CVE-2022-26973

Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. By tweaking the license file name, the returned error message exposes internal directory path details...

Linux Distros Unpatched Vulnerability : CVE-2025-62396

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An error-handling issue in the Moodle router r.php could cause the application to display internal directory listings when specific HTTP headers were not proper...

CVE-2025-62396

An error-handling issue in the Moodle router r.php could cause the application to display internal directory listings when specific HTTP headers were not properly configured...

EUVD-2025-35671

An error-handling issue in the Moodle router r.php could cause the application to display internal directory listings when specific HTTP headers were not properly configured...

Moodle 安全漏洞

Moodle is a free e-learning software platform open-sourced by Moodle, also known as a course management system, learning management system or virtual learning environment. A security vulnerability exists in Moodle that stems from improper error handling in r.php, which could lead to the display o...

EUVD-2004-2489

Malware in sbrugna...

Esri ArcGIS Server 路径遍历漏洞

Esri ArcGIS Server is a web-oriented, enterprise-class software platform for delivering geolocation services from Environmental Systems Research Institute Esri. A path traversal vulnerability exists in Esri ArcGIS Server version 10.9.1 and earlier, which stems from a path traversal issue that cou...

Barco Control Room 安全漏洞

Barco Control Room is a visualization and collaboration solution from Barco Belgium. It is used to build control rooms. A security vulnerability exists in the Barco Control Room Management Suite web application prior to version 3.14, which stems from a public license file upload mechanism. By...

CVE-2020-2020

An improper handling of exceptional conditions vulnerability in Cortex XDR Agent allows a local authenticated Windows user to create files in the software's internal program directory that prevents the Cortex XDR Agent from starting. The exceptional condition is persistent and prevents Cortex XDR...

Palo Alto Networks Cortex XDR Agent Security Vulnerability

Palo Alto Networks Cortex XDR Agent is a client software from Palo Alto Networks Malaysia used to check the security of client devices. A security vulnerability exists in Cortex XDR Agent that arises from improper handling that allows a local authenticated Windows user to create files in the...

WordPress Coditor plugin <= 1.1 - Arbitrary File Edition, Deletion and Internal Directory Listing in "/wp-content" vulnerabilities

Arbitrary File Edition, Deletion and Internal Directory Listing in "/wp-content" vulnerabilities found by Slavco Mihajloski in WordPress Coditor plugin versions = 1.1. Solution 2020-12-09 - we were unable to find a patched version of this plugin. There's a note from wordpress.org available on the...

Coditor <= 1.1 - Arbitrary File Edition, Deletion and Internal Directory Listing in wp-content

The coditorprocessajax AJAX call is missing any CSRF and authorisation checks, allowing low privilege users subscriber+ to read and edit any files in the wp-content folder, as well as list its content. The PoC will be displayed once the issue has been remediated...

CVE-2017-3745

In Lenovo XClarity Administrator LXCA before 1.3.0, if service data is downloaded from LXCA, a non-administrative user may have access to password information for users that have previously authenticated to the LXCA's internal LDAP server, including administrative accounts and service accounts wi...

Ubiquiti Inc.: Auth bypass on directory.corp.ubnt.com

The researcher ebrietas demonstrated that access to our Internal corporate directory could be gained due to a misconfiguration in Google OpenID. This involved using a non-UBNT Google account and modification to the URL. The issue was resolved and the researcher was awarded a bounty for his...

CVE-2004-2498

Unspecified vulnerability in the error handler in Hitachi Web Page Generator and Web Page Generator Enterprise 4.01 and earlier, when using the default error template and debug mode is set to ON, allows remote attackers to determine internal directory structures via unknown attack vectors...