CVE-2026-42885 Audiobookshelf: Path prefix bypass in filesystem existence check leaks out-of-scope file existence

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the POST /api/filesystem/pathexists endpoint uses String.startsWith to validate that a resolved file path is within a library folder. This check fails for sibling directories whose names share a common prefix e.g.,...

CLSA-2022-1671033543 vim: Fix of CVE-2022-4292

CVE-2022-4292: bail out if the window no longer exists...

PT-2021-17743 · Netflix · Netflix Oss Hollow

Name of the Vulnerable Software and Affected Versions: Netflix OSS Hollow affected versions not specified Description: The issue allows an attacker to pre-create directories with wide permissions since the Files.existsparent check is performed before creating the directories. Furthermore, the use...

OpenX 2.6.3 Local File Inclusion

I have found a local file inclusion exploit in OpenX 2.6.3, this is in the script "fc.php", located in /www/delivery/ Here is a snip of the code: snip includeonce '../../init-delivery.php'; $MAXPLUGINSADPLUGINNAME = 'MAXtype'; if!isset$GET$MAXPLUGINSADPLUGINNAME echo $MAXPLUGINSADPLUGINNAME . ' i...

Mini Blog 1.0.1 - index.php Multiple Local File Inclusions

Mini Blog 1.0.1 - index.php Multiple Local File Inclusions / $Id: miniblog-1.0.1-lfi.txt,v 0.1 2008/12/06 04:06:00 cOndemned Exp $ Mini Blog 1.0.1 index.php Multiple Local File Inclusion Vulnerabilities Discovered by cOndemned Download : http://www.bpowerhouse.info/miniblog.htm Greetz : ZaBeaTy,...

My Simple Forum 3.0 - Local File Inclusion

/ $Id: mysimpleforum-3.0-lfi.txt,v 0.1 2008/12/04 23:03:00 cOndemned Exp $ My Simple Forum 3.0 index.php action Local File Inclusion Vulnerability Bug discovered by cOndemned Script download: http://drennansoft.com/index.php?action=download&id=1 Greetz: ZaBeaTy, str0ke, d2, TBH, Avantura / Source...

eXtreme-fusion 4.02 - 'Fusion_Forum_View.php' Local File Inclusion

source: https://www.securityfocus.com/bid/21621/info eXtreme-fusion is prone to a local file-include vulnerability because the application fails to properly sanitize user-supplied input. Exploiting this issue may allow an unauthorized user to view files and execute local scripts. By combining thi...

formmail (PHP) Upload file using CSS

Informations : °°°°°°°°°°°°°° Website : http://www.dtheatre.com/scripts/ Version : all Problem : Upload file PHP Code/Location : °°°°°°°°°°°°°°°°°°° formmail.php : ------------------------------------------------------------------ function checkreferer$referers if count$referers $found = false;...