Small Http Server 路径遍历漏洞

Small Http Server is a small HTTP server developed by Max Feoktistov. Version 3.06.36 of Small Http Server contains a path traversal vulnerability. This vulnerability stems from an authenticated path traversal exploit, which could allow remote users to bypass SecurityManager’s restrictions and...

CVE-2023-53944

EasyPHP Webserver 14.1 contains a path traversal vulnerability that allows remote users with low privileges to access files outside the document root by bypassing SecurityManager restrictions. Attackers can send GET requests with encoded directory traversal sequences like /..%5c..%5c to read syst...

EUVD-2025-10974

Malicious code in bioql PyPI...

EUVD-2023-54446

Malicious code in bioql PyPI...

EUVD-2022-2445

Malicious code in bioql PyPI...

EUVD-2022-2211

Malicious code in bioql PyPI...

EUVD-2022-2350

Malicious code in bioql PyPI...

CVE-2025-32103

CrushFTP 9.x and 10.x through 10.8.4 and 11.x through 11.3.1 allows directory traversal via the /WebInterface/function/ URI to read files accessible by SMB at UNC share pathnames, bypassing SecurityManager restrictions...

CVE-2025-32103

CrushFTP 9.x and 10.x through 10.8.4 and 11.x through 11.3.1 allows directory traversal via the /WebInterface/function/ URI to read files accessible by SMB at UNC share pathnames, bypassing SecurityManager restrictions...

PT-2025-16194 · Crushftp · Crushftp

Name of the Vulnerable Software and Affected Versions: CrushFTP versions 9.x through 11.3.1 Description: The issue allows directory traversal via the "/WebInterface/function/" URI to read files accessible by SMB at UNC share pathnames, bypassing SecurityManager restrictions. An attacker can send...

CVE-2024-11215

Absolute path traversal incorrect restriction of a path to a restricted directory vulnerability in the EasyPHP web server, affecting version 14.1. This vulnerability could allow remote users to bypass SecurityManager restrictions and retrieve any file stored on the server by setting only...

CVE-2023-4593

CVE-2023-4593 describes a path traversal vulnerability in BVRP Software SLmail. An authenticated remote user could bypass restrictions and enumerate files/directories outside the web root by manipulating the dodoc parameter in the /MailAdmin_dll.htm (MailAdmin dll.htm) entry, potentially exposing...

GHSA-3MJP-P938-4329 Apache Tomcat vulnerable to SecurityManager bypass

A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet...

CVE-2016-6796

CVE-2016-6796 affects Apache Tomcat across multiple lines: a malicious web application could bypass the SecurityManager by manipulating the configuration parameters for the JSP Servlet. Affected versions include Tomcat 9.0.0.M1–9.0.0.M9, 8.5.0–8.5.4, 8.0.0.RC1–8.0.36, 7.0.0–7.0.70, and 6.0.0–6.0....

tomcat: system property disclosure

It was discovered that when a SecurityManager was configured, Tomcat's system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible...

DLA-729-1 tomcat7 - security update

Bulletin has no description...

Debian DSA-3720-1 : tomcat8 - security update

Multiple security vulnerabilities have been discovered in the Tomcat servlet and JSP engine, which may result in possible timing attacks to determine valid user names, bypass of the SecurityManager, disclosure of system properties, unrestricted access to global resources, arbitrary file overwrite...

[SECURITY] [DSA 3721-1] tomcat7 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3721-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 21, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3720-1] tomcat8 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3720-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 21, 2016 https://www.debian.org/security/faq -...

DSA-3720-1 tomcat8 - security update

Bulletin has no description...