16 matches found
CVE-2026-23877 Directory Traversal & Filesystem can be accessed by a non-admin user
Swing Music is a self-hosted music player for local audio files. Prior to version 2.1.4, Swing Music's listfolders function in the /folder/dir-browser endpoint is vulnerable to directory traversal attacks. Any authenticated user including non-admin can browse arbitrary directories on the server...
CVE-2022-50890
Owlfiles File Manager 12.0.1 contains a path traversal vulnerability in its built-in HTTP server that allows attackers to access system directories. Attackers can exploit the vulnerability by crafting GET requests with directory traversal sequences to access restricted system directories on the...
PT-2025-51888
Name of the Vulnerable Software and Affected Versions AVideo versions prior to 20.1 AVideo versions prior to 20.0 Description AVideo versions prior to 20.1 have a flaw where authenticated users can upload files into directories owned by other users. This is due to an insecure direct object...
EUVD-2023-35396
Malicious code in bioql PyPI...
CVE-2023-0156
The All-In-One Security AIOS WordPress plugin before 5.1.5 does not limit what log files to display in it's settings pages, allowing an authorized user admin+ to view the contents of arbitrary files and list directories anywhere on the server to which the web server has access. The plugin only...
CVE-2024-5262 ProjectDiscovery Interactsh - Files or Directories Accessible to External Parties
Files or Directories Accessible to External Parties vulnerability in smb server in ProjectDiscovery Interactsh allows remote attackers to read/write any files in the directory and subdirectories of where the victim runs interactsh-server via anonymous login...
Moderate: Red Hat Security Advisory: sssd security update
An update for sssd is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...
The vulnerability of the BuildKit container-building software lies in the improper limitation of the path name to the restricted-access directory, which allows a malicious actor to delete arbitrary files outside of the container.
The vulnerability of the BuildKit container-building software relates to incorrect pathname restrictions for access to restricted directories. Exploiting this vulnerability could allow a malicious actor to delete arbitrary files outside of the container...
CVE-2023-3712
Files or Directories Accessible to External Parties vulnerability in Honeywell PM43 on 32 bit, ARM Printer web page modules allows Privilege Escalation.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version...
Important: Red Hat Security Advisory: sssd security and bug fix update
An update for sssd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
GHSA-3W4V-RVC4-2XPW Keycloak has Files or Directories Accessible to External Parties
ClassLoaderTheme and ClasspathThemeResourceProviderFactory allows reading any file available as a resource to the classloader. By sending requests for theme resources with a relative path from an external HTTP client, the client will receive the content of random files if available...
CarceresBE 路径遍历漏洞
CarceresBE is an SKS parking management system backend open sourced by Delor4. CarceresBE 1.0 and earlier versions have a path traversal vulnerability that stems from a failure of Flask's sendfile function to properly filter special elements in a resource or file path, which could be exploited by...
Apache ServiceComb Service-Center 路径遍历漏洞
Apache ServiceComb Service-Center is a Restful-based service registry from the Apache Foundation that provides microservice discovery and microservice management. Apache ServiceComb Service-Center is vulnerable to a path traversal vulnerability in version 1.x.x. The vulnerability stems from A...
CVE-2019-17103
An Incorrect Default Permissions vulnerability in the BDLDaemon component of Bitdefender AV for Mac allows an attacker to elevate permissions to read protected directories. This issue affects: Bitdefender AV for Mac versions prior to 8.0.0...
CVE-2016-0906
The web-restore interface in Avamar Data Store ADS and Avamar Virtual Edition AVE in EMC Avamar through 7.1.2 and 7.2.x through 7.2.1 allows remote authenticated users to read or delete directories via a Linux backup-restore operation...
Oracle9i Application Server 9.0.2 - MOD_ORADAV Access Control
source: https://www.securityfocus.com/bid/14274/info The modoradav module for Oracle HTTP Server included in Oracle9i Application Server is prone to a vulnerability. This is related to access controls on the '/davpublic' and '/davportal' directories, allowing a malicious user to fill up the...