EUVD-2021-16033

Malware in sbrugna...

EUVD-2022-4184

Malicious code in bioql PyPI...

Array Networks ArrayOS AG 授权问题漏洞

Array Networks ArrayOS AG is an SSL-VPN product from Array Networks that enables secure remote access regardless of user, device or location. It provides scalable and controllable remote and mobile access to corporate networks, enterprise applications and cloud services for any user, any device,...

CVE-2019-14766

Path Traversal in the file browser of DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to browse the server filesystem...

Security Bulletin: Information Disclosure in WebSphere Application Server shipped with Jazz for Service Management (CVE-2017-1743)

Summary There is a potential information disclosure in WebSphere Application Server. Vulnerability Details CVEID: CVE-2017-1743 DESCRIPTION: IBM WebSphere Application Server could allow a remote attacker to obtain sensitive information caused by improper handling of Administrative Console panel...

CVE-2017-1743

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper handling of Administrative Console panel fields. When exploited an attacker could browse the file system. IBM X-Force ID: 134933...

Multiple Plugins - jQueryFileTree - Unauthenticated Path Traversal

Since no authentication or authorisation checks for direct access to the jqueryFileTree.php are made, the vulnerability allows for browsing the file system on a host out of an unauthenticated context. Even though no file content can be exfiltrated this way, "hidden" files e.g. in the web...

Delightful Downloads <= 1.6.6 - Unauthenticated Path Traversal

Since no authentication or authorisation checks for direct access to the jqueryFileTree.php are made, the vulnerability allows for browsing the file system on a host out of an unauthenticated context. Even though no file content can be exfiltrated this way, "hidden" files e.g. in the web...

Design/Logic Flaw

SolarWinds Log & Event Manager LEM before 6.3.1 Hotfix 4 allows an authenticated user to browse the server's filesystem and read the contents of arbitrary files contained within...

ZeusCMS &lt;= 0.3 Remote Blind SQL Injection Exploit

No description provided by source. ? / ------------------------------------------------- ZeusCMS = 0.3 Remote Blind SQL Injection Exploit ------------------------------------------------- author...: EgiX mail.....: n0b0d13satgmaildotcom link.....: http://www.zeuscms.gr/ details..: works with...

ZeusCMS <= 0.3 Remote Blind SQL Injection Exploit

Exploit for unknown platform in category web applications ================================================= ZeusCMS query"SELECT FROM $table WHERE url like '%$ref%' AND status='BLOCKED'"; numRows0 137. return true; 138. 139. else 140. return false; 141. 142. else 143. return false; 144. an attack...

Unwanted Access to File System via Import Pages Functionality

security vulnerability found in Confluence 2.5.6 Space administrator can use the "Import Pages from Disk" feature to browse the server file system by pointing the importer at "/" folder or any other folder. Because this folder doesn't contain expected files, an error message is displayed,...