CVE-2026-7819

CVE-2026-7819 describes a symbolic-link path traversal in pgAdmin 4 File Manager. The vulnerability arises because check_access_permission used os.path.abspath (resolving ..) but not symbolic links, allowing an authenticated user to plant a symlink within their storage directory that points elsew...

CVE-2026-40258

The Gramps Web API is a Python REST API for the genealogical research software Gramps. Versions 1.6.0 through 3.11.0 have a path traversal vulnerability Zip Slip in the media archive import feature. An authenticated user with owner-level privileges can craft a malicious ZIP file with...

PT-2026-26394

Impact The gateway agents.files.get and agents.files.set methods allowed symlink traversal for allowlisted workspace files. A symlinked allowlisted file for example AGENTS.md could resolve outside the agent workspace and be read/written by the gateway process. This could enable arbitrary host fil...

UNIX Symbolic Link (Symlink) Following

Overview @backstage/backend-plugin-api is a Core API used by Backstage backend plugins Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink Following in the resolveSafeChildPath function, which relies on resolveRealPath. An attacker can access sensitive files outside the...

EUVD-2000-0551

Malware in sbrugna...

EUVD-2018-5236

Malware in sbrugna...

Domhttpx - A Google Search Engine Dorker With HTTP Toolkit Built With Python, Can Make It Easier For You To Find Many URLs/IPs At Once With Fast Time

domhttpx is a google search engine dorker with HTTP toolkit built with python, can make it easier for you to find many URLs/IPs at once with fast time. Usage Flags This will display help for the tool. Here are all the switches it supports. Flag | Description | Example ---|---|--- -ip, --only-ip |...

CVE-2018-13288

Information exposure vulnerability in SYNO.FolderSharing.List in Synology File Station before 1.2.3-0252 and before 1.1.5-0125 allows remote attackers to obtain sensitive information via the 1 folderpath or 2 realpath parameter...

CVE-2018-13289

Information exposure vulnerability in SYNO.FolderSharing.List in Synology Router Manager SRM before 1.1.7-6941-2 allows remote attackers to obtain sensitive information via the 1 folderpath or 2 realpath parameter...

CVE-2018-13288

Information exposure vulnerability in SYNO.FolderSharing.List in Synology File Station before 1.2.3-0252 and before 1.1.5-0125 allows remote attackers to obtain sensitive information via the 1 folderpath or 2 realpath parameter...

CVE-2018-13289

Information exposure vulnerability in SYNO.FolderSharing.List in Synology Router Manager SRM before 1.1.7-6941-2 allows remote attackers to obtain sensitive information via the 1 folderpath or 2 realpath parameter...

Piwigo 2.4.6 Full Path Disclosure Vulnerability

Successful exploitation of this vulnerability may allow an attacker to obtain the real path of the Piwigo installation. Exploit Title: Piwigo 2.4.6 Full Path Disclosure Vulnerability Date: 01/12/2013 Exploit Author: email protected - http://la.usch.io -...

PT-2007-2304 · Gnopaste · Gnopaste

Name of the Vulnerable Software and Affected Versions: gnopaste versions 0.5.3 and earlier Description: The issue allows remote attackers to execute arbitrary PHP code via the GNP REAL PATH parameter in the index.php file. However, it is noted that GNP REAL PATH is a constant, not a variable, whi...

PT-2006-6178 · Hinton Design · Phpht Topsites

Name of the Vulnerable Software and Affected Versions: Hinton Design phpht Topsites affected versions not specified Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the phpht real path parameter to certain scripts, including 1 'index.php', 2 other scripts ...

PHPht-rfi.txt

BiyoSecurity.Org & SecurityWall.Org Scripts: PHPht Topsites Remote File İnclude Download: http://www.linkini.net/phpscripts/descargas/Top%20Sites%208%20Archivos/PHPht%20Topsites.zip Greetz : Liz0zim , RMx , TRIP , DreamLord Regards : KorsaN Vulnerable file : All Files := vulnerable code :...

Two security flaws in Bajie Webserver

More junk brought to you by the MDMA Crew www.mdma.za.net Two security flaws in the Bajie Webserver Bajie is a freeware HTTP daemon written in Java and available from TuCows. We found two vulnerabilities in it... The sample Java servlet at /servlet/test/pathInfo/test gives away a real path eg...

CVE-2000-0554

Ceilidh (the affected product) is vulnerable to a remote path disclosure vulnerability where an attacker can obtain the real filesystem path of the Ceilidh directory via the translated_path hidden form field. The CVE description and linked records indicate the vulnerability is exploitable over th...

CVE-2000-0554

Ceilidh allows remote attackers to obtain the real path of the Ceilidh directory via the translatedpath hidden form field...

CVE-1999-0450

CVE-1999-0450 describes an information disclosure vulnerability in Microsoft IIS where an attacker can determine the real/physical path of a virtual directory by requesting a non-existent URL that would be interpreted by perl.exe. The underlying issue is a path disclosure in IIS tied to Perl hand...

EUVD-1999-0450

In IIS, an attacker could determine a real path using a request for a non-existent URL that would be interpreted by Perl perl.exe...