CVE-2026-45044 RustFS: Authentication bypass in /profile/cpu and /profile/memory allows unauthenticated access to profiling handlers

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the admin router explicitly whitelists /profile/cpu and /profile/memory from the authentication layer, allowing any unauthenticated HTTP client to invoke profiling handlers without credentials. On supported builds...

CVE-2025-34442

AVideo versions prior to 20.1 disclose absolute filesystem paths via multiple public API endpoints. Returned metadata includes full server paths to media files, revealing underlying filesystem structure and facilitating more effective attack chains...

📄 Drupal 11.x-dev Information Disclosure

Proof of concept script demonstrating a full path disclosure issue in Drupal version 11.x-dev. ============================================================================================================================================= | Title : Drupal 11.x-dev full Information Disclosure | |...

EUVD-2001-0917

Malware in sbrugna...

EUVD-2005-0608

Malware in sbrugna...

EUVD-2006-1681

Malware in sbrugna...

EUVD-2018-0567

Malware in sbrugna...

Autodesk: Exposing debug.log file leads to server full path disclosure

Vulnerability description not provided...

CVE-2024-42680

An issue in Super easy enterprise management system v.1.0.0 and before allows a local attacker to obtain the server absolute path by entering a single quotation mark...

PT-2024-30106 · Unknown · Super Easy Enterprise Management System

Name of the Vulnerable Software and Affected Versions: Super easy enterprise management system versions 1.0.0 and earlier Description: An issue in the system allows a local attacker to obtain the server absolute path by entering a single quotation mark. This can be exploited to gain sensitive...

Path Traversal

typo3/cms is vulnerable to Path Traversal. The vulnerability is caused due to a missing path validation while accessing the PHP scripts for testing purposes. This can lead to disclosure of the absolute server path to the TYPO3 installation...

Security Bulletin: IBM InfoSphere Master Data Management Collaborative Edition affected by various security vulnerabilities (CVE-2015-1984, CVE-2015-1968, CVE-2015-1982, CVE-2015-1980)

Summary IBM InfoSphere Master Data Management - Collaborative Edition is vulnerable to Privilege Escalation, Cross-Site Scripting, Server Path Disclosure and Click-Jacking vulnerabilities. Vulnerability Details CVEID: CVE-2015-1984 DESCRIPTION: IBM InfoSphere Master Data Management - Collaborativ...

CVE-2018-2467

In the Software Development Kit in SAP BusinessObjects BI Platform Servers, versions 4.1 and 4.2, using the specially crafted URL in a Web Browser such as Chrome the system returns an error with the path of the used application server...

wordpress_fullpathdisclosure

This plugin try to find the path in the server where WordPress is installed. Plugin type Crawl Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated tests, theres always the source code to understand exactly whats under the...

Google, Paypal, Facebook Internal IP disclosure vulnerability

Do you have any idea about an Internal IP Address or a Private IP Address that too assigned for Multinational Companies? Yeah, today we are gonna discuss about Internal IP or Private IP address Disclosure. Disclosure of an Internal IP like 192.168.. or 172.16.. , can really Impact ? Most security...

Google, Paypal, Facebook Internal IP disclosure vulnerability

Do you have any idea about an Internal IP Address or a Private IP Address that too assigned for Multinational Companies? Yeah, today we are gonna discuss about Internal IP or Private IP address Disclosure. Disclosure of an Internal IP like 192.168.. or 172.16.. , can really Impact ? Most security...

PR09-02 Multiple Cross-Site Scripting (XSS) / Cross Domain redirects and Server path information disclosure on SAP BusinessObjects version 12

Hi, We have found that SAP BusinessObjects version 12 is vulnerable to Multiple Cross-Site Scripting XSS, Cross Domain redirects and Server path information disclosure with the following consecuences: -An attacker may be able to cause execution of malicious scripting code in the browser of a vict...

DEBIAN-CVE-2006-6943

PhpMyAdmin before 2.9.1.1 allows remote attackers to obtain the full server path via direct requests to a scripts/checklang.php and b themes/darkblueorange/layout.inc.php; and via the 1 lang, 2 target, 3 db, 4 goto, 5 table, and 6 tblgroup array arguments to c index.php, and the 7 back argument t...

CVE-2006-6943

PhpMyAdmin prior to 2.9.1.1 is affected by a path-disclosure vulnerability. Remote attackers can obtain the full server path by making direct requests to (a) scripts/check_lang.php and (b) themes/darkblue_orange/layout.inc.php, as well as by supplying any of the following arguments to index.php: ...

Design/Logic Flaw

MAXdev MDPro 1.0.73 and 1.0.72, and possibly other versions before 1.076, allows remote attackers to obtain the full path of the server via a direct request to includes/legacy.php...