GHSA-2VX9-7WPG-88JQ n8n: Legacy ExecuteWorkflow Node Bypassed File Path Restrictions

Impact The ExecuteWorkflow node's localFile source option read workflow files from disk without applying checks enforced by other file-reading nodes. An authenticated user with permission to create or modify workflows could supply an arbitrary file path via the REST API, bypassing the...

CVE-2026-25770

Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 3.9.0 and prior to version 4.14.3, a privilege escalation vulnerability exists in the Wazuh Manager's cluster synchronization protocol. The wazuh-clusterd service allows authenticated...

CVE-2026-25770 Wazuh has Privilege Escalation to Root via Cluster Protocol File Write

Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 3.9.0 and prior to version 4.14.3, a privilege escalation vulnerability exists in the Wazuh Manager's cluster synchronization protocol. The wazuh-clusterd service allows authenticated...

CVE-2026-25770 Wazuh has Privilege Escalation to Root via Cluster Protocol File Write

Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 3.9.0 and prior to version 4.14.3, a privilege escalation vulnerability exists in the Wazuh Manager's cluster synchronization protocol. The wazuh-clusterd service allows authenticated...

CVE-2026-25770

Affected software : Wazuh Manager (cluster synchronization protocol). Vulnerability details : In versions 3.9.0 up to just before 4.14.3, authenticated nodes can abuse the cluster protocol to write arbitrary files on the manager filesystem as the wazuh user. The insecure permissions let the wazuh...

CVE-2026-2560

A vulnerability has been found in kalcaddle kodbox up to 1.64.05. The impacted element is the function run of the file plugins/fileThumb/lib/VideoResize.class.php of the component Media File Preview Plugin. Such manipulation of the argument localFile leads to os command injection. The attack can ...

kodbox 操作系统命令注入漏洞

Kodbox is a network file manager developed by Warlee’s individual developer. Versions of Kodbox 1.64.05 and earlier had a vulnerability related to operating system command injection. This vulnerability stemmed from an improper handling of the localFile parameter in the run function of the Media...

SUSE CVE-2017-17405

Ruby before 2.4.3 allows Net::FTP command injection. Net::FTPget, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernelopen to open a local file. If the localfile argument starts with the "|" pipe character, the command following the pipe character is executed. The default...

PowerShellArmoury - A PowerShell Armoury For Security Guys And Girls

The PowerShell Armoury is meant for pentesters, "insert-color-here"-teamers and everyone else who uses a variety of PowerShell tools during their engagements. It allows you to download and store all of your favourite PowerShell scripts in a single, encrypted file. You do not have to hassle with...

The vulnerability in the implementation of Net::FTP commands in the Ruby programming language allows attackers to execute arbitrary commands.

The vulnerability of Net::FTP commands in the Ruby programming language is related to an input filtering error. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands when opening local files using Net::FTPget, Net::FTPgetbinaryfile, Net::FTPgettextfile, Net::FTPput,...

Arbitrary Command Execution

rh-ruby24-ruby is vulnerable to arbitrary command execution attacks. The vulnerability exists ff the localfile argument starts with the "|" pipe character which allows an attacker to execute arbitrary commands...

CVE-2017-17405

Ruby before 2.4.3 allows Net::FTP command injection. Net::FTPget, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernelopen to open a local file. If the localfile argument starts with the "|" pipe character, the command following the pipe character is executed. The default...

ALPINE-CVE-2017-17405

Ruby before 2.4.3 allows Net::FTP command injection. Net::FTPget, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernelopen to open a local file. If the localfile argument starts with the "|" pipe character, the command following the pipe character is executed. The default...

UBUNTU-CVE-2017-17405

Ruby before 2.4.3 allows Net::FTP command injection. Net::FTPget, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernelopen to open a local file. If the localfile argument starts with the "|" pipe character, the command following the pipe character is executed. The default...

U.S. Dept Of Defense: Local File Inclusion vulnerability on an Army system allows downloading local files

A misconfigured Army website may have allowed unauthorized users to remotely download local files, potentially revealing sensitive system or user information. Nahamsec was able to demonstrate this vulnerability by crafting a particularly formatted URL. Thanks Nahamsec!...

MediaWiki 1.23.x < 1.23.15 / 1.26.x < 1.26.4 / 1.27.x < 1.27.1 Multiple Vulnerabilities

According to its version number, the MediaWiki application running on the remote web server is 1.23.x prior to 1.23.15, 1.26.x prior to 1.26.4, or 1.27.x prior to 1.27.1. It is, therefore, affected by the following vulnerabilities : - An information disclosure vulnerability exists in the...

60cycleCMS 2.5.2 - (DOCUMENT_ROOT) Multiple Local File Inclusion Vulnerability

No description provided by source...

Invision Gallery 2.0.7 - readfile() SQL Injection

Invision Gallery 2.0.7 - readfile SQL Injection / | || || | | |/ / | || | | / - | | ' 2.0.7 ReadFile & SQL injection exploit +-------------+ | Uzage: | +-------------+ + ReadFile: - syntax: readfile 1 readfile 2 // try it if readfile1 failed ; - params: - path to local file ../file, for example:...

DEBIAN-CVE-2004-1148

phpMyAdmin before 2.6.1, when configured with UploadDir functionality, allows remote attackers to read arbitrary files via the sqllocalfile parameter...