23 matches found
EUVD-2006-6714
Malware in sbrugna...
EUVD-2016-10293
Malware in sbrugna...
EUVD-2003-0989
Malware in sbrugna...
EUVD-2015-3455
Malware in sbrugna...
Path Traversal
Measured is vulnerable to Path Traversal. The vulnerability is due to insufficient input validation when initializing the class, which allows an attacker to manipulate inputs and instruct the library to read arbitrary files...
Path Traversal
@modelcontextprotocol/server-filesystem is vulnerable to path traversal. The vulnerability is due to improper validation of directory prefixes, which allows an attacker to access unintended files by crafting paths that match allowed directory prefixes...
Path Traversal Vulnerability in Various ABB Products
ABB ASPECT-Enterprise is a scalable building energy management and control solution.ABB NEXUS Series is a monitoring and control management system.ABB MATRIX Series is an embedded IoT ASPECT control engine designed to provide flexible field control for medium to large field control applications. ...
Deserialization Of Untrusted Data
org.apache.inlong, inlong-manager is vulnerable to Deserialization of Untrusted Data. The vulnerability is due to Improper handling of input parameter, which allows an authenticated attacker to read arbitrary files on the server by exploiting the deserialization flaw through crafted input...
USN-7200-1: Roundcube vulnerability
It was discovered that Roundcube incorrectly handled certain file-based attachment plugins. An attacker could exploit this to gain unauthorized access to arbitrary files on the host’s file system...
CVE-2024-56509 changedetection.io has Improper Input Validation Leading to LFR/Path Traversal
changedetection.io is a free open source web page change detection, website watcher, restock monitor and notification service. Improper input validation in the application can allow attackers to perform local file read LFR or path traversal attacks. These vulnerabilities occur when user input is...
Cisco Identity Services Engine Path Traversal Vulnerability (CNVD-2025-06671)
Cisco Identity Services Engine is an environment-aware platform from Cisco, USA. A path traversal vulnerability exists in Cisco Identity Services Engine that can be exploited by an attacker to read or delete arbitrary files...
Fortinet FortiWAN Path Traversal Vulnerability
Fortinet FortiWAN is a network appliance from Fortinet, Inc. It is used to perform load balancing and fault tolerance between different networks. A path traversal vulnerability exists in Fortinet FortiWAN, which stems from improperly restricting pathnames to restricted directories, and can be...
PT-2023-29117 · Lg · Com.Lge.Bluetoothsetting
Name of the Vulnerable Software and Affected Versions: com.lge.bluetoothsetting affected versions not specified Description: The issue is related to the use of implicit PendingIntents with the PendingIntent.FLAG MUTABLE set, which can lead to the theft and/or over-write of arbitrary files with...
CVE-2022-2434 String Locator <= 2.5.0 - Cross-Site Request Forgery to PHAR Deserialization
The String Locator plugin for WordPress is vulnerable to deserialization of untrusted input via the 'string-locator-path' parameter in versions up to, and including 2.5.0. This makes it possible for unauthenticated users to call files using a PHAR wrapper, granted they can trick a site...
Directory Traversal Vulnerability in Thunderwind Movie CMS
Thunderwind Movie CMS is a PHP development, based on THINKPHP framework development suitable for all kinds of video, film and television websites, film and television content management system. Thunderwind CMS has a directory traversal vulnerability that can be exploited by an attacker to read an...
CVE-2018-20604
CVE-2018-20604 affects Lei Feng TV CMS (LFCMS) 3.8.6. A Directory Traversal is possible by crafting URIs using ..* in Template/edit/path, e.g., admin.php?s=/Template/edit/path/web .... ..*..*1.txt.html, enabling reading of arbitrary files (demonstrated with 1.txt). The connected records confirm t...
herberlin bremsserver 1.2.4/3.0 - Directory Traversal
source: https://www.securityfocus.com/bid/9493/info Herberlin BremsServer is prone to a directory-traversal vulnerability. An attacker may exploit this issue to gain access to files residing outside the web server root directory of the affected system. This issue exists due to a failure to valida...
MiniHTTPServer Web Forums Server 1.x2.0 - Directory Traversal
MiniHTTPServer Web Forums Server 1.x2.0 - Directory Traversal source: https://www.securityfocus.com/bid/7955/info It has been reported that WebForums Server does not properly handle some types of requests. Because of this, attackers may be able to gain access to files on the host server with the...
Microsoft Word 95979820002002 - INCLUDEPICTURE Document Sharing File Disclosure
Microsoft Word 95979820002002 - INCLUDEPICTURE Document Sharing File Disclosure source: https://www.securityfocus.com/bid/5764/info The INCLUDEPICTURE Field Code may be used to insert arbitrary URLs into a document. The INCLUDEPICTURE Field Code is reported to, under some circumstances, present a...
CVE-2000-0911
IMP 2.2 and earlier allows attackers to read and delete arbitrary files by modifying the attachmentname hidden form variable, which causes IMP to send the file to the attacker as an attachment...