Jira Server Pre-Auth - Arbitrary File Retrieval (WEB-INF, META-INF)

The CachingResourceDownloadRewriteRule class in Jira Server and Jira Data Center allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check. id: CVE-2020-29453 info: name: Jira Server Pre-Auth - Arbitrary File...

Joomla! Component Jw_allVideos - Arbitrary File Retrieval

A directory traversal vulnerability in includes/download.php in the JoomlaWorks AllVideos JwallVideos plugin 3.0 through 3.2 for Joomla! allows remote attackers to read arbitrary files via a ./../.../ modified dot dot in the file parameter. id: CVE-2010-0696 info: name: Joomla! Component...

CVE-2025-68920

C-Kermit aka ckermit through 10.0 Beta.12 aka 416-beta12 before 244644d allows a remote Kermit system to overwrite files on the local system, or retrieve arbitrary files from the local system...

CVE-2025-68920

C-Kermit (ckermit) up to 10.0 Beta.12 (416-beta12) before 244644d is affected by CVE-2025-68920. A remote Kermit system can overwrite files on the local system or retrieve arbitrary files. Root cause details are not specified in the provided documents. Connected sources include Red Hat, EUVD, NVD...

CVE-2025-68920

C-Kermit aka ckermit through 10.0 Beta.12 aka 416-beta12 before 244644d allows a remote Kermit system to overwrite files on the local system, or retrieve arbitrary files from the local system...

PT-2025-53381

Name of the Vulnerable Software and Affected Versions C-Kermit versions through 10.0 Beta.12 aka 416-beta12 before 244644d Description A remote Kermit system can overwrite files on the local system or retrieve arbitrary files from the local system. Recommendations Update to a version later than...

EUVD-2011-2712

Malware in sbrugna...

EUVD-2022-44890

Malicious code in bioql PyPI...

PT-2025-30949 · Dbgate · Dbgate +1

Name of the Vulnerable Software and Affected Versions: DbGate versions 6.6.0 and below Description: DbGate, a cross-platform database manager, allows unauthorized file access due to insufficient validation of file paths and types. A user with application-level access can retrieve data from...

White Star Software Protop 4.4.2-2024-11-27 - Local File Inclusion (LFI)

Exploit Title: White Star Software Protop 4.4.2-2024-11-27 - Local File Inclusion LFI Date: 2025-07-09 Exploit Author: Imraan Khan Lich-Sec Vendor Homepage: https://wss.com/ Software Link: https://client.protop.co.za/ Version: v4.4.2-2024-11-27 Tested on: Ubuntu 22.04 / Linux CVE: CVE-2025-44177...

CVE-2024-48647

A file disclosure vulnerability exists in Sage 1000 v7.0.0. This vulnerability allows remote attackers to retrieve arbitrary files from the server's file system by manipulating the URL parameter in HTTP requests. The attacker can exploit this flaw to access sensitive information, including...

CVE-2022-44008

An issue was discovered in BACKCLICK Professional 5.9.63. Due to improper validation, arbitrary local files can be retrieved by accessing the back-end Tomcat server directly...

CVE-2022-28213

When a user access SOAP Web services in SAP BusinessObjects Business Intelligence Platform - version 420, 430, it does not sufficiently validate the XML document accepted from an untrusted source, which might result in arbitrary files retrieval from the server and in successful exploits of DoS...

CVE-2024-46898

SHIRASAGI prior to v1.19.1 processes URLs in HTTP requests improperly, resulting in a path traversal vulnerability. If this vulnerability is exploited, arbitrary files on the server may be retrieved when processing crafted HTTP requests...

Fortinet FortiWeb - Path traversal in API controller (FG-IR-21-156)

The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-21-156 advisory. - A relative path traversal in FortiWeb versions 6.4.1, 6.4.0, and 6.3.0 through 6.3.15 may allow an authenticated attacker to...

UoW Pop2d Remote File Retrieval

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'UoW pop2d Remote File Retrieval Vulnerability', 'Description' = %q This module exploits a vulnerability in the FOLD command of the University of...

VulnNodeApp - A Vulnerable Node.Js Application

A vulnerable application made using node.js, express server and ejs template engine. This application is meant for educational purposes only. Setup Clone this repository git clone https://github.com/4auvar/VulnNodeApp.git Application setup: Install the latest node.js version with npm. Open...

Esri Portal For ArcGIS 路径遍历漏洞

Esri Portal For ArcGIS is a component of esri that allows maps, scenes, applications, and other geographic information to be shared with others within an organization. A path traversal vulnerability exists in Esri Portal for ArcGIS that stems from the program failing to properly filter for specif...

PT-2023-12903 · Fortinet · Fortisandbox

Name of the Vulnerable Software and Affected Versions: Fortinet FortiSandbox versions 3.0.x through 4.2.0 Description: The issue allows a remote and authenticated attacker with read permission to retrieve arbitrary files from the underlying Linux system via a crafted HTTP request. This is due to ...

Geonetwork 4.2.0 - XML External Entity (XXE)

Exploit Title: Geonetwork 4.2.0 - XML External Entity XXE Date: 2022-July-11 Exploit Author: Amel BOUZIANE-LEBLOND https://twitter.com/amellb Vendor Homepage: https://geonetwork-opensource.org/ Version: Geonetwork 3.10.X through 4.2.0 Tested on: Microsoft Windows Server & Linux Description:...