113 matches found
CVE-2026-33656
EspoCRM is an open source customer relationship management application. Prior to version 9.3.4, EspoCRM's built-in formula scripting engine allowing updating attachment's sourceId thus allowing an authenticated admin to overwrite the sourceId field on Attachment entities. Because sourceId is...
CVE-2026-33656 EspoCRM vulnerable to authenticated RCE via Formula with path traversal in attachment `sourceId`, exploitable by admin user
EspoCRM is an open source customer relationship management application. Prior to version 9.3.4, EspoCRM's built-in formula scripting engine allowing updating attachment's sourceId thus allowing an authenticated admin to overwrite the sourceId field on Attachment entities. Because sourceId is...
CVE-2026-33656
EspoCRM is an open source customer relationship management application. Prior to version 9.3.4, EspoCRM's built-in formula scripting engine allowing updating attachment's sourceId thus allowing an authenticated admin to overwrite the sourceId field on Attachment entities. Because sourceId is...
EUVD-2025-209158
XenForo before 2.3.7 discloses filesystem paths through exception messages triggered by openbasedir restrictions. This allows an attacker to obtain information about the server's directory structure...
CVE-2025-71282
XenForo before 2.3.7 discloses filesystem paths through exception messages triggered by openbasedir restrictions. This allows an attacker to obtain information about the server's directory structure...
CVE-2025-71282 XenForo Path Disclosure via open_basedir Exceptions
XenForo before 2.3.7 discloses filesystem paths through exception messages triggered by openbasedir restrictions. This allows an attacker to obtain information about the server's directory structure...
EUVD-2006-4224
Malware in sbrugna...
EUVD-2007-1366
Malware in sbrugna...
EUVD-2007-1387
Malware in sbrugna...
Exploit for CVE-2021-4483
It is an offensive tool for PHP The repository contains a collection of PHP code snippets and functions for auditing and exploiting vulnerabilities, including a proof-of-concept exploit for CVE-2021-4483, an exploit module for targeting PHP applications, and a toolkit for auditing PHP code. The...
RHEL 6 : jruby (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - rubygems: Path traversal when writing to a symlinked basedir outside of the root CVE-2018-1000073 Note that Nessus...
PT-2024-40441 · Datadog · Datadog/Dd-Trace
Name of the Vulnerable Software and Affected Versions: datadog/dd-trace versions 0.30.0 through 0.30.1 Description: The issue concerns a security and stability problem where the ddtrace.request init hook was not properly bound by the open basedir INI directive, potentially leading to...
GHSA-62JR-84GF-WMG4 Default swagger-ui configuration exposes all files in the module
Impact The default configuration of @fastify/swagger-ui without baseDir set will lead to all files in the module's directory being exposed via http routes served by the module. Patches Update to v2.1.0 Workarounds Use the baseDir option References HackerOne report...
Default swagger-ui configuration exposes all files in the module
Impact The default configuration of @fastify/swagger-ui without baseDir set will lead to all files in the module's directory being exposed via http routes served by the module. Patches Update to v2.1.0 Workarounds Use the baseDir option References HackerOne report...
CVE-2024-22207
fastify-swagger-ui is a Fastify plugin for serving Swagger UI. Prior to 2.1.0, the default configuration of @fastify/swagger-ui without baseDir set will lead to all files in the module's directory being exposed via http routes served by the module. The vulnerability is fixed in v2.1.0. Setting th...
CVE-2024-22207 Default swagger-ui configuration exposes all files in the module
fastify-swagger-ui is a Fastify plugin for serving Swagger UI. Prior to 2.1.0, the default configuration of @fastify/swagger-ui without baseDir set will lead to all files in the module's directory being exposed via http routes served by the module. The vulnerability is fixed in v2.1.0. Setting th...
CVE-2024-22207
CVE-2024-22207 affects the fastify-swagger-ui Fastify plugin. Before version 2.1.0, the default configuration of @fastify/swagger-ui without a baseDir exposes all files in the module directory via HTTP routes, enabling information disclosure. The issue is resolved in v2.1.0; as a workaround, conf...
CVE-2024-22207 Default swagger-ui configuration exposes all files in the module
fastify-swagger-ui is a Fastify plugin for serving Swagger UI. Prior to 2.1.0, the default configuration of @fastify/swagger-ui without baseDir set will lead to all files in the module's directory being exposed via http routes served by the module. The vulnerability is fixed in v2.1.0. Setting th...
SUSE CVE-2006-1494
Directory traversal vulnerability in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass openbasedir restrictions allows remote attackers to create files in arbitrary directories via the tempnam function...
SUSE CVE-2007-1461
The compress.bzip2:// URL wrapper provided by the bz2 extension in PHP before 4.4.7, and 5.x before 5.2.2, does not implement safemode or openbasedir checks, which allows remote attackers to read bzip2 archives located outside of the intended directories...