CVE-2026-42071

Mantis Bug Tracker MantisBT is an open source issue tracker. From 2.23.0 to 2.28.1, a missing authorization check in MantisBT's file visibility function allows any authenticated user REPORTER+ to download attachments on private bugnotes they should not be able to access, via the REST API endpoint...

Missing Authorization

Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Missing Authorization in the file visibility process. An attacker can access unauthorized file attachments by sending requests to the REST API or SOAP API endpoints. Remediation Upgrade...

EUVD-2025-1635

Malicious code in bioql PyPI...

CVE-2024-9155

Mattermost versions 9.10.x = 9.10.1, 9.9.x = 9.9.2, 9.5.x = 9.5.8 fail to limit access to channels files that have not been linked to a post which allows an attacker to view them in channels that they are a member of...

CVE-2021-32717

Shopware is an open source eCommerce platform. In versions prior to 6.4.1.1 private files publicly accessible with Cloud Storage providers when the hashed URL is known. Users are recommend to first change their configuration to set the correct visibility according to the documentation. The...

ADC: Unable to delete backup files from GUI

Customer sees 50 backup files on NetScaler GUI whereas same files are not visible on /var/nssysbackup directory. Whenever trying to delete the backup files from GUI it shows "ERROR: Backup file does not exist."...

CVE-2021-32717 Private files publicly accessible with Cloud Storage providers

Shopware is an open source eCommerce platform. In versions prior to 6.4.1.1 private files publicly accessible with Cloud Storage providers when the hashed URL is known. Users are recommend to first change their configuration to set the correct visibility according to the documentation. The...

Design/Logic Flaw

This affects all versions of package com.squareup:connect. The method prepareDownloadFilecreates creates a temporary file with the permissions bits of -rw-r--r-- on unix-like systems. On unix-like systems, the system temporary directory is shared between users. As such, the contents of the file...

CVE-2021-23331

CVE-2021-23331 affects all versions of com.squareup:connect. The ApiClient creates a temporary file with permissions -rw-r--r-- in the system temp dir; since that directory is shared on Unix-like systems, the downloaded content may be visible to other local users. The issue is inherent to the SDK...

WordPress Shopping Cart 3.0.4 - Unrestricted File Upload Vulnerability

Exploit for php platform in category web applications Exploit Title: WordPress Shopping Cart 3.0.4 Unrestricted File Upload Date: 29-10-2014 Software Link: https://wordpress.org/plugins/wp-easycart/ Exploit Author: Kacper Szurek Contact: http://twitter.com/KacperSzurek Website:...

[SCSA-019] Gattaca Server 2003 Vulnerable to Multiple vulnerabilities

===================================================================== Security Corporation Security Advisory SCSA-019 Gattaca Server 2003 Vulnerable to Multiple vulnerabilities ===================================================================== PROGRAM: Gattaca Server 2003 HOMEPAGE:...

Abyss Web Server version 1.0.3 shows file and directory content

Abyss Web Server version 1.0.3 shows file and directory content .oO Overview Oo. Abyss Web Server version 1.0.3 shows file and directory content Discovered on 2002, June, 30th Vendor: Aprelium Abyss Web Server 1.0.3 is a free personal web server available for Windows and Linux operating systems...

CVE-2002-0500

The CVE-2002-0500 entry describes a vulnerability in Internet Explorer 5.0–6.0 where a remote attacker can determine the existence of local files on a client by abusing an IMG tag with a dynsrc attribute that references the target file, causing the image object to reveal information such as file ...

Security Bulletin (MS00-006)

Microsoft Security Bulletin MS00-006 - -------------------------------------- Patch Available for "Malformed Hit-Highlighting Argument" Vulnerability Originally Posted: January 26, 2000 Revised March 31, 2000 Summary ======= On January 26, 2000 Microsoft released the original version of this...