14 matches found
CVE-2020-37086 Easy Transfer 1.7 for iOS - Directory Traversal
Easy Transfer 1.7 iOS mobile application contains a directory traversal vulnerability that allows remote attackers to access unauthorized file system paths without authentication. Attackers can exploit the vulnerability by manipulating path parameters in GET and POST requests to list or download...
CVE-2020-7953
An issue was discovered in OpServices OpMon 9.3.2. Without authentication, it is possible to read server files e.g., /etc/passwd due to the use of the nmap -iL aka input file option...
N8n < 1.121.0 Remote Code Execution (Ni8mare)
According to its banner, the version of n8n running on the remote host is before 1.121.0. It is, therefore, affected by an unauthentcated file access vulnerability which can leads to remote code execution. Note that the scanner has not tested for these issues but has instead relied only on the...
CVE-2026-21858 n8n Vulnerable to Unauthenticated File Access via Improper Webhook Request Handling
n8n is an open source workflow automation platform. Versions starting with 1.65.0 and below 1.121.0 enable an attacker to access files on the underlying server through execution of certain form-based workflows. A vulnerable workflow could grant access to an unauthenticated remote attacker,...
n8n Vulnerable to Unauthenticated File Access via Improper Webhook Request Handling
Impact A vulnerability in n8n allows an attacker to access files on the underlying server through execution of certain form-based workflows. A vulnerable workflow could grant access to an unauthenticated remote attacker. This could result in exposure of sensitive information stored on the system...
CVE-2025-52551
E2 Facility Management Systems use a proprietary protocol that allows for unauthenticated file operations on any file in the file system...
Liferay Portal和Liferay DXP 安全漏洞
Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...
CVE-2024-45309
OneDev is a Git server with CI/CD, kanban, and packages. A vulnerability in versions prior to 11.0.9 allows unauthenticated users to read arbitrary files accessible by the OneDev server process. This issue has been fixed in version 11.0.9...
PT-2024-31802 · Aiphone · Aiphone Ixg System
Name of the Vulnerable Software and Affected Versions: AIPHONE IX SYSTEM affected versions not specified AIPHONE IXG SYSTEM affected versions not specified System Support Software affected versions not specified Description: A use of hard-coded cryptographic key issue exists, allowing a...
Security Bulletin: Multiple vulnerabilities in IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products
Summary Vulnerabilities exist in IBM SAN Volume Controller, IBM Storwize V7000, V5000, V3700 and V3500, IBM Spectrum Virtualize Software, IBM Spectrum Virtualize for Public Cloud and IBM FlashSystem V9000. Vulnerability Details CVEID: CVE-2018-1433 DESCRIPTION: IBM SAN Volume Controller, IBM...
Welcart eCommerce < 2.7.8 - Unauthenticated Arbitrary File Access
The plugin does not validate user input used in a path, which could allow unauthenticated users to read arbitrary files via a traversal attack...
Design/Logic Flaw
An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual through 2.11.2. An unauthenticated attacker is able to access files that should have been restricted via forceful browsing...
XCloner Wordpress/Joomla! backup Plugin v3.1.1 (Wordpress) v3.5.1 (Joomla!) Vulnerabilities
Title: XCloner Wordpress/Joomla! backup Plugin v3.1.1 Wordpress v3.5.1 Joomla! Vulnerabilities Author: Larry W. Cashdollar, @larry0 Date: 10/17/2014 Download: https://wordpress.org/plugins/xcloner-backup-and-restore/ Download:...
Novell eDirectory eMBox Unauthenticated File Access
This module will access Novell eDirectory's eMBox service and can run the following actions via the SOAP interface: GETDN, READLOGS, LISTSERVICES, STOPSERVICE, STARTSERVICE, SETLOGFILE. This module requires Metasploit: https://metasploit.com/download Current source:...