EUVD-1999-0497

Malware in sbrugna...

EUVD-2023-46232

Malicious code in bioql PyPI...

CVE-2025-4798

The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.68.10. This is due to a lack of restriction on the directory an administrator can select for storing downloads. This makes it possible for authenticated attackers, with...

CVE-2025-4798

CVE-2025-4798 affects the WP-DownloadManager WordPress plugin, with versions up to and including 1.68.10 vulnerable to an arbitrary file read. The issue arises from lack of directory restrictions when an administrator stores downloads, enabling authenticated attackers with Administrator-level acc...

CVE-2021-42022

A vulnerability has been identified in SIMATIC eaSie PCS 7 Skill Package All versions V21.00 SP3. When downloading files, the affected systems do not properly neutralize special elements within the pathname. An attacker could then cause the pathname to resolve to a location outside of the...

CVE-2021-21999

VMware Tools for Windows 11.x.y prior to 11.2.6, VMware Remote Console for Windows 12.x prior to 12.0.1 , VMware App Volumes 2.x prior to 2.18.10 and 4 prior to 2103 contain a local privilege escalation vulnerability. An attacker with normal access to a virtual machine may exploit this issue by...

Yaws Path Traversal Vulnerability

Yaws is a web server written in the Erlang language. A path traversal vulnerability in the handling of URLs in Yaws version 1.91, which stems from a failure of a network system or product to properly filter special elements in the path of a resource or file, can be exploited by an attacker to...

Directory traversal

Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows local users to gain privileges by leveraging an unrestricted quarantine directory...

CVE-2013-1807

PHP-Fusion before 7.02.06 stores backup files with predictable filenames in an unrestricted directory under the web document root, which might allow remote attackers to obtain sensitive information via a direct request to the backup file in administration/dbbackups/...

PT-2013-2482 · Adobe · Coldfusion

Name of the Vulnerable Software and Affected Versions: Adobe ColdFusion versions 9.0 through 10 Description: The issue allows attackers to access restricted directories via unspecified vectors when a password is not configured. This has been exploited in the wild. Recommendations: For Adobe...

CVE-1999-0498

CVE-1999-0498 describes a directory-traversal flaw in TFTP servers: remote attackers can read password files because TFTP is not run in a restricted directory. The NVD entry shows a base score of 10.0 (HIGH) with network/vector/impact details, but the connected documents do not specify a concrete...

PT-1991-1001 · Tftp · Tftp

Name of the Vulnerable Software and Affected Versions: TFTP affected versions not specified Description: The issue allows a remote attacker to access sensitive information, such as password files, because TFTP is not running in a restricted directory. Recommendations: At the moment, there is no...