CVE-2026-7886

Concrete CMS 9.5.0 and below is vulnerable to IDOR in AddMessage/UpdateMessage via attachments parameter which can lead to file permission bypass. The AddMessage and UpdateMessage conversation controllers accept user-supplied file attachment IDs and load files directly via $em-findFile::class,...

CVE-2021-4459

An authorized remote attacker can access files and directories outside the intended web root, potentially exposing sensitive system information of the affected Sunny Boy devices...

PT-2025-34112 · Undefined · Undefined

Sockso Music Host Server versions = 1.5 are vulnerable to a path traversal flaw that allows unauthenticated remote attackers to read arbitrary files from the server’s filesystem. The vulnerability exists in the HTTP interface on port 4444, where the endpoint /file/ fails to properly sanitize...

UBUNTU-CVE-2024-34003

In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore workshop modules and direct access to the web server outside of the Moodle webroot could execute a local file include...

UBUNTU-CVE-2023-5550

In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilise a local file include to achieve remote code execution...

Samba Security Vulnerabilities

Samba is the standard Windows interoperability program suite for Linux and Unix. A security vulnerability exists in Samba. An attacker could exploit this vulnerability to access files and directories stored outside of the web root folder...

FlexDotnetCMS Access Control Error Vulnerability

FlexDotnetCMS is a flexible , easy to use and full-featured ASP .NET content management system CMS. An access control error vulnerability exists in FileEditor in FlexDotnetCMS versions prior to 1.5.11. A remote authenticated attacker can exploit this vulnerability to read or write existing files...

PT-2019-12539 · Apache +1 · Apache Http Server +1

Name of the Vulnerable Software and Affected Versions: WEBrick gem version 1.4.2 Description: The issue allows directory traversal if an attacker had local access to create a symlink to a location outside of the web root directory. The vendor considers this analogous to Options FollowSymlinks in...

MinaliC Webserver 1.0 - Directory Traversal Vulnerability

No description provided by source. ------------------------------------------------------------------------ Software................MinaliC Webserver 1.0 Vulnerability...........Directory Traversal Download................http://sourceforge.net/projects/minalic/ Release Date............10/24/2010...