jsPDF has Local File Inclusion/Path Traversal vulnerability

Impact User control of the first argument of the loadFile method in the node.js build allows local file inclusion/path traversal. If given the possibility to pass unsanitized paths to the loadFile method, a user can retrieve file contents of arbitrary files in the local file system the node proce...

jsPDF 安全漏洞

jsPDF is Parallax open source a JavaScript-based PDF document generation library . A security vulnerability exists in jsPDF versions prior to 4.0.0, which stems from methods such as loadFile that allow the user to control paths, potentially leading to a local file inclusion or path traversal atta...

EUVD-2005-0036

Malware in sbrugna...

perl-YAML-LibYAML security update

1:0.70-2 - Use 3-arg form of open in LoadFile CVE-2025-40908...

perl-YAML-LibYAML security update

1:0.82-6.1 - Use 3-arg form of open in LoadFile CVE-2025-40908...

CVE-2023-30804

The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an authenticated file disclosure vulnerability. A remote and authenticated attacker can read arbitrary system files using the svpnhtml/loadfile.php endpoint. This issue is exploitable by a remote and unauthenticated...

The vulnerability of the svpn_html/loadfile.php component of the Sangfor NAF firewall tool, which allows a hacker to disclose protected information

The vulnerability of the svpnhtml/loadfile.php component of the Sangfor NAF firewall lies in the lack of protection for service data. Exploiting this vulnerability could allow a malicious actor to disclose the protected information...

CVE-2023-30804

The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an authenticated file disclosure vulnerability. A remote and authenticated attacker can read arbitrary system files using the svpnhtml/loadfile.php endpoint. This issue is exploitable by a remote and unauthenticated...

Sangfor Next-Gen Application Firewall Security Vulnerabilities

Sangfor Next-Gen Application Firewall Sangfor NGAF is an application firewall from China-based Sangfor. A security vulnerability exists in Sangfor Next-Gen Application Firewall NGAF version 8.0.17, which allows an authenticated attacker to read arbitrary system files using the svpnhtml/loadfile.p...

CVE-2021-39856 Adobe Acrobat Reader DC NTLMv2 SSO Information Disclosure via LoadFile

Acrobat Reader DC ActiveX Control versions 2021.005.20060 and earlier, 2020.004.30006 and earlier and 2017.011.30199 and earlier are affected by an Information Disclosure vulnerability. An unauthenticated attacker could leverage this vulnerability to obtain NTLMv2 credentials. Exploitation of thi...

CVE-2020-9353

An issue was discovered in SmartClient 12.0. The Remote Procedure Call RPC loadFile provided by the console functionality on the /tools/developerConsoleOperations.jsp or /isomorphic/IDACall URL is affected by unauthenticated Local File Inclusion via directory-traversal sequences in the elem XML...

Directory traversal

An issue was discovered in SmartClient 12.0. The Remote Procedure Call RPC loadFile provided by the console functionality on the /tools/developerConsoleOperations.jsp or /isomorphic/IDACall URL is affected by unauthenticated Local File Inclusion via directory-traversal sequences in the elem XML...

CVE-2020-9353

An issue was discovered in SmartClient 12.0. The Remote Procedure Call RPC loadFile provided by the console functionality on the /tools/developerConsoleOperations.jsp or /isomorphic/IDACall URL is affected by unauthenticated Local File Inclusion via directory-traversal sequences in the elem XML...

CVE-2017-5570

An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. This is a blind SQL injection within the messageJson.jsp, which can only be exploited by authenticated users via an HTTP POST request and which can be used to dump database data out to a malicious server, using an out-of-band...

R4 1.25 Overflows / Directory Traversal

Luigi Auriemma Application: R4 http://r4.rabidhamster.org/R4/ Versions: = 1.25 Platforms: Windows Bugs: A stack overflow B heap overflow C directory traversal D screenshot stack overflow Exploitation: remote Date: 09 Feb 2012 Author: Luigi Auriemma e-mail: [email protected] web: aluigi.org 1...

UBUNTU-CVE-2010-2445

freeciv 2.2 before 2.2.1 and 2.3 before 2.3.0 allows attackers to read arbitrary files or execute arbitrary commands via a scenario that contains Lua functionality, related to the 1 os, 2 io, 3 package, 4 dofile, 5 loadfile, 6 loadlib, 7 module, and 8 require modules or functions...

VulnCheck KEV: CVE-2006-6027

Adobe Reader Adobe Acrobat Reader 7.0 through 7.0.8 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long argument string to the LoadFile method in an AcroPDF ActiveX control...

PT-2010-2754 · Tetradyne +1 · Tetradyne Activex +1

Name of the Vulnerable Software and Affected Versions: HP Operations Manager versions 7.5, 8.10, 8.16 Description: The issue is related to multiple stack-based buffer overflows in a certain Tetradyne ActiveX control. This could allow remote attackers to execute arbitrary code via a long string...

HP Operations Manager 8.16 - srcvw4.dll LoadFile()SaveFile() Remote Unicode Stack Overflow (PoC)

HP Operations Manager 8.16 - srcvw4.dll LoadFileSaveFile Remote Unicode Stack Overflow PoC !-- |------------------------------------------------------------------| | | | / / / / | | / / / / / / / \ / / / / \ | | / // // / / / / / // / / / / / // / // / / / / / / | | /// //,// // //,// //...

Information disclosure

Numara FootPrints 7.5a through 7.5a1 and 8.0 through 8.0a allows remote attackers to execute arbitrary commands via shell metacharacters in the 1 transcriptFile parameter to MRcgi/MRchat.pl or 2 LOADFILE parameter to MRcgi/MRABLoad2.pl. NOTE: some of these details are obtained from third party...