CVE-2026-50233

The CVE-2026-50233 entry concerns Lyrion Music Server 9.2.0 with an arbitrary directory listing flaw in the readdirectory function. The issue is exposed via the CLI service on TCP port 9090 and the HTTP JSON-RPC endpoint at /jsonrpc.js. The vulnerable query accepts a folder parameter and returns ...

EUVD-2026-34832

Lyrion Music Server 9.2.0 contains an arbitrary directory listing vulnerability in its readdirectory query, exposed through both the CLI service TCP port 9090 and the HTTP JSON-RPC endpoint /jsonrpc.js. The query accepts a folder parameter and lists its contents with no restriction to the...

Lyrion Music Server 9.2.0 Arbitrary Directory Listing

Summary Lyrion Music Server formerly Logitech Media Server, and often abbreviated as "LMS" is open-source software which can control and serve stream music to a wide range of physical and virtual audio players called Squeezeboxes. Lyrion Music Server can stream your local music collection, intern...

WordPress Modula Image Gallery plugin <= 2.13.3 - Missing Authorization to Arbitrary Directory Listing vulnerability

Missing Authorization to Arbitrary Directory Listing vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Modula Image Gallery versions = 2.13.3...

EUVD-2018-8618

Malware in sbrugna...

EUVD-2008-1849

Malware in sbrugna...

EUVD-2003-1339

Malware in sbrugna...

CVE-2025-61685

Mastra is a Typescript framework for building AI agents and assistants. Versions 0.13.8 through 0.13.20-alpha.0 are vulnerable to a Directory Traversal attack that results in the disclosure of directory listings. The code contains a security check to prevent path traversal for reading file...

CVE-2021-40668

The Android application HTTP File Server Version 1.4.1 by 'slowscript' is affected by a path traversal vulnerability that permits arbitrary directory listing, file read, and file write...

CVE-2023-4297 Mmm Simple File List <= 2.3 - Subscriber+ Arbitrary Directory Listing

The Mmm Simple File List WordPress plugin through 2.3 does not validate the generated path to list files from, allowing any authenticated users, such as subscribers, to list the content of arbitrary directories...

Mmm Simple File List <= 2.3 - Subscriber+ Arbitrary Directory Listing

Description The plugin does not validate the generated path to list files from, allowing any authenticated users, such as subscribers, to list the content of arbitrary directories. Run the below command in the developer console of the web browser while being on the blog as a subscriber user...

CVE-2021-40668

The CVE-2021-40668 entry concerns the Android application HTTP File Server (Version 1.4.1) by slowscript. Multiple connected sources confirm a path traversal vulnerability that permits arbitrary directory listing, file read, and file write. The NVD entry lists impact including partial confidentia...

CVE-2018-16821

SeaCMS 6.64 allows arbitrary directory listing via upload/admin/admintemplate.php?path=../templets/../../ requests...

CVE-2018-16821

SeaCMS 6.64 contains a path traversal flaw that allows arbitrary directory listing through upload/admin/admin_template.php?path=../templets/../../, enabling access to unintended directories. The vulnerability is a directory traversal issue in the PHP-based SeaCMS CMS; the exports/documented expos...

CVE-2018-16820

admin/index.php in Monstra CMS 3.0.4 allows arbitrary directory listing via id=filesmanager&path=uploads/.......//./.......//./ requests...

321soft PhP-Gallery 0.9 index.php path Variable Arbitrary Directory Listing

No description provided by source. source: http://www.securityfocus.com/bid/17812/info PhP-Gallery is prone to an information-disclosure vulnerability and a cross-site scripting vulnerability. These issues are due to a failure in the application to properly sanitize user-supplied input. An attack...

cPanel <= 11.18.3 Disk Usage Module Remote Arbitrary Directory Listing

Binary data 4436.prm...

Exponent CMS 0.96.50.96.6 - iconspopup.php?icodir Traversal Arbitrary Directory Listing

Exponent CMS 0.96.50.96.6 - iconspopup.php?icodir Traversal Arbitrary Directory Listing source: https://www.securityfocus.com/bid/23574/info Exponent CMS is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. Exploiting these...

Dovecot Multiple Command Traversal Arbitrary Directory Listing

The remote host is running Dovecot, an open source IMAP4 / POP3 server for Linux / Unix. The version of Dovecot installed on the remote host fails to filter directory traversal sequences from user-supplied input to IMAP commands such as LIST and DELETE. An authenticated attacker may be able to...

timobraun Dynamic Galerie 1.0 - index.php?pfad Arbitrary Directory Listing

timobraun Dynamic Galerie 1.0 - index.php?pfad Arbitrary Directory Listing source: https://www.securityfocus.com/bid/17896/info Dynamic Galerie is prone to a directory-traversal vulnerability and a cross-site scripting vulnerability. These issues are due to a failure in the application to properl...