Ulterius Server < 1.9.5.0 - Directory Traversal

Ulterius Server before 1.9.5.0 allows HTTP server directory traversal via the process function in RemoteTaskServer/WebServer/HttpServer.cs. id: CVE-2017-16806 info: name: Ulterius Server 1.9.5.0 - Directory Traversal author: geeknik severity: high description: Ulterius Server before 1.9.5.0 allow...

CVE-2025-71282

XenForo before 2.3.7 discloses filesystem paths through exception messages triggered by openbasedir restrictions. This allows an attacker to obtain information about the server's directory structure...

CVE-2025-71282 XenForo Path Disclosure via open_basedir Exceptions

XenForo before 2.3.7 discloses filesystem paths through exception messages triggered by openbasedir restrictions. This allows an attacker to obtain information about the server's directory structure...

CVE-2026-3339

The Keep Backup Daily plugin for WordPress is vulnerable to Limited Path Traversal in all versions up to, and including, 2.1.1 via the kbdopenuploaddir AJAX action. This is due to insufficient validation of the kbdpath parameter, which is only sanitized with sanitizetextfield - a function that do...

CVE-2023-29268

The Splus Server component of TIBCO Software Inc.'s TIBCO Spotfire Statistics Services contains a vulnerability that allows an unauthenticated remote attacker to upload or modify arbitrary files within the web server directory on the affected system. Affected releases are TIBCO Software Inc.'s...

CVE-2019-16064

NETSAS Enigma NMS 65.0.0 and prior suffers from a directory traversal vulnerability that can allow an authenticated user to access files and directories stored outside of the web root folder. By exploiting this vulnerability, it is possible for an attacker to list operating-system directory...

EUVD-2026-0709

A flaw has been found in UTT 进取 512W 1.7.7-171114. This affects the function strcpy of the file /goform/formFtpServerDirConfig. Executing manipulation of the argument filename can lead to buffer overflow. The attack can be launched remotely. The exploit has been published and may be used. The...

CVE-2025-68430

CVAT is an open source interactive video and image annotation tool for computer vision. In versions 2.8.1 through 2.52.0, an attacker with an account on a CVAT instance is able to retrieve the contents of any file system directory accessible to the CVAT server. The exposed information is names of...

EUVD-2025-204580

CVAT is an open source interactive video and image annotation tool for computer vision. In versions 2.8.1 through 2.52.0, an attacker with an account on a CVAT instance is able to retrieve the contents of any file system directory accessible to the CVAT server. The exposed information is names of...

CVE-2025-68430

CVE-2025-68430 affects CVAT, an open source video/image annotation tool. Versions 2.8.1 through 2.52.0 permit an account-bearing attacker on a CVAT instance to retrieve the names of files and subdirectories in any file system directory accessible to the CVAT server; contents of files are not expo...

EUVD-2020-1277

Malware in sbrugna...

EUVD-2020-0631

Malware in sbrugna...

EUVD-2018-0223

Malware in sbrugna...

EUVD-2018-0295

Malware in sbrugna...

EUVD-2019-6926

Malware in sbrugna...

EUVD-2022-49074

Malicious code in bioql PyPI...

EUVD-2021-28118

Malicious code in bioql PyPI...

EUVD-2021-31079

Malicious code in bioql PyPI...

GHSA-3R3J-4VRW-884J files-bucket-server vulnerable to Directory Traversal

All versions of the package files-bucket-server are vulnerable to Directory Traversal, where an attacker can traverse the file system and access files outside of the intended directory...

files-bucket-server vulnerable to Directory Traversal

All versions of the package files-bucket-server are vulnerable to Directory Traversal, where an attacker can traverse the file system and access files outside of the intended directory...