16 matches found
CVE-2026-10074
DreamMaker developed by Interinfo has an Arbitrary File Read vulnerability, allowing privileged local attackers to exploit Relative Path Traversal to download arbitrary system files...
EUVD-2017-15620
Malware in sbrugna...
EUVD-2025-28867
Malicious code in bioql PyPI...
ITPison OMICARD EDM Path Traversal Vulnerability
ITPison OMICARD EDM is a high-speed newsletter EDM marketing and distribution system from China's ITPison. A path traversal vulnerability exists in ITPison OMICARD EDM v6.0.1.5, which originates from a path traversal on a specific page, and can be exploited by a remote attacker to bypass...
PT-2023-13673 · Unknown · Aenrich A+Hrd
Name of the Vulnerable Software and Affected Versions: aEnrich a+HRD affected versions not specified Description: The aEnrich a+HRD log read function has a path traversal issue. This allows an unauthenticated remote attacker to bypass authentication and download arbitrary system files...
CVE-2022-39022 e-Excellence Inc. U-Office Force - Path Traversal
U-Office Force Download function has a path traversal vulnerability. A remote attacker with general user privilege can exploit this vulnerability to download arbitrary system file...
CVE-2021-44162
CVE-2021-44162 affects Chain Sea AI chatbot system. The root cause is a path traversal vulnerability in the file download function caused by improper filtering of special URL parameters, allowing an unauthenticated remote attacker to download arbitrary system files. Per the sources, this is a net...
CVE-2018-13379
An Improper Limitation of a Pathname to a Restricted Directory "Path Traversal" in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download syste...
Aike cms backstage file containment vulnerability
Acme CMS is a full-featured, PHP + Mysql architecture, multi-language, responsive display, suitable for personal website construction CMS building system. Acme CMS backend file contains a vulnerability , attackers can use the vulnerability to download system files , to obtain sensitive informatio...
Design/Logic Flaw
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow arbitrary system file download due to lack of validation of the shell meta characters with the value of 'system.download.sdfile'...
Design/Logic Flaw
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow arbitrary system file download due to lack of validation of SSL certificate...
CVE-2018-7235
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow arbitrary system file download due to lack of validation of the shell meta characters with the value of 'system.download.sdfile'...
CVE-2018-7235
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow arbitrary system file download due to lack of validation of the shell meta characters with the value of 'system.download.sdfile'...
CVE-2018-7234
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow arbitrary system file download due to lack of validation of SSL certificate...
CVE-2018-7235
Schneider Electric Pelco Sarix Professional devices running firmware before 3.29.67 are vulnerable to arbitrary system file download caused by lack of validation of shell metacharacters in the system.download.sd_file parameter. Exploitation is network-vector with high impact (CVE-2018-7235; CVSS ...
CVE-2018-7234
Schneider Electric Pelco Sarix Professional devices running firmware older than 3.29.67 are affected by an arbitrary system file download vulnerability. The issue arises from insufficient validation in SSL/TLS handling, enabling an attacker to download arbitrary files via the /cgi-bin/ssldownload...