CVE-2025-46804

A minor information leak when running Screen with setuid-root privileges allows unprivileged users to deduce information about a path that would otherwise not be available. Affected are older Screen versions, as well as version 5.0.0...

Microsoft XML Core Services Information Disclosure Vulnerability

Microsoft XML Core Services MSXML improperly handles objects in memory, allowing attackers to test for files on disk via a crafted web site...

VulnCheck KEV: CVE-2019-7483

In SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI allows the user to test for the presence of a file on the server...

CVE-2017-18876

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can test for the existence of an arbitrary file...

CVE-2017-18876

CVE-2017-18876 affects Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 where local file storage enables a path traversal-like check to determine existence of arbitrary files. Impact is information disclosure via local storage under file storage usage; exploitation requires access via the affecte...

Directory traversal

In SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI allows the user to test for the presence of a file on the server...

A code injection vulnerability of Shell#[] and Shell#test

Shell and its alias Shelltest defined in lib/shell.rb allow code injection if the first argument aka the “command” argument is untrusted data. An attacker can exploit this to call an arbitrary Ruby method. Note that passing untrusted data to methods of Shell is dangerous in general. Users must...

CVE-2017-16959

The CVE-2017-16959 vulnerability affects TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices via the locale feature in cgi-bin/luci. The issue arises from set_sysinfo/get_sysinfo in /usr/lib/lua/luci/controller/locale.lua used by uhttpd, allowing remote authenticated users to probe for existence of a...

CVE-2017-0022

CVE-2017-0022 affects Microsoft XML Core Services (MSXML) across multiple Windows OS versions; vulnerability stems from improper handling of memory objects, enabling an attacker to determine whether a file exists on disk via a crafted web site. Public sources classify it as an information-disclos...

CVE-2017-0022

Microsoft XML Core Services MSXML in Windows 10 Gold, 1511, and 1607; Windows 7 SP1; Windows 8.1; Windows RT 8.1; Windows Server 2008 SP2 and R2 SP1; Windows Server 2012 Gold and R2; Windows Server 2016; and Windows Vista SP2 improperly handles objects in memory, allowing attackers to test for...

PT-2017-1642 · Microsoft · Windows Server 2012 +9

Name of the Vulnerable Software and Affected Versions: Microsoft XML Core Services MSXML versions in Windows 10 Gold, 1511, and 1607 Microsoft XML Core Services MSXML in Windows 7 SP1 Microsoft XML Core Services MSXML in Windows 8.1 Microsoft XML Core Services MSXML in Windows RT 8.1 Microsoft XM...

VulnCheck KEV: CVE-2017-0022

Microsoft XML Core Services MSXML improperly handles objects in memory, allowing attackers to test for files on disk via a crafted web site...

Decompression Bomb Testing

Decompression Bomb Testing A decompression bomb is a file designed to crash or render useless the program or system reading it, i.e. a denial of service. The files in this project can be used to test whether an application is vulnerable to this type of attack. A zip bomb, also known as a zip of...

Quest vWorkspace 7.5 Connection Broker Client - ActiveX Control 'pnllmcli.dll 7.5.304.547' SaveMiniLaunchFile() Method Remote File Creation / Overwrite

var obj = new ActiveXObject"PNLLM.Client.1"; obj.SaveMiniLaunchFile"","c:\windows\win.ini";...

Oracle Hyperion Financial Management TList6 ActiveX Control Remote Code Execution Vulnerability

Oracle Hyperion Financial Management TList6 ActiveX Control Remote Code Execution Vulnerability tested against: Internet Explorer 8 Microsoft Windows Server 2003 r2 sp2 download url: http://www.oracle.com/technetwork/middleware/epm/downloads/index.html files tested: SystemInstaller-11121-win32.zi...

Oracle Hyperion Financial Management TList6 - ActiveX Control Remote Code Execution

Oracle Hyperion Financial Management TList6 ActiveX Control Remote Code Execution Vulnerability tested against: Internet Explorer 8 Microsoft Windows Server 2003 r2 sp2 download url: http://www.oracle.com/technetwork/middleware/epm/downloads/index.html files tested: SystemInstaller-11121-win32.zi...