0 contains a file path manipulation vulnerability that allows attackers to access arbitrary files by modifying file paths used to retrieve local resources. Attackers can manipulate path parameters to bypass access controls and retrieve sensitive information including...
CVE-2016-20029
ZKTeco ZKBioSecurity 3.0 contains a file path manipulation vulnerability that allows attackers to access arbitrary files by modifying file paths used to retrieve local resources. Attackers can manipulate path parameters to bypass access controls and retrieve sensitive information including...
CVE-2016-20029 ZKTeco ZKBioSecurity 3.0 File Path Manipulation Vulnerability
ZKTeco ZKBioSecurity 3.0 contains a file path manipulation vulnerability that allows attackers to access arbitrary files by modifying file paths used to retrieve local resources. Attackers can manipulate path parameters to bypass access controls and retrieve sensitive information including...
CVE-2016-20029
ZKTeco ZKBioSecurity 3.0 contains a file path manipulation vulnerability that allows attackers to access arbitrary files by modifying file paths used to retrieve local resources. Attackers can manipulate path parameters to bypass access controls and retrieve sensitive information including...
CVE-2016-20029 ZKTeco ZKBioSecurity 3.0 File Path Manipulation Vulnerability
ZKTeco ZKBioSecurity 3.0 contains a file path manipulation vulnerability that allows attackers to access arbitrary files by modifying file paths used to retrieve local resources. Attackers can manipulate path parameters to bypass access controls and retrieve sensitive information including...
CVE-2016-20029
CVE-2016-20029 affects ZKTeco ZKBioSecurity 3.0. The vulnerability is a file path manipulation flaw that lets an attacker access arbitrary local files by tampering with paths used to retrieve local resources. Attackers can bypass access controls to read sensitive information, including configurat...
PT-2026-25727
ZKTeco ZKBioSecurity 3.0 contains a file path manipulation vulnerability that allows attackers to access arbitrary files by modifying file paths used to retrieve local resources. Attackers can manipulate path parameters to bypass access controls and retrieve sensitive information including...
CVE-2026-22416 WordPress FixTeam theme <= 1.5.0 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes FixTeam fixteam allows PHP Local File Inclusion.This issue affects FixTeam: from n/a through = 1.5.0...
CVE-2026-2976
A weakness has been identified in FastApiAdmin up to 2.2.0. Affected by this issue is the function downloadcontroller of the file /backend/app/api/v1/modulecommon/file/controller.py of the component Download Endpoint. This manipulation of the argument filepath causes information disclosure. It is...
CVE-2026-2976
A weakness has been identified in FastApiAdmin up to 2.2.0. Affected by this issue is the function downloadcontroller of the file /backend/app/api/v1/modulecommon/file/controller.py of the component Download Endpoint. This manipulation of the argument filepath causes information disclosure. It is...
CVE-2026-2976
CVE-2026-2976 affects FastApiAdmin up to 2.2.0. The vulnerability resides in the Download Endpoint, specifically the download_controller in /backend/app/api/v1/module_common/file/controller.py, where manipulation of the file_path argument leads to information disclosure. The issue can be triggere...
CVE-2026-2976 FastApiAdmin Download Endpoint controller.py download_controller information disclosure
A weakness has been identified in FastApiAdmin up to 2.2.0. Affected by this issue is the function downloadcontroller of the file /backend/app/api/v1/modulecommon/file/controller.py of the component Download Endpoint. This manipulation of the argument filepath causes information disclosure. It is...
CVE-2026-2976 FastApiAdmin Download Endpoint controller.py download_controller information disclosure
A weakness has been identified in FastApiAdmin up to 2.2.0. Affected by this issue is the function downloadcontroller of the file /backend/app/api/v1/modulecommon/file/controller.py of the component Download Endpoint. This manipulation of the argument filepath causes information disclosure. It is...
CVE-2022-50932
Kyocera Command Center RX ECOSYS M2035dn contains a directory traversal vulnerability that allows unauthenticated attackers to read sensitive system files by manipulating file paths under the /js/ path. Attackers can exploit the issue by sending requests like /js/../../../../.../etc/passwd%00.jpg...
CVE-2021-27471
The parsing mechanism that processes certain file types does not provide input sanitization for file paths. This may allow an attacker to craft malicious files that, when opened by Rockwell Automation Connected Components Workbench v12.00.00 and prior, can traverse the file system. If successfull...
CVE-2025-40605
A Path Traversal vulnerability has been identified in the Email Security appliance allows an attacker to manipulate file system paths by injecting crafted directory-traversal sequences such as ../ and may access files and directories outside the intended restricted path...
Path Traversal
mllogger is vulnerable to path traversal. the vulnerability is due to manipulation of the File argument in the loghandler function of mllogger/server.py, which allows an attacker to perform path traversal to read, create, or overwrite files remotely...
CVE-2025-12347
CVE-2025-12347 affects MaxSite CMS up to version 109. The vulnerability resides in the interactive handling of file_path/content in the file application/maxsite/admin/plugins/editor_files/save-file-ajax.php, where manipulation can lead to unrestricted file uploads. Exploitation can be performed r...
CVE-2025-12347 MaxSite CMS save-file-ajax.php unrestricted upload
A flaw has been found in MaxSite CMS up to 109. This issue affects some unknown processing of the file application/maxsite/admin/plugins/editorfiles/save-file-ajax.php. Executing manipulation of the argument filepath/content can lead to unrestricted upload. The attack can be executed remotely. Th...
EUVD-2018-20517
Malware in sbrugna...