4 matches found
CVE-2026-27884 NetExec vulnerable to arbitrary file write via path traversal in spider_plus module
NetExec is a network execution tool. Prior to version 1.5.1, the module spiderplus improperly creates the output file and folder path when saving files from SMB shares. It does not take into account that it is possible for Linux SMB shares to have path traversal characters such as ../ in them. An...
PT-2025-5985 · Unknown · Dhtmlxfileexplorer
Name of the Vulnerable Software and Affected Versions: dhtmlxFileExplorer version 8.4.6 Description: The issue allows a remote attacker to obtain sensitive information through the file download functionality. This is due to a local file inclusion vulnerability. Recommendations: For...
PT-2024-29302 · Veertu · Veertu Anka
Name of the Vulnerable Software and Affected Versions: Veertu Anka Build version 1.42.0 Description: A directory traversal vulnerability exists in the archive functionality of Veertu Anka. This vulnerability can be triggered by a specially crafted HTTP request, potentially leading to the disclosu...
PT-2021-8121 · Draytek · Draytek Vigorconnect
Name of the Vulnerable Software and Affected Versions: Draytek VigorConnect version 1.6.0-B3 Description: A local file inclusion vulnerability exists in the file download functionality of the WebServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary...