45 matches found
EUVD-2010-5291
Malware in sbrugna...
EUVD-2004-0829
Malware in sbrugna...
EUVD-2018-10654
Malware in sbrugna...
EUVD-2012-2219
Malware in sbrugna...
EUVD-2025-18905
Malicious code in bioql PyPI...
EUVD-2024-34587
Malicious code in bioql PyPI...
PT-2025-26200 · Unknown · Openlist Frontend
Name of the Vulnerable Software and Affected Versions: OpenList Frontend versions prior to 4.0.0-rc.4 Description: A stored XSS vulnerability exists in the file preview/browsing feature of the application. This occurs when files with a .py extension containing JavaScript code wrapped in tags are...
CVE-2019-14766
Path Traversal in the file browser of DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to browse the server filesystem...
CVE-2024-34015
Sensitive information disclosure during file browsing due to improper symbolic link handling. The following products are affected: Acronis Backup plugin for cPanel & WHM Linux before build 1.8.3.818, Acronis Backup plugin for cPanel & WHM Linux before build 1.9.1.892...
Remote code execution
A Remote Code Execution vulnerability exist in Uffizio's GPS Tracker all versions. The web server can be compromised by uploading and executing a web/reverse shell. An attacker could then run commands, browse system files, and browse local resources...
CVE-2022-26960
connector.minimal.php in std42 elFinder through 2.1.60 is affected by path traversal. This allows unauthenticated remote attackers to read, write, and browse files outside the configured document root. This is due to improper handling of absolute file paths...
CVE-2022-22544
Solution Manager Diagnostics Root Cause Analysis Tools - version 720, allows an administrator to execute code on all connected Diagnostics Agents and browse files on their systems. An attacker could thereby control the managed systems. It is considered that this is a missing segregation of duty f...
CVE-2022-22544
Solution Manager Diagnostics Root Cause Analysis Tools - version 720, allows an administrator to execute code on all connected Diagnostics Agents and browse files on their systems. An attacker could thereby control the managed systems. It is considered that this is a missing segregation of duty f...
Local File Dislocusure to Browse All Files in /atlassian-bamboo
This vulnerability affects certain versions of Atlassian Bamboo. Attacker can craft URL to browse all files inside /atlassian-bamboo at Bamboo installation folder, which includes files at WEB-INF folder...
Information disclosure
Hitachi Content Platform Anywhere HCP-AW 4.4.5 and later allows information disclosure. If authenticated user creates a link to a file or folder while the system was running version 4.3.x or earlier and then shares the link and then later deletes the file or folder without deleting the link and...
CVE-2021-21615
Jenkins 2.275 and LTS 2.263.2 allows reading arbitrary files using the file browser for workspaces and archived artifacts due to a time-of-check to time-of-use TOCTOU race condition...
CVE-2021-21615
The CVE-2021-21615 issue affects Jenkins 2.275 and LTS 2.263.2 and is caused by a TOCTOU race in the file browser used for workspaces and archived artifacts, enabling reading arbitrary files. Exploitation requires privileges such as Job/Workspace permission or control of workspace contents (e.g.,...
CVE-2020-29446
Affected versions of Atlassian Fisheye & Crucible allow remote attackers to browse local files via an Insecure Direct Object References IDOR vulnerability in the WEB-INF directory. The affected versions are before version 4.8.5...
CVE-2021-21602
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows reading arbitrary files using the file browser for workspaces and archived artifacts by following symlinks...
CVE-2019-18988
TeamViewer Desktop through 14.7.1965 allows a bypass of remote-login access control because the same key is used for different customers' installations. It used a shared AES key for all installations since at least as far back as v7.0.43148, and used it for at least OptionsPasswordAES in the...