CVE-2024-49366

Nginx UI (versions up to 2.0.0-beta.35) is affected by a directory-traversal vulnerability where the UI reads a value from a JSON field without verification, enabling payloads like ../../ to write arbitrary files on the server and potentially cause permission loss. A fix is available: upgrade to ...

py7zr 0.20.0 Directory Traversal Vulnerability

CVE-2022-44900: path traversal vulnerability in py7zr Directory traversal vulnerability in SevenZipFile.extractall function of the python library py7zr version 0.20.0 and earlier allow attackers to read arbitrary files on the local machine via malicious 7z file extraction. CVE-2022-44900...

Navigate CMS 2.8.7 - Authenticated Directory Traversal

Exploit Title: Navigate CMS 2.8.7 - Authenticated Directory Traversal Date: 2020-06-04 Exploit Author: Gus Ralph Vendor Homepage: https://www.navigatecms.com/en/home Software Link: https://sourceforge.net/projects/navigatecms/files/releases/navigate-2.8.7r1401.zip/download Version: 2.8.7 Tested o...

Apache James Server 2.3.2 Insecure User Creation / Arbitrary File Write

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Apache James Server 2.3.2 Insecure User Creation Arbitrary File Write", 'Description' = %q This module exploits a vulnerability that exists due t...