5 matches found
EUVD-2023-46232
Malicious code in bioql PyPI...
CVE-2025-4798
The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.68.10. This is due to a lack of restriction on the directory an administrator can select for storing downloads. This makes it possible for authenticated attackers, with...
CVE-2021-42022
A vulnerability has been identified in SIMATIC eaSie PCS 7 Skill Package All versions V21.00 SP3. When downloading files, the affected systems do not properly neutralize special elements within the pathname. An attacker could then cause the pathname to resolve to a location outside of the...
Yaws Path Traversal Vulnerability
Yaws is a web server written in the Erlang language. A path traversal vulnerability in the handling of URLs in Yaws version 1.91, which stems from a failure of a network system or product to properly filter special elements in the path of a resource or file, can be exploited by an attacker to...
PT-2013-2482 · Adobe · Coldfusion
Name of the Vulnerable Software and Affected Versions: Adobe ColdFusion versions 9.0 through 10 Description: The issue allows attackers to access restricted directories via unspecified vectors when a password is not configured. This has been exploited in the wild. Recommendations: For Adobe...