JDWPEx

JDWP Remote Code Execution Exploit A Python 3 implement...

CVE-2025-41368

Problem in the Small HTTP Server v3.06.36 service. An authenticated path traversal vulnerability in '/' allows remote users to bypass the intended restrictions of SecurityManager and display any file if they have the appropriate permissions outside the document root configured on the server...

CVE-2025-41368 Multiple vulnerabilities in Small HTTP server by Smallsrv

Problem in the Small HTTP Server v3.06.36 service. An authenticated path traversal vulnerability in '/' allows remote users to bypass the intended restrictions of SecurityManager and display any file if they have the appropriate permissions outside the document root configured on the server...

Linux Distros Unpatched Vulnerability : CVE-2025-58052

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Galette is a membership management web application for non profit organizations. Starting in version 0.9.6 and prior to version 1.2.0, attackers with group...

PT-2025-52454

Galette is a membership management web application for non profit organizations. Starting in version 1.1.4 and prior to version 1.2.0, a user who is logged in as group manager may bypass intended restrictions on Contributions and Transactions. Version 1.2.0 fixes the issue...

EUVD-2025-26697

Malicious code in bioql PyPI...

EUVD-2025-30795

Malicious code in bioql PyPI...

CVE-2025-57438

The 2wcom IP-4c 2.15.5 device suffers from a Broken Access Control vulnerability. Certain sensitive endpoints are intended to be accessible only after the admin explicitly grants access to a manager-level account. However, a manager-level user can bypass these controls by intercepting and modifyi...

CVE-2025-57438

The 2wcom IP-4c 2.15.5 device suffers from a Broken Access Control vulnerability. Certain sensitive endpoints are intended to be accessible only after the admin explicitly grants access to a manager-level account. However, a manager-level user can bypass these controls by intercepting and modifyi...

PT-2025-38759

Name of the Vulnerable Software and Affected Versions 2wcom IP-4c version 2.15.5 Description The 2wcom IP-4c device version 2.15.5 is subject to a Broken Access Control issue. Manager-level users can bypass intended access restrictions on sensitive endpoints by intercepting and modifying requests...

CVE-2025-57438

The 2wcom IP-4c 2.15.5 device suffers from a Broken Access Control vulnerability. Certain sensitive endpoints are intended to be accessible only after the admin explicitly grants access to a manager-level account. However, a manager-level user can bypass these controls by intercepting and modifyi...

CVE-2025-57438

The CVE-2025-57438 entry concerns the 2wcom IP-4c device running firmware version 2.15.5 and describes a Broken Access Control flaw. The vulnerability allows a manager-level user to bypass intended access restrictions on sensitive endpoints by intercepting and modifying requests, potentially expo...

CVE-2025-57438

The 2wcom IP-4c 2.15.5 device suffers from a Broken Access Control vulnerability. Certain sensitive endpoints are intended to be accessible only after the admin explicitly grants access to a manager-level account. However, a manager-level user can bypass these controls by intercepting and modifyi...

PT-2025-35906

Name of the Vulnerable Software and Affected Versions: appRain CMF version 4.0.5 Description: An authenticated Path Traversal vulnerability exists in the /apprain/common/download/ endpoint. This allows remote users to bypass SecurityManager restrictions and download arbitrary files if they posses...

Linux Distros Unpatched Vulnerability : CVE-2016-5018

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a...

PT-2024-16833

Name of the Vulnerable Software and Affected Versions EasyPHP version 14.1 Description The issue is an absolute path traversal vulnerability, which could allow remote users to bypass SecurityManager restrictions and retrieve any file stored on the server. This is achieved by setting consecutive...

RHEL 5 : java-1.4.2-ibm-sap (RHSA-2011:0870)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2011:0870 advisory. - JDK unspecified vulnerability in Deployment component CVE-2010-4447, CVE-2010-4466, CVE-2010-4475 - OpenJDK DNS cache poisoning by untrust...

Exploit for Improper Control of Dynamically-Managed Code Resources in Apache Solr

Apache-Solr-RCECVE-2023-50386POC Apache Solr Backup/Restor...

CVE-2023-4593

Path traversal vulnerability whose exploitation could allow an authenticated remote user to bypass SecurityManager's intended restrictions and list a parent directory via any filename, such as a multiple ..%2F value affecting the 'dodoc' parameter in the /MailAdmindll.htm file...

PT-2023-29767 · Bvrp +1 · Slmail

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is a path traversal vulnerability that could allow an authenticated remote user to bypass SecurityManager's intended restrictions. This can be...