Local File Inclusion (LFI)

tecnickcom/tcpdf is vulnerable to Local File Inclusion LFI. The vulnerability is due to inadequate validation of user-supplied input in the src tag, allowing a user to read arbitrary files from the server's file system and potentially expose sensitive information...

Exploit for Server-Side Request Forgery in Fusion_Builder_Project Fusion_Builder

Description Fusion Builder is a WordPress plugin that allows...

CVE-2024-9422 GEO My WordPress < 4.5 - Admin+ Arbitrary File Upload

The GEO my WP WordPress plugin before 4.5, gmw-premium-settings WordPress plugin before 3.1 does not sufficiently validate files to be uploaded, which could allow attackers to upload arbitrary files such as PHP on the server...

GHSA-P7F6-8MCM-FWV3 Statamic CMS has a Path Traversal in Asset Upload

Assets uploaded with appropriately crafted filenames may result in them being placed in a location different than what was configured. Impact - Affects front-end forms with assets fields. - Affects other places where assets can be uploaded, although users would need upload permissions anyway. -...

CVE-2024-11215 Path traversal vulnerability in EasyPHP

Absolute path traversal incorrect restriction of a path to a restricted directory vulnerability in the EasyPHP web server, affecting version 14.1. This vulnerability could allow remote users to bypass SecurityManager restrictions and retrieve any file stored on the server by setting only...

Directory Traversal

github.com/ollama/ollama is vulnerable to Directory Traversal. The vulnerability is due to path traversal in the api/push route, allowing attackers to confirm which files exist on the server...

Directory Traversal

Overview gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Directory Traversal due to the improper handling of file paths in the processingutils.asyncmovefilestocache function. An attacker can read arbitrary...

CVE-2024-39722

An issue was discovered in Ollama before 0.1.46. It exposes which files exist on the server on which it is deployed via path traversal in the api/push route...

UBUNTU-CVE-2024-50046

In the Linux kernel, the following vulnerability has been resolved: NFSv4: Prevent NULL-pointer dereference in nfs42completecopies On the node of an NFS client, some files saved in the mountpoint of the NFS server were copied to another location of the same NFS server. Accidentally, the...

Exploit for CVE-2024-48914

This post is a research article published by EQSTLabhttps://g...

CVE-2019-25213

The Advanced Access Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Read in versions up to, and including, 5.9.8.1 due to insufficient validation on the aam-media parameter. This allows unauthenticated attackers to read any file on the server, including sensitive file...

CVE-2024-48914

Vendure is an open-source headless commerce platform. Prior to versions 3.0.5 and 2.3.3, a vulnerability in Vendure's asset server plugin allows an attacker to craft a request which is able to traverse the server file system and retrieve the contents of arbitrary files, including sensitive data...

VulnCheck KEV: CVE-2019-25213

The Advanced Access Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Read in versions up to, and including, 5.9.8.1 due to insufficient validation on the aam-media parameter. This allows unauthenticated attackers to read any file on the server, including sensitive...

WordPress plugin Comments Import & Export 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A path traversal vulnerability exists...

Absolute Path Traversal

Overview Affected versions of this package are vulnerable to Absolute Path Traversal via the HTML writer process when embedding images. An attacker can read arbitrary files on the server and perform arbitrary HTTP GET requests by constructing an XLSX file that links images from arbitrary paths or...

PhpSpreadsheet 安全漏洞

PhpSpreadsheet is an open source PHP library from PHPOffice for reading and writing spreadsheet files. A security vulnerability exists in PHPSpreadsheet. An attacker can exploit the vulnerability to read arbitrary files on the server and perform arbitrary HTTP GET requests...

Netflix e2nest 安全漏洞

Netflix e2nest is a web-based platform from the American company Netflix, Inc. for media-centric video, audio and image subjective testing. A security vulnerability exists in versions prior to Netflix e2nest 16, which stems from a vulnerability that allows an unauthenticated user to perform path...

Path Traversal

Overview camaleoncms is a dynamic and advanced content management system based on Ruby on Rails as an alternative to Wordpress. Affected versions of this package are vulnerable to Path Traversal via the downloadprivatefile method. An attacker can access sensitive files on the server by manipulati...

CamaleonCMS 信息泄露漏洞

CamaleonCMS is an advanced RubyonRails-based dynamic content management system CMS from the CamaleonCMS team. An information disclosure vulnerability exists in CamaleonCMS version 2.8.0, which stems from the presence of a path traversal vulnerability that allows an authenticated user to download...

CVE-2024-45189

Mage AI is affected by a path traversal vulnerability in the Git Content request that allows remote users with the Viewer role to leak arbitrary files from the Mage server. The issue is documented across multiple sources (CVE-2024-45189, related advisories) and is characterized by improper input ...