openmrs-core 路径遍历漏洞

OpenMRS-core is an open-source electronic medical record system developed by OpenMRS. OpenMRS-core has a path traversal vulnerability. This vulnerability stems from the getFile method in ModuleResourcesServlet, which does not validate path boundaries. As a result, unauthorized attackers may be ab...

Path Traversal

github.com/weaviate/weaviate is vulnerable to path traversal. The vulnerability is due to insufficient validation of the fileName field in the transfer logic, which allows an attacker who can call the GetFile method while a shard is in the “Pause file activity” state and the FileReplicationServic...

SUSE CVE-2025-67819

An issue was discovered in Weaviate OSS before 1.33.4. Due to a lack of validation of the fileName field in the transfer logic, an attacker who can call the GetFile method while a shard is in the "Pause file activity" state and the FileReplicationService is reachable can read arbitrary files...

Weaviate OSS has path traversal vulnerability via the Shard Movement API

An issue was discovered in Weaviate OSS before 1.33.4. Due to a lack of validation of the fileName field in the transfer logic, an attacker who can call the GetFile method while a shard is in the "Pause file activity" state and the FileReplicationService is reachable can read arbitrary files...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via insufficient validation of the fileName field in the transfer logic. An attacker can access arbitrary files accessible to the service process by invoking the GetFile method when a shard is in the "Pause file...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via insufficient validation of the fileName field in the transfer logic. An attacker can access arbitrary files accessible to the service process by invoking the GetFile method when a shard is in the "Pause file...

CVE-2025-67819

An issue was discovered in Weaviate OSS before 1.33.4. Due to a lack of validation of the fileName field in the transfer logic, an attacker who can call the GetFile method while a shard is in the "Pause file activity" state and the FileReplicationService is reachable can read arbitrary files...

CVE-2024-0505

A vulnerability was found in ZhongFuCheng3y Austin 1.0 and classified as critical. This issue affects the function getFile of the file com/java3y/austin/web/controller/MaterialController.java of the component Upload Material Menu. The manipulation leads to unrestricted upload. The exploit has bee...

Path traversal

Absolute path traversal vulnerability in a certain ActiveX control in the CYFT object in ft60.dll in Yahoo! Messenger 8.1.0.421 allows remote attackers to force a download, and create or overwrite arbitrary files via a full pathname in the second argument to the GetFile method...

yim-download.txt

----------------------------------------------------------------------------- Yahoo! Messenger 8.1.0.421 CYFT Object ft60.dll Arbitrary File Download url: http://download.yahoo.com/dl/msgr8/us/ymsgr8us.exe Author: shinnai mail: shinnaiatautisticidotorg site: http://shinnai.altervista.org This was...