60 matches found
CVE-2025-57403
Cola Dnslog v1.3.2 is vulnerable to Directory Traversal. When a DNS query for a TXT record is processed, the application concatenates the requested URL or a portion of it directly with a base path using os.path.join. This bypass allows directory traversal or absolute path injection, leading to th...
Better Auth affected by external request basePath modification DoS
Summary Affected versions of Better Auth allow an external request to configure baseURL when it isn’t defined through any other means. This can be abused to poison the router’s base path, causing all routes to return 404 for all users. This issue is only exploitable when baseURL is not explicitly...
EUVD-2007-2253
Malware in sbrugna...
CVE-2025-11046
A security flaw has been discovered in Tencent WeKnora 0.1.0. This impacts the function testEmbeddingModel of the file /api/v1/initialization/embedding/test. The manipulation of the argument baseUrl results in server-side request forgery. The attack can be launched remotely. The exploit has been...
D-Link DI-8100 安全漏洞
The D-Link DI-8100 is a wireless broadband router designed for small to medium-sized network environments from China's D-Link. A buffer overflow vulnerability exists in the D-Link DI-8100 version 16.07.21, which originates from the parameter mschapen in the file /pppoebase.asp that fails to...
Apache Commons VFS 安全漏洞
Apache Commons VFS is a public virtual file system from the Apache USA Foundation. A path traversal vulnerability exists in Apache Commons VFS versions prior to 2.10.0, which stems from a program's failure to properly filter for special elements in a resource or file path. An attacker could explo...
PT-2024-31591 · Hoverfly · Hoverfly
Name of the Vulnerable Software and Affected Versions: Hoverfly affected versions not specified Description: The /api/v2/simulation POST handler in Hoverfly allows users to create new simulation views from the contents of a user-specified file. This feature can be abused by an attacker to read...
Directory Traversal
pymdownextensions is vulnerable to Directory Traversal. The vulnerability exists in getsnippetpath function of snippets.py because the content of a file can be displayed outside of the specified base path using a path relative to that base path, resulting in unwanted information being exposed via...
freerdp: missing path sanitation with `drive` channel
A directory traversal issue was discovered in FreeRDP. The vulnerability exists due to missing path canonicalization and base path check for the drive channel. A malicious server can trick a FreeRDP based client to read files outside of the shared directory. This issue allows an attacker to gain...
CVE-2023-32309 Arbitrary file inclusion with the pymdowm-snippets extension
PyMdown Extensions is a set of extensions for the Python-Markdown markdown project. In affected versions an arbitrary file read is possible when using include file syntax. By using the syntax --8--"/etc/passwd" or --8--"/proc/self/environ" the content of these files will be rendered in the...
Alist 路径遍历漏洞
Alist is a file listing program with multi-storage support from the individual developer Xhofe in China. A security vulnerability exists in Alist version v3.4.0, which can be exploited by attackers to bypass the base path restriction...
Information Disclosure
freerdp is vulnerable to information disclosure. The vulnerability exists due to missing path canonicalization and base path check for drive channel which allows an attacker to gain access and read files outside the shared directory...
UBUNTU-CVE-2022-39347
FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing path canonicalization and base path check for drive channel. A malicious server can trick a FreeRDP based client to read files outside the shared directory. This issue has been addressed in...
CVE-2022-39347
FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing path canonicalization and base path check for drive channel. A malicious server can trick a FreeRDP based client to read files outside the shared directory. This issue has been addressed in...
CVE-2022-28930
ERP-Pro v3.7.5 was discovered to contain a SQL injection vulnerability via the component /base/SysEveMenuAuthPointMapper.xml...
Potential Security Bypass for customized Spring Data REST Resource
In Spring Data REST versions 3.4.0 - 3.4.13, 3.5.0 - 3.5.5, and older unsupported versions, HTTP resources implemented by custom controllers using a configured base API path and a controller type-level request mapping are additionally exposed under URIs that can potentially be exposed for...
PHPKB Multi-Language 9 - Authenticated Remote Code Execution
Exploit Title: PHPKB Multi-Language 9 - Authenticated Remote Code Execution Google Dork: N/A Date: 2020-03-15 Exploit Author: Antonio Cannito Vendor Homepage: https://www.knowledgebase-script.com/ Software Link: https://www.knowledgebase-script.com/pricing.php Version: Multi-Language v9 Tested on...
Exchange Control Panel ViewState Deserialization
This module exploits a .NET serialization vulnerability in the Exchange Control Panel ECP web page. The vulnerability is due to Microsoft Exchange Server not randomizing the keys on a per-installation basis resulting in them using the same validationKey and decryptionKey values. With knowledge of...
ManageEngine Application Manager 14.2 - Privilege Escalation / Remote Command Execution (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "ManageEngine Application Manager v14.2 - Privilege Escalation / Remote Command Execution", 'Description' = %q This module exploits sqli and comman...
Information Disclosure
jetty-util is vulnerable to information disclosure. Eclipse Jetty on Windows reveals the resource base path of files in the directory listings page...