EUVD-2011-3653

Malware in sbrugna...

EUVD-2005-4468

Malware in sbrugna...

EUVD-2023-46396

Malicious code in bioql PyPI...

EUVD-2023-53777

Malicious code in bioql PyPI...

CVE-2021-3374

Directory traversal in RStudio Shiny Server before 1.5.16 allows attackers to read the application source code, involving an encoded slash...

CVE-2011-3694

The Server Administration Console in NetSaro Enterprise Messenger Server 2.0 allows remote attackers to read application source code by appending a %00 character to a URL...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to Web Application Source Code Disclosure Pattern Found (Low) CVE-2024-35144

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to Web Application Source Code Disclosure Pattern Found Low CVE-2024-35144. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-35144 DESCRIPTION: IBM Maximo...

CVE-2024-31844

An issue was discovered in Italtel Embrace 1.6.4. The server does not properly handle application errors. In some cases, this leads to a disclosure of information about the server. An unauthenticated user is able craft specific requests in order to make the application generate an error. Inside a...

CVE-2024-29900

Electron Packager bundles Electron-based application source code with a renamed Electron executable and supporting files into folders ready for distribution. A random segment of 1-10kb of Node.js heap memory allocated either side of a known buffer will be leaked into the final executable. This...

CVE-2022-4244

A flaw was found in codeplex-codehaus. A directory traversal attack also known as path traversal aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash ../" sequences and their variations or by using absolute file paths, it may be possib...

CVE-2022-2712

In Eclipse GlassFish versions 5.1.0 to 6.2.5, there is a vulnerability in relative path traversal because it does not filter request path starting with './'. Successful exploitation could allow an remote unauthenticated attacker to access critical data, such as configuration files and deployed...

CVE-2021-3374

Directory traversal in RStudio Shiny Server before 1.5.16 allows attackers to read the application source code, involving an encoded slash...

Directory traversal

Directory traversal in RStudio Shiny Server before 1.5.16 allows attackers to read the application source code, involving an encoded slash...

CVE-2020-29041

The CVE-2020-29041 entry describes a misconfiguration in Web-Sesame 2020.1.1.3375 where JavaScript source maps were included in production Webpack config, allowing an unauthenticated attacker to download the application’s source code and related artifacts (bundle sources, configuration settings s...

Starbucks: Korea - LFI via path traversal at https://msr.istarbucks.co.kr:6443/appif/

@iampuky — thank you for reporting the original vulnerability and for confirming the resolution. While analyzing the Starbucks Korea mobile application, i noticed that it called an API at https://msr.istarbucks.co.kr:6443/appif/. It was found that the application running under that directory was...

Node.js third-party modules: [featurebook] Specification Server Directory Traversal via Crafted Browser Request

Hi, A crafted request can be leveraged to traverse the directory structure of a host using the featurebook server package, and request arbitrary files outside of the specified web root. Module specification Name: featurebook Version: 0.0.32 latest release build Verified conditions Test server:...

Aerohive HiveOS 5.1r5 - 6.1r5 - Multiple Vulnerabilities

Exploit for php platform in category web applications Exploit Title: Aerohive HiveOS XSS and limited LFI Date: 11-07-2014 Exploit Author: Rik van Duijn - DearBytes dearbytes.com Vendor Homepage: http://www.aerohive.com/products/overview.html Version: 5.1r5 - 6.1r5 possibly earlier versions...

Aerohive HiveOS 5.1r5 6.1r5 - Multiple Vulnerabilities

Aerohive HiveOS 5.1r5 6.1r5 - Multiple Vulnerabilities Exploit Title: Aerohive HiveOS XSS and limited LFI Date: 11-07-2014 Exploit Author: Rik van Duijn - DearBytes dearbytes.com Vendor Homepage: http://www.aerohive.com/products/overview.html Version: 5.1r5 - 6.1r5 possibly earlier versions...

Aerohive HiveOS 5.1r5 < 6.1r5 - Multiple Vulnerabilities

Exploit Title: Aerohive HiveOS XSS and limited LFI Date: 11-07-2014 Exploit Author: Rik van Duijn - DearBytes dearbytes.com Vendor Homepage: http://www.aerohive.com/products/overview.html Version: 5.1r5 - 6.1r5 possibly earlier versions Description ================ Aerohive version 5.1r5 through...

Code injection

The Server Administration Console in NetSaro Enterprise Messenger Server 2.0 allows remote attackers to read application source code by appending a %00 character to a URL...