CVE-2026-45044

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the admin router explicitly whitelists /profile/cpu and /profile/memory from the authentication layer, allowing any unauthenticated HTTP client to invoke profiling handlers without credentials. On supported builds...

CVE-2026-45044 RustFS: Authentication bypass in /profile/cpu and /profile/memory allows unauthenticated access to profiling handlers

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the admin router explicitly whitelists /profile/cpu and /profile/memory from the authentication layer, allowing any unauthenticated HTTP client to invoke profiling handlers without credentials. On supported builds...

CVE-2025-34442

AVideo versions prior to 20.1 disclose absolute filesystem paths via multiple public API endpoints. Returned metadata includes full server paths to media files, revealing underlying filesystem structure and facilitating more effective attack chains...

📄 Drupal 11.x-dev Information Disclosure

Proof of concept script demonstrating a full path disclosure issue in Drupal version 11.x-dev. ============================================================================================================================================= | Title : Drupal 11.x-dev full Information Disclosure | |...

EUVD-2018-0567

Malware in sbrugna...

EUVD-2001-0917

Malware in sbrugna...

EUVD-2005-0608

Malware in sbrugna...

EUVD-2006-1681

Malware in sbrugna...

Autodesk: Exposing debug.log file leads to server full path disclosure

Vulnerability description not provided...

Nextcloud: Exposing debug.log file leads to server full path disclosure

The debug.log file on the nextcloud.com website was publicly accessible and contained sensitive information, including the server's full directory path. This type of information disclosure could have assisted attackers in understanding the internal structure of the server...

CVE-2024-42680

An issue in Super easy enterprise management system v.1.0.0 and before allows a local attacker to obtain the server absolute path by entering a single quotation mark...

PT-2024-30106 · Unknown · Super Easy Enterprise Management System

Name of the Vulnerable Software and Affected Versions: Super easy enterprise management system versions 1.0.0 and earlier Description: An issue in the system allows a local attacker to obtain the server absolute path by entering a single quotation mark. This can be exploited to gain sensitive...

Path Traversal

typo3/cms is vulnerable to Path Traversal. The vulnerability is caused due to a missing path validation while accessing the PHP scripts for testing purposes. This can lead to disclosure of the absolute server path to the TYPO3 installation...

Security Bulletin: IBM InfoSphere Master Data Management Collaborative Edition affected by various security vulnerabilities (CVE-2015-1984, CVE-2015-1968, CVE-2015-1982, CVE-2015-1980)

Summary IBM InfoSphere Master Data Management - Collaborative Edition is vulnerable to Privilege Escalation, Cross-Site Scripting, Server Path Disclosure and Click-Jacking vulnerabilities. Vulnerability Details CVEID: CVE-2015-1984 DESCRIPTION: IBM InfoSphere Master Data Management - Collaborativ...

CVE-2018-2467

In the Software Development Kit in SAP BusinessObjects BI Platform Servers, versions 4.1 and 4.2, using the specially crafted URL in a Web Browser such as Chrome the system returns an error with the path of the used application server...

wordpress_fullpathdisclosure

This plugin try to find the path in the server where WordPress is installed. Plugin type Crawl Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated tests, theres always the source code to understand exactly whats under the...

Google, Paypal, Facebook Internal IP disclosure vulnerability

Do you have any idea about an Internal IP Address or a Private IP Address that too assigned for Multinational Companies? Yeah, today we are gonna discuss about Internal IP or Private IP address Disclosure. Disclosure of an Internal IP like 192.168.. or 172.16.. , can really Impact ? Most security...

Google, Paypal, Facebook Internal IP disclosure vulnerability

Do you have any idea about an Internal IP Address or a Private IP Address that too assigned for Multinational Companies? Yeah, today we are gonna discuss about Internal IP or Private IP address Disclosure. Disclosure of an Internal IP like 192.168.. or 172.16.. , can really Impact ? Most security...

PR09-02 Multiple Cross-Site Scripting (XSS) / Cross Domain redirects and Server path information disclosure on SAP BusinessObjects version 12

Hi, We have found that SAP BusinessObjects version 12 is vulnerable to Multiple Cross-Site Scripting XSS, Cross Domain redirects and Server path information disclosure with the following consecuences: -An attacker may be able to cause execution of malicious scripting code in the browser of a vict...

CVE-2003-1486

CVE-2003-1486 affects Phorum 3.4 to 3.4.2. An incorrect HTTP request to one of nine scripts (smileys.php, quick_listrss.php, purge.php, news.php, memberlist.php, forum_listrss.php, forum_list_rdf.php, forum_list.php, move.php) can make the server leak its full path in an error message. This is a ...