29 matches found
CVE-2025-69226 AIOHTTP allows for a brute-force leak of internal static filepath components
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below enable an attacker to ascertain the existence of absolute path components through the path normalization logic for static files meant to prevent path traversal. If an application uses...
EUVD-2025-17647
Malicious code in bioql PyPI...
CVE-2025-54118
NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Sensitive information disclosure in NamelessMC before 2.2.4 allows unauthenticated remote attacker to gain sensitive information such as absolute path of the source code via list parameter. This vulnerability is...
CVE-2025-54118
CVE-2025-54118 affects NamelessMC before version 2.2.4, where an unauthenticated attacker can disclose sensitive information (e.g., absolute path of the source code) via the list parameter in the member list component. The issue was fixed in 2.2.4. The provided connected sources confirm the vulne...
CVE-2025-40662
Absolute path disclosure vulnerability in DM Corporative CMS. This vulnerability allows an attacker to view the contents of webroot/file, if navigating to a non-existent file...
CVE-2025-40662
Absolute path disclosure vulnerability in DM Corporative CMS. This vulnerability allows an attacker to view the contents of webroot/file, if navigating to a non-existent file...
CVE-2025-40662 Absolute path disclosure vulnerability in DM Corporative CMS
Absolute path disclosure vulnerability in DM Corporative CMS. This vulnerability allows an attacker to view the contents of webroot/file, if navigating to a non-existent file...
CVE-2025-40662
DM Corporative CMS suffers an absolute path disclosure vulnerability: an attacker can view the contents of webroot/file by navigating to a non-existent file. The CVE is documented with CVSS metrics (NVD/3.1: HIGH, base 7.5; CISA/4.0: MEDIUM, base 6.9) and multiple national/international feeds con...
CVE-2025-40662 Absolute path disclosure vulnerability in DM Corporative CMS
Absolute path disclosure vulnerability in DM Corporative CMS. This vulnerability allows an attacker to view the contents of webroot/file, if navigating to a non-existent file...
CVE-2025-2239 Absolute Path Disclosure Vulnerability in Hillstone Next Generation FireWall
Generation of Error Message Containing Sensitive Information vulnerability in Hillstone Networks Hillstone Next Generation FireWall.This issue affects Hillstone Next Generation FireWall: from 5.5R8P1 before 5.5R8P23...
CVE-2025-2239 Absolute Path Disclosure Vulnerability in Hillstone Next Generation FireWall
Generation of Error Message Containing Sensitive Information vulnerability in Hillstone Networks Hillstone Next Generation FireWall.This issue affects Hillstone Next Generation FireWall: from 5.5R8P1 before 5.5R8P23...
CVE-2020-15794
CVE-2020-15794 affects Siemens Desigo Insight (All versions). The web application may reveal absolute file system paths in error messages, enabling an authenticated attacker to retrieve additional information about the host system (information disclosure). Mitigations documented by vendors includ...
CVE-2020-9351
Summary of vulnerability (CVE-2020-9351) : In SmartClient 12.0, an unauthenticated attacker can send a POST to /tools/developerConsoleOperations.jsp or /isomorphic/IDACall with malformed XML in the _transaction parameter, causing the server to return a verbose error that reveals the absolute path...
BEWARD N100 H.264 VGA IP Camera M2.1.6 Arbitrary File Disclosure
Summary The N100 compact color IP camera with support for a more efficient compression format is optimized for low-speed networks, thanks to which it transmits a real-time image over the network with minimal delays. The camera supports the switching of the broadcast modes, and in the event of a...
Rendertron Absolute Path Disclosure Vulnerability
Rendertron is Google's open source Chrome rendering solution designed to instantly render web pages. Rendertron 1.0.0 suffers from an absolute path disclosure vulnerability, which stems from nodemodules in Rendertron exposing installed packages, which can be exploited by a remote attacker to read...
WSS最新版多处SQL注入直接获取数据三(官方demo演示及快速定位漏洞技巧)
简要描述: WSS最新版多处SQL注入直接获取数据三,官方demo演示,这里存在多处,对同一问题进行总结 详细说明: WSS最新版1.3.2,这里存在多处,并对此同一问题进行总结,以及快速查找同一问题全部漏洞 这里的漏洞没有任何权限限制,任何用户都能进行注入 漏洞分析: WooYun: WSS最新版某处SQL注入直接获取数据二(两处) WSS最新版某处SQL注入直接获取数据二(两处) 这个漏洞之前已经降到了漏洞的过程 因为全局过滤函数设计缺陷导致sql注入 if !functionexists"GetSQLValueString" function...
xdcms网上订餐系统存在SQL注入漏洞(无需登录)
简要描述: xdcms网上订餐系统sql注入漏洞 详细说明: xdcms网上订餐系统用户注册处存在sql注入漏洞,直接暴露出绝对路径及sql注入信息 http://demo.xdcms.cn/ 订餐系统演示版 用户注册,在注册名处存在sql注入 漏洞证明:...
LiveCMS <= 3.4 (categoria.php cid) Remote SQL Injection Exploit
No description provided by source. !/usr/bin/perl / \ / \ | | | | | | | | | | | / | | | | | | | ' / | | ' \ / \ | | | | || | || | | | \ | | | | / | , |/ /|| ||| |||| / | |/ INFO: Program Title LiveCMS = 3.4 SQL Injection, Absolute Path Disclosure, XSS Injection, Arbitrary File Upload...
Kindeditor traverse the directory 0DAY-vulnerability warning-the black bar safety net
Author: sub - ↘meter Version: 3.4.2 Description: KindEditor is an open source HTML visual editor, mainly used to allow users on the site to get WYSIWYG editing effects, compatible with IE, Firefox, Chrome, Safari, Opera and other mainstream browser. KindEditor using JavaScript, you can seamlessly...
Debian: Security Advisory (DSA-265)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...