12 matches found
CVE-2026-8364
Gladinet Triofox Cloud Server Agent Access Service GladServerAgentService.exe listens on TCP port 7878 and processes remote HTTP messages with URL paths starting with /resources, /status, /sysinfo, /woshome, /Settings, /schedule, or /DavCache...
CVE-2016-20029
ZKTeco ZKBioSecurity 3.0 contains a file path manipulation vulnerability that allows attackers to access arbitrary files by modifying file paths used to retrieve local resources. Attackers can manipulate path parameters to bypass access controls and retrieve sensitive information including...
Linux Distros Unpatched Vulnerability : CVE-2025-49125
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Tomcat. When using PreResources or PostResources mounted other than at the root...
CVE-2023-5515
The responses for web queries with certain parameters disclose internal path of resources. This information can be used to learn internal structure of the application and to further plot attacks against web servers and deployed web applications...
DEBIAN-CVE-2022-31744
An attacker could have injected CSS into stylesheets accessible via internal URIs, such as resource:, and in doing so bypass a page's Content Security Policy. This vulnerability affects Firefox ESR 91.11, Thunderbird 102, Thunderbird 91.11, and Firefox 101...
Huawei HarmonyOS 路径遍历漏洞
Huawei HarmonyOS is an operating system from Huawei China Inc. A path traversal vulnerability exists in Huawei HarmonyOS, which stems from the failure of the number identification module to properly filter special elements in the path of a resource or file. An attacker could exploit this...
AutomatedQuizEval path traversal vulnerability
AutomatedQuizEval, an automated quiz evaluation system from the personal developer Sravani Boinepelli, suffers from a path traversal vulnerability that stems from the failure of Flask's sendfile function to properly filter special elements in resource or file paths, which could be exploited by...
GHSA-6QR6-X7JM-X2Q6 Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat
Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. slash dot dot in a pathname used by a web...
ChronoEngine ChronoForms Path Traversal Vulnerability
ChronoEngine ChronoForms is ChronoEngine company an easy to use and flexible Joomla form builder . A path traversal vulnerability exists in ChronoEngine ChronoForms that stems from the product failing to properly filter for special elements in the path of a resource or file. An attacker could use...
The vulnerability of Eclipse Jetty servlet containers, related to the lack of protection for service data, allows attackers to exploit the protected information.
The vulnerability of Eclipse Jetty servlet containers is related to the lack of protection for service data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to disclose protected information by specifying the full path to the base resources in Windows...
tomcat: URL Normalization issue
A directory traversal flaw was found in Tomcat's RequestUtil.java. A remote, authenticated user could use this flaw to bypass intended SecurityManager restrictions and list a parent directory via a '/..' in a pathname used by a web application in a getResource, getResourceAsStream, or...
Microsoft ASP.NET Resource Paths Canonicalization (MS05-004; CVE-2004-0847)
The .NET framework is a windows framework for building and running software. The framework supports a variety of programming languages. A component of this framework is ASP.NET which allows for the development of dynamic Web applications in different programming languages. A vulnerability exists ...