CVE-2021-47724

STVS ProVision 5.9.10 is affected by a path traversal vulnerability in the archive download endpoint (/archive/download) that can be exploited by an authenticated attacker via the files parameter to read arbitrary files (e.g., /etc/passwd). Root cause: directory traversal in archive.rb implementa...

CVE-2025-11371

In the default installation and configuration of Gladinet CentreStack and TrioFox, there is an unauthenticated Local File Inclusion Flaw that allows unintended disclosure of system files. Exploitation of this vulnerability has been observed in the wild. This issue impacts Gladinet CentreStack and...

Symfonia Ready_ 安全漏洞

Symfonia Ready is an operating system from Symfonia that builds programs for companies to use off-the-shelf modules and business applications. A security vulnerability exists in Symfonia Ready that stems from an attachment upload panel that allows local file inclusion, which could lead to the...

CVE-2020-15419

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Veeam ONE 10.0.0.75020200415. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ReporterImportLicense class. Due to the improper restriction of...

CVE-2020-3796

ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have an improper access control vulnerability. Successful exploitation could lead to system file structure disclosure...

Improper access control

ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have an improper access control vulnerability. Successful exploitation could lead to system file structure disclosure...

CVE-2020-3796

CVE-2020-3796 affects Adobe ColdFusion 2016 and ColdFusion 2018. The root cause is improper access control that could allow an attacker to disclose the underlying system file structure. Affected products include ColdFusion 2016 before update 15 and ColdFusion 2018 before update 9 (per APSB20-18 a...

Beward IP Cameras Arbitrary File Disclosure Vulnerability (Feb 2019) - Active Check

The remote installation of Beward SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.114073";...

Bonita BPM 6.5.1 Directory Traversal / Open Redirect

Advisory ID: HTB23259 Product: Bonita BPM Vendor: Bonitasoft Vulnerable Versions: 6.5.1 and probably prior Tested Version: 6.5.1 Windows and Mac OS packages Advisory Publication: May 7, 2015 without technical details Vendor Notification: May 7, 2015 Vendor Patch: June 9, 2015 Public Disclosure:...

VeryPhoto Pro for iOS Wifi Interface Module Name Local File Inclusion Vulnerability

VeryPhoto Pro for iOS is a photo album tool. A local file inclusion vulnerability exists in the Wifi Interface Module Handling module name for VeryPhoto Pro for iOS, which allows attackers to exploit the vulnerability to obtain the contents of system files...

pppblog-disclose.txt

pppBlog = 0.3.11 randompic.php System File Disclosure Vulnerability url: http://sourceforge.net/projects/pppblog/ Author: JosS mail: sys-projectathotmaildotcom site: http://spanish-hackers.com team: Spanish Hackers Team - SHT This was written for educational purpose. Use it at your own risk. Auth...

pppBlog 0.3.11 - File Disclosure

pppBlog 0.3.11 - File Disclosure pppBlog = 0.3.11 randompic.php System File Disclosure Vulnerability url: http://sourceforge.net/projects/pppblog/ Author: JosS mail: sys-projectathotmaildotcom site: http://spanish-hackers.com team: Spanish Hackers Team - SHT This was written for educational...

Sitebuilder 1.4 - sitebuilder.cgi Directory Traversal

Sitebuilder 1.4 - sitebuilder.cgi Directory Traversal source: https://www.securityfocus.com/bid/8521/info Sitebuilder is said to be prone to a directory traversal vulnerability, potentially allowing users to disclose the contents of system files. The problem occurs due to the application failing ...

Drummond Miles A1Stats 1.0 - a1disp2.cgi Traversal Arbitrary File Read

Drummond Miles A1Stats 1.0 - a1disp2.cgi Traversal Arbitrary File Read source: https://www.securityfocus.com/bid/2705/info A1Stats is a CGI product by Drummon Miles used to report on a website's visitor traffic. Versions of this product fail to properly validate user-supplied input submitted as...