7 matches found
CVE-2026-53906
MCO is vulnerable to Path Disclosure and Path Traversal in file handling functionality related to data export and upload. Improper validation of the filename parameter allows writing files to arbitrary locations as well as indirect disclosure of absolute server paths through error messages. Becau...
CVE-2024-25533
Error messages in RuvarOA v6.01 and v12.01 were discovered to leak the physical path of the website /WorkFlow/OfficeFileUpdate.aspx. This vulnerability can allow attackers to write files to the server or execute arbitrary commands via crafted SQL statements...
CVE-2020-20739
CVE-2020-20739 affects VIPS (libvips) where im_vips2dz in libvips/deprecated/im_vips2dz.c uses an uninitialized variable, potentially leaking a remote server path or stack address. Multiple advisories reference VIPS and CVE-2020-20739 in the context of the upstream library and vendor updates. Deb...
Input validation
Ajenti version version 2 contains a Improper Error Handling vulnerability in Login JSON request that can result in The requisition leaks a path of the server. This attack appear to be exploitable via By sending a malformed JSON, the tool responds with a traceback error that leaks a path of the...
PYSEC-2018-112
Ajenti version version 2 contains a Improper Error Handling vulnerability in Login JSON request that can result in The requisition leaks a path of the server. This attack appear to be exploitable via By sending a malformed JSON, the tool responds with a traceback error that leaks a path of the...
Path traversal
ActiveCampaign SupportTrio 2.5 allows remote attackers to obtain the full path of the server via invalid 1 article or 2 print parameters in a kb action to index.php, or 3 an invalid category parameter to modules/KB/pdf.php, which leaks the path in an error message...
CVE-2006-1488
ActiveCampaign SupportTrio 2.5 allows remote attackers to obtain the full path of the server via invalid 1 article or 2 print parameters in a kb action to index.php, or 3 an invalid category parameter to modules/KB/pdf.php, which leaks the path in an error message...