aiohttp 代码问题漏洞

Aiohttp is an open-source framework developed by aio-libs, used for asynchronous HTTP client/server interactions with asyncio and Python. Versions of AIOHTTP prior to 3.13.4 contained code vulnerabilities; these vulnerabilities stemmed from the possibility that static resource handlers on Windows...

EUVD-2012-6362

Malware in sbrugna...

EUVD-2008-0791

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2005-3622

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - phpMyAdmin 2.7.0-beta1 and earlier allows remote attackers to obtain the full path of the server via direct requests to multiple scripts in the libraries...

CVE-2018-12632

The CVE affects Redatam7 (formerly Redatam WebServer). Affected component: the rpwebutilities.exe/text endpoint, where an invalid LFN parameter enables remote attackers to discover the installation path, indicating a path-disclosure/directory-traversal type exposure. No exploit details or remedia...

CVE-2018-6526

viewallbugpage.php in MantisBT 2.10.0-development before 2018-02-02 allows remote attackers to discover the full path via an invalid filter parameter, related to a filterensurevalidfilter call in currentuserapi.php...

CVE-2014-8491

The Grand Flagallery plugin before 4.25 for WordPress allows remote attackers to obtain the installation path via a request to 1 flagallery-skins/bannerwidgetdefault/gallery.php or 2 flash-album-gallery/skins/bannerwidgetdefault/gallery.php...

CVE-2015-2209

DLGuard 4.5 allows remote attackers to obtain the installation path via the c parameter to index.php...

CVE-2014-9177

The CVE-2014-9177 entry concerns the WordPress plugin “HTML5 MP3 Player with Playlist Free” (before version 2.7). The vulnerability is a path-disclosure flaw where an attacker can obtain the WordPress installation path via a request to html5plus/playlist.php. Impact is limited to information disc...

CVE-2014-5107

concrete5 before 5.6.3 allows remote attackers to obtain the installation path via a direct request to 1 system/basics/editor.php, 2 system/view.php, 3 system/environment/filestoragelocations.php, 4 system/mail/importers.php, 5 system/mail/method.php, 6 system/permissions/filetypes.php, 7...

Better Basket Pro 3.0 Store Builder Remote Path Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8386/info It has been reported that Better Basket Pro BBPro Store Builder may reveal path information under some circumstances. This may result a directed attack against system resources...

CVE-2013-7060

Products/CMFPlone/FactoryTool.py in Plone 3.3 through 4.3.2 allows remote attackers to obtain the installation path via vectors related to a file object for unspecified documentation which is initialized in class scope...

CVE-2012-3838

Gekko before 1.2.0 allows remote attackers to obtain the installation path via a direct request to 1 admin/templates/babygekko/index.php or 2 templates/html5demo/index.php...

CVE-2008-2723

CVE-2008-2723 affects embed.php in Menalto Gallery (pre-2.2.5). Remote attackers can obtain the full server path via unknown vectors related to spoofing the remote address, exposing server file paths and potentially aiding further exploitation. The CVSS2 base score is 5.0 (Medium) with partial co...

CVE-2006-0794

help.php in V-webmail 1.6.2 allows remote attackers to obtain the installation path via unspecified invalid parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2005-3689

post.php in XMB 1.9.2 allows remote attackers to obtain the installation path via an invalid fid parameter in a newthread action...

CVE-2005-0443

index.php in CubeCart 2.0.4 allows remote attackers to 1 obtain the full path for the web server or 2 conduct cross-site scripting XSS attacks via an invalid language parameter, which echoes the parameter in a PHP error message...

Working Resources BadBlue Server 2.40 - PHPtest.php Full Path Disclosure

Working Resources BadBlue Server 2.40 - PHPtest.php Full Path Disclosure source: https://www.securityfocus.com/bid/9737/info It has been reported that BadBlue Server may be prone to a remote path disclosure vulnerability that may allow an attacker to disclose the installation path by issuing a...

CVE-2002-1990

Resin 2.0.5 through 2.1.2 allows remote attackers to reveal physical path information via a URL request for the example Java class file HelloServlet...

DEBIAN-CVE-2002-0654

Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via 1 a request for a .var file, which leaks the pathname in the resulting error message, or 2 via an error message that occurs when a script child process cannot be invoked...