Admidio: Authorization bypass in file_delete enables cross-folder file removal by authenticated users without delete privileges

Summary An authenticated Admidio member with upload rights on any one folder can permanently delete files from folders where they have only view access. The authorization check at the top of modules/documents-files.php evaluates upload rights against the attacker-supplied folderuuid URL parameter...

PT-2026-45036

Summary An authenticated Admidio member with upload rights on any one folder can permanently delete files from folders where they have only view access. The authorization check at the top of modules/documents-files.php evaluates upload rights against the attacker-supplied folder uuid URL paramete...

EUVD-2025-200239

Directory traversal vulnerability in SOLIDserver IPAM v8.2.3. This vulnerability allows an authenticated user with administrator privileges to list directories other than those to which the have authorized access using the 'directory' parameter in '/mod/ajax.php?action=sections/list/list'.For...

CVE-2021-37130

There is a path traversal vulnerability in Huawei FusionCube 6.0.2.The vulnerability is due to that the software uses external input to construct a pathname that is intended to identify a directory that is located underneath a restricted parent directory, but the software does not properly valida...

Dust: UI flaw allows unauthorized users to add documents to restricted folders

The UI flaw allowed unauthorized users to add documents to restricted folders. The vulnerability constituted an Insecure Direct Object Reference IDOR issue, where users could manipulate the client-side behavior to perform actions they were not supposed to have access to, such as uploading documen...

CVE-2025-21197

Improper access control in Windows NTFS allows an authorized attacker to disclose file path information under a folder where the attacker doesn't have permission to list content...

PT-2024-34392 · Teampass · Teampass

Name of the Vulnerable Software and Affected Versions: TeamPass versions prior to 3.1.3.1 Description: The issue arises when retrieving information about access rights for a folder. TeamPass does not properly check whether a folder is in a user's allowed folders list that has been defined by an...

Dremio Security Breach

Dremio is a data-as-a-service platform from Dremio, Inc. that provides a fast, self-service approach to data analysis. A security vulnerability exists in Dremio versions prior to 24.3.1, which stems from allowing path traversal, where authenticated users who do not have permissions to certain...

New Unpatched macOS Flaw Lets Apps Spy On Your Safari Browsing History

A new security vulnerability has been discovered in the latest version of Apple's macOS Mojave that could allow a malicious application to access data stored in restricted folders which are otherwise not accessible to every app. Discovered by application developer Jeff Johnson on February 8, the...

EMC Documentum Content Server Information Disclosure (ESA-2014-026)

The remote host is running a version of EMC Documentum Content Server that is affected by an information disclosure vulnerability due to improper authorization checks. A remote, authenticated user can exploit this vulnerability to read metadata from folders outside of restricted folders configure...

EMC Documentum Content Server information leakage

It's possible to access restricted folders...

CVE-2011-3225

The SMB File Server component in Apple Mac OS X 10.7 before 10.7.2 does not prevent all guest users from accessing the share point record of a guest-restricted folder, which allows remote attackers to bypass intended browsing restrictions by leveraging access to the nobody account...