Digital-Infrastructure 路径遍历漏洞

Digital-Infrastructure is an open source management support platform from Risesoft. A path traversal vulnerability exists in Digital-Infrastructure 9.6.7 and earlier versions, which stems from improper handling of the parameter fullPath in the file Y9FileController.java, which could lead to path...

SUSE CVE-2025-38208

In the Linux kernel, the following vulnerability has been resolved: smb: client: add NULL check in automountfullpath page is checked for null in buildpathfromdentryoptionalprefix when tcon-originfullpath is not set. However, the check is missing when it is set. Add a check to prevent a potential...

DEBIAN-CVE-2025-38208

In the Linux kernel, the following vulnerability has been resolved: smb: client: add NULL check in automountfullpath page is checked for null in buildpathfromdentryoptionalprefix when tcon-originfullpath is not set. However, the check is missing when it is set. Add a check to prevent a potential...

AZL-70424 CVE-2025-38208 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: smb: client: add NULL check in automountfullpath page is checked for null in buildpathfromdentryoptionalprefix when tcon-originfullpath is not set. However, the check is missing when it is set. Add a check to prevent a potential...

UBUNTU-CVE-2025-38208

In the Linux kernel, the following vulnerability has been resolved: smb: client: add NULL check in automountfullpath page is checked for null in buildpathfromdentryoptionalprefix when tcon-originfullpath is not set. However, the check is missing when it is set. Add a check to prevent a potential...

PT-2025-27983

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A potential NULL pointer dereference issue has been identified in the Linux kernel. The issue is related to the smb client and the automount fullpath function. Specifically, a NULL che...

SUSE CVE-2006-0855

Stack-based buffer overflow in the fullpath function in misc.c for zoo 2.10 and earlier, as used in products such as Barracuda Spam Firewall, allows user-assisted attackers to execute arbitrary code via a crafted ZOO file that causes the combine function to return a longer string than expected...

CVE-2022-37621

Prototype pollution vulnerability in function resolveShims in resolve-shims.js in thlorenz browserify-shim 3.8.15 via the fullPath variable in resolve-shims.js...

CVE-2022-37621

Prototype pollution vulnerability in function resolveShims in resolve-shims.js in thlorenz browserify-shim 3.8.15 via the fullPath variable in resolve-shims.js...

Code injection

Prototype pollution vulnerability in function resolveShims in resolve-shims.js in thlorenz browserify-shim 3.8.15 via the fullPath variable in resolve-shims.js...

PT-2022-24032 · Unknown · Browserify-Shim

Name of the Vulnerable Software and Affected Versions: browserify-shim version 3.8.15 Description: The issue is related to a prototype pollution vulnerability in the resolveShims function, located in resolve-shims.js. This vulnerability is exploitable via the fullPath variable in resolve-shims.js...

CVE-2022-37621

Prototype pollution vulnerability in function resolveShims in resolve-shims.js in thlorenz browserify-shim 3.8.15 via the fullPath variable in resolve-shims.js...

CVE-2022-37621

Prototype pollution vulnerability in function resolveShims in resolve-shims.js in thlorenz browserify-shim 3.8.15 via the fullPath variable in resolve-shims.js...

Improper Input Validation Leads to Privilege Escalation and Denial of Service

Description Improper input validation allows an attacker to privilege escalation and can make crash nginx server. There is no input validation in the v-add-web-domain-redirectL82, and "v-redirect-custom" input on the "Edit Web Domain" page, inputs are written directly to the...

CVE-2021-40964

A Path Traversal vulnerability exists in TinyFileManager all version up to and including 2.4.6 that allows attackers to upload a file with Admin credentials or with the CSRF vulnerability with the "fullpath" parameter containing path traversal strings ../ and ..\ in order to escape the server's...

CVE-2021-40964

A Path Traversal vulnerability exists in TinyFileManager all version up to and including 2.4.6 that allows attackers to upload a file with Admin credentials or with the CSRF vulnerability with the "fullpath" parameter containing path traversal strings ../ and ..\ in order to escape the server's...

PT-2021-23019

Name of the Vulnerable Software and Affected Versions TinyFileManager versions up to and including 2.4.6 Description A Path Traversal issue exists that allows attackers to upload a file with the fullpath parameter containing path traversal strings ../ and .. to escape the server's intended workin...

TinyFileManager 路径遍历漏洞

TinyFileManager is a web-based file manager used to store, upload, edit and manage files and folders online via a web browser. A path traversal vulnerability exists in TinyFileManager 2.4.6 and all versions below, which stems from the software's lack of validation and escaping of the fullpath...

Cross-site Scripting (XSS) - Generic in prasathmani/tinyfilemanager

✍️ Description Crss site scripting bug exist via file upload 🕵️‍♂️ Proof of Concept 1. Upload a file and capture the request in burpsuite . 2. Now change fullpath parameter value to xss payload in burpsuite and forward the request . and see xss is executed Video poc...

Open Conference Systems <= 1.1.4 (fullpath) File Include Vulnerabilities

No description provided by source. Open Conference Systems = 1.1.3 Remote File Inclusion Download Source : http://pkp.sfu.ca/ocs/download/ocs-1.1.3.tar.gz Found By : k1tk4t - k1tk4t4tnewhack.org Location : Indonesia -- newhackdotorg file ; theme.inc.php footer.inc.php bugs ; at -- theme.inc.php...