CVE-2025-65465

A reflected Cross-Site Scripting XSS vulnerability in the RaiseError function of Skrol29 TbsZip version 2.17 and earlier allows remote attackers to execute arbitrary web script or HTML via a crafted payload in a filename parameter e.g., to the FileRead function. This occurs because the error...

CVE-2025-65465

Skrol29 TbsZip 2.17 and earlier contain a reflected XSS in the RaiseError path, exploitable via a crafted filename parameter (e.g., against FileRead), due to improper sanitization of the error message. The issue is fixed in version 2.18. Affected software is Skrol29/tbszip; CVE-2025-65465 severit...

EUVD-2025-208169

A reflected Cross-Site Scripting XSS vulnerability in the RaiseError function of Skrol29 TbsZip version 2.17 and earlier allows remote attackers to execute arbitrary web script or HTML via a crafted payload in a filename parameter e.g., to the FileRead function. This occurs because the error...

CVE-2019-25246 Beward N100 H.264 VGA IP Camera M2.1.6 Authenticated File Disclosure

Beward N100 H.264 VGA IP Camera M2.1.6 contains an authenticated file disclosure vulnerability that allows attackers to read arbitrary system files via the 'READ.filePath' parameter. Attackers can exploit the fileread script or SendCGICMD API to access sensitive files like /etc/passwd and...

CVE-2019-25246 Beward N100 H.264 VGA IP Camera M2.1.6 Authenticated File Disclosure

Beward N100 H.264 VGA IP Camera M2.1.6 contains an authenticated file disclosure vulnerability that allows attackers to read arbitrary system files via the 'READ.filePath' parameter. Attackers can exploit the fileread script or SendCGICMD API to access sensitive files like /etc/passwd and...

PT-2025-53332

Name of the Vulnerable Software and Affected Versions Beward N100 H.264 VGA IP Camera version M2.1.6 Description The Beward N100 H.264 VGA IP Camera version M2.1.6 contains a flaw that allows authorized attackers to access arbitrary system files. This is possible through the READ.filePath...

The vulnerability of the gold/fileread.cc component of the GNU Binutils development environment, which involves reading data beyond the allowed buffer limits, allows a hacker to cause a service failure.

The vulnerability of the gold/fileread.cc component in the GNU Binutils development environment relates to reading data from buffer files beyond their acceptable limits. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...

The vulnerability of the fileRead() function in the NocoDB database creation platform allows a attacker to gain unauthorized access to protected information.

The vulnerability of the fileRead function in the NocoDB database creation platform is related to an incorrect limitation on the path name for the restricted access directory. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...

Directory Traversal

nocodb is vulnerable to Directory Traversal. The vulnerability exists in the fileRead function of attachments.controller.ts and attachment.ctl.ts files, which allows an attacker to fetch arbitrary files on the server by manipulating the path parameter of the /download route, resulting in the...

CVE-2023-33507

KramerAV VIA GO² 4.0.1.1326 is vulnerable to Unauthenticated arbitrary file read...

Exploit for Path Traversal in Simplefilelist Simple-File-List

CVE-2022-1119 1. Introduction WordPress Simple File List...

GHSA-W327-WQ28-3VMF CuteSoft CuteEditor Path Traversal vulnerability

Directory traversal vulnerability in CuteSoftClient/CuteEditor/Load.ashx in CuteSoft Components Cute Editor for ASP.NET allows remote attackers to read arbitrary files via a .. dot dot in the file parameter...

CVE-2017-5331

Integer overflow in the checkoffset function in b/wrestool/fileread.c in icoutils before 0.31.1 allows local users to cause a denial of service process crash and execute arbitrary code via a crafted executable...

UBUNTU-CVE-2017-5331

Integer overflow in the checkoffset function in b/wrestool/fileread.c in icoutils before 0.31.1 allows local users to cause a denial of service process crash and execute arbitrary code via a crafted executable...

74CMS最新版绕过继续任意文件读取(通用性分析)到任意文件删除

简要描述： 74CMS最新版绕过继续任意文件读取通用性分析到任意文件删除 详细说明： 0x000 简介 写这个漏洞的时候很纠结，不知道到底要提交给谁，74cms，cncert，腾讯？ 最后还是交给74cms吧，因为74cms的厂商看了还是挺负责的，交给cncert又不知道能不能让厂商知道并修复，交给腾讯肯定又是忽略的节奏！ 这里主要那74cms的漏洞和phpyun之前的漏洞分析，然后找出共同的问题点，然后找到来源，都是因为开发者的安全意识薄弱，还有腾讯的带头大哥榜样惹的祸，暂且这么说吧！ 作为厂商只是那现成的来用，太依赖第三方的东西，完全没有自己考虑到问题的产生。...

CVE-2013-3541

The CVE-2013-3541 entry concerns a directory traversal vulnerability in AirLive devices, specifically the cgi-bin/admin/fileread functionality. The documented flaw allows remote attackers to read arbitrary files by manipulating the READ.filePath parameter (using .. to traverse directories). Affec...