Lucene search
K

7 matches found

NVD
NVD
added 2026/07/01 1:17 p.m.6 views

CVE-2026-53906

MCO is vulnerable to Path Disclosure and Path Traversal in file handling functionality related to data export and upload. Improper validation of the filename parameter allows writing files to arbitrary locations as well as indirect disclosure of absolute server paths through error messages. Becau...

8.2CVSS0.00339EPSS
Exploits0References2
OSV
OSV
added 2024/05/08 5:15 p.m.3 views

CVE-2024-25533

Error messages in RuvarOA v6.01 and v12.01 were discovered to leak the physical path of the website /WorkFlow/OfficeFileUpdate.aspx. This vulnerability can allow attackers to write files to the server or execute arbitrary commands via crafted SQL statements...

9.4CVSS6AI score0.0072EPSS
Exploits1References1
CVE
CVE
added 2020/11/20 6:16 p.m.112 views

CVE-2020-20739

CVE-2020-20739 affects VIPS (libvips) where im_vips2dz in libvips/deprecated/im_vips2dz.c uses an uninitialized variable, potentially leaking a remote server path or stack address. Multiple advisories reference VIPS and CVE-2020-20739 in the context of the upstream library and vendor updates. Deb...

5.3CVSS5.3AI score0.0198EPSS
Exploits1References4Affected Software1
Prion
Prion
added 2018/03/13 3:29 p.m.18 views

Input validation

Ajenti version version 2 contains a Improper Error Handling vulnerability in Login JSON request that can result in The requisition leaks a path of the server. This attack appear to be exploitable via By sending a malformed JSON, the tool responds with a traceback error that leaks a path of the...

5CVSS5.3AI score0.01279EPSS
Exploits1References1Affected Software1
PyPA
PyPA
added 2018/03/13 3:29 p.m.9 views

PYSEC-2018-112

Ajenti version version 2 contains a Improper Error Handling vulnerability in Login JSON request that can result in The requisition leaks a path of the server. This attack appear to be exploitable via By sending a malformed JSON, the tool responds with a traceback error that leaks a path of the...

5.3CVSS6.9AI score0.01279EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2006/03/29 2:2 a.m.12 views

Path traversal

ActiveCampaign SupportTrio 2.5 allows remote attackers to obtain the full path of the server via invalid 1 article or 2 print parameters in a kb action to index.php, or 3 an invalid category parameter to modules/KB/pdf.php, which leaks the path in an error message...

5CVSS7.1AI score0.01532EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2006/03/29 2:2 a.m.19 views

CVE-2006-1488

ActiveCampaign SupportTrio 2.5 allows remote attackers to obtain the full path of the server via invalid 1 article or 2 print parameters in a kb action to index.php, or 3 an invalid category parameter to modules/KB/pdf.php, which leaks the path in an error message...

5CVSS6.6AI score0.01532EPSS
Exploits0References6
Rows per page
Query Builder