CVE-2021-47755

Oliver Library Server v5 contains a file download vulnerability that allows unauthenticated attackers to access arbitrary system files through unsanitized input in the FileServlet endpoint. Attackers can exploit the vulnerability by manipulating the 'fileName' parameter to download sensitive file...

EUVD-2026-2777

Oliver Library Server v5 contains a file download vulnerability that allows unauthenticated attackers to access arbitrary system files through unsanitized input in the FileServlet endpoint. Attackers can exploit the vulnerability by manipulating the 'fileName' parameter to download sensitive file...

PHP Remote File Inclusion

Overview mpdf/mpdf is a PHP library generating PDF files from UTF-8 encoded HTML. Affected versions of this package are vulnerable to PHP Remote File Inclusion via the annotation file parameters. An attacker can access arbitrary system files by supplying crafted annotation content containing file...

CVE-2022-50932

CVE-2022-50932 affects Kyocera Command Center RX ECOSYS M2035dn. A directory traversal flaw on the /js/ path allows unauthenticated attackers to read sensitive files (e.g., /etc/passwd, /etc/shadow) by crafting traversal strings (including null-byte variants). Reported exploitation exists (e.g., ...

CVE-2022-50897 mPDF 7.0 - Local File Inclusion

mPDF 7.0 contains a local file inclusion vulnerability that allows attackers to read arbitrary system files by manipulating annotation file parameters. Attackers can generate URL-encoded or base64 payloads to include local files through crafted annotation content with file path specifications...

PT-2026-2408

Name of the Vulnerable Software and Affected Versions Kyocera Command Center RX ECOSYS M2035dn affected versions not specified Description The Kyocera Command Center RX ECOSYS M2035dn device contains a directory traversal flaw. Unauthenticated attackers can read sensitive system files by...

mPDF 安全漏洞

mPDF is mPDF open source a library written in PHP for the use of HTML to PDF file conversion . mPDF version 7.0 there is a security vulnerability , the vulnerability stems from the annotation file parameters exist in the local file contains a vulnerability , which may lead to read arbitrary syste...

Kyocera Command Center RX 路径遍历漏洞

Kyocera Command Center RX is a centralized printer management tool from Kyocera, Japan. The product is primarily used to manage and monitor printers on a local area network LAN. A path traversal vulnerability exists in Kyocera Command Center RX that stems from the presence of directory traversal,...

CVE-2023-49110

When the Kiuwan Local Analyzer uploads the scan results to the Kiuwan SAST web application either on-premises or cloud/SaaS solution, the transmitted data consists of a ZIP archive containing several files, some of them in the XML file format. During Kiuwan's server-side processing of these XML...

CVE-2021-0683

In runTraceIpcStop of ActivityManagerShellCommand.java, there is a possible deletion of system files due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

CVE-2019-18922

A Directory Traversal in the Web interface of the Allied Telesis AT-GS950/8 until Firmware AT-S107 V.1.1.3 1.00.047 allows unauthenticated attackers to read arbitrary system files via a GET request. NOTE: This is an End-of-Life product...

CVE-2020-24990

An issue was discovered in QSC Q-SYS Core Manager 8.2.1. By utilizing the TFTP service running on UDP port 69, a remote attacker can perform a directory traversal and obtain operating system files via a TFTP GET request, as demonstrated by reading /etc/passwd or /proc/version...

CVE-2023-40623

SAP BusinessObjects Suite Installer - version 420, 430, allows an attacker within the network to create a directory under temporary directory and link it to a directory with operating system files. On successful exploitation the attacker can delete all the operating system files causing a limited...

CVE-2022-31062

Impact A plugin public script can be used to read content of system files. Patches Upgrade to version 1.0.2. Workarounds b/deploy/index.php file can be deleted if deploy feature is not used...

CVE-2023-25914

Due to improper restriction, authenticated attackers could retrieve and read system files of the underlying server through the XML interface. The information that can be read can lead to a full system compromise...

CVE-2023-31926

System files could be overwritten using the less command in Brocade Fabric OS before Brocade Fabric OS v9.1.1c and v9.2.0...

CVE-2022-23522

MindsDB is an open source machine learning platform. An unsafe extraction is being performed using shutil.unpackarchive from a remotely retrieved tarball. Which may lead to the writing of the extracted files to an unintended location. This vulnerability is sometimes called a TarSlip or a ZipSlip...

CVE-1999-0238

php.cgi allows attackers to read any file on the system...

CVE-2019-7194

This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP recommend updating Photo Station to their latest versions...

CVE-2019-7195

This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP recommend updating Photo Station to their latest versions...