12 matches found
Files or Directories Accessible to External Parties
Overview Affected versions of this package are vulnerable to Files or Directories Accessible to External Parties through the importStdMd import process in kernel/api/import.go. An attacker can import data from sensitive or unintended local paths and potentially access or expose local files by...
CVE-2025-59105
With physical access to the device and enough time an attacker can desolder the flash memory, modify it and then reinstall it because of missing encryption. Thus, essential files, such as "/etc/passwd", as well as stored certificates, cryptographic keys, stored PINs and so on can be modified and...
EUVD-2025-33845
The Code Quality Control Tool plugin for WordPress is vulnerable to Sensitive Information Exposure in version 0.1 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files...
CVE-2025-8484 Code Quality Control Tool <= 2.1 - Unauthenticated Information Exposure via Log Files
The Code Quality Control Tool plugin for WordPress is vulnerable to Sensitive Information Exposure in version 2.1 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files...
PT-2025-35832
Name of the Vulnerable Software and Affected Versions XWiki Platform versions 4.2-milestone-2 through 16.10.6 Description The XWiki Platform is a generic wiki platform. Configuration files are accessible through jsx and sx endpoints. An attacker can access and read configuration files using URLs...
CVE-2010-20109 Barracuda Spam & Virus Firewall "locale" Path Traversal
Barracuda products, confirmed in Spam & Virus Firewall, SSL VPN, and Web Application Firewall versions prior to October 2010, contain a path traversal vulnerability in the viewhelp.cgi endpoint. The locale parameter fails to properly sanitize user input, allowing attackers to inject traversal...
S3Proxy 路径遍历漏洞
S3Proxy is an S3 API from the individual developer Andrew Gaul. A path traversal vulnerability exists in S3Proxy versions prior to 2.6.0, which stems from the fact that the filesystem and filesystem-nio2 storage backends may inadvertently expose local files to users...
A week in security (September 30 – October 6)
Last week on Malwarebytes Labs: Facebook and Instagram passwords were stored in plaintext, Meta fined Android users targeted on Facebook and porn sites, served adware Fake Disney+ activation page redirects to pornographic scam Radiology provider exposed tens of thousands of patient files Not Blac...
CVE-2022-26975
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing log files without authentication...
CVE-2022-22790
SYNEL - eharmony Directory Traversal. Directory Traversal - is an attack against a server or a Web application aimed at unauthorized access to the file system. on the "Name" parameter the attacker can return to the root directory and open the host file. The path exposes sensitive files that users...
UBUNTU-CVE-2020-15005
In MediaWiki before 1.31.8, 1.32.x and 1.33.x before 1.33.4, and 1.34.x before 1.34.2, private wikis behind a caching server using the imgauth.php image authorization security feature may have had their files cached publicly, so any unauthorized user could view them. This occurs because...
thttpd 2.0.7 Directory Traversal (Windows)
The remote web server fails to limit requests to items within the document directory. An attacker may exploit this flaw to read arbitrary files on the remote system with the privileges of the http process. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid14229;...