GHSA-6RC6-P838-686F WWBN AVideo has a Path Traversal in Locale Save Endpoint Enables Arbitrary PHP File Write to Any Web-Accessible Directory (RCE)

Summary The locale save endpoint locale/save.php constructs a file path by directly concatenating $POST'flag' into the path at line 30 without any sanitization. The $POST'code' parameter is then written verbatim to that path via fwrite at line 40. An admin attacker or any user who can CSRF an...

CVE-2026-29098

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, the actionexportCustom function in modules/ModuleBuilder/controller.php fails to properly neutralize path traversal sequences in the $modules and $name...

CVE-2026-29098

The CVE-2026-29098 issue affects SuiteCRM (open-source CRM) in both major branches 7 and 8. The root cause is improper neutralization of path traversal sequences in action_exportCustom (modules/ModuleBuilder/controller.php) parameters $modules and $name, which flow to exportCustom (modules/Module...

CVE-2026-24897 Authenticated Remote Code Execution via Arbitrary File Upload

Erugo is a self-hosted file-sharing platform. In versions up to and including 0.2.14, an authenticated low-privileged user can upload arbitrary files to any specified location due to insufficient validation of user‑supplied paths when creating shares. By specifying a writable path within the publ...

CVE-2021-47751

CVE-2021-47751 affects CuteEditor for PHP (Rich Text Editor) version 6.6. The vulnerability is a directory traversal in the browse template feature that enables writing files to arbitrary web root directories by abusing ServerMapPath() to rename uploaded HTML files with traversal sequences, outsi...

Vivotek IP7137 路径遍历漏洞

The Vivotek IP7137 is an IP camera from China's Vivotek Communications Vivotek. A path traversal vulnerability exists in the Vivotek IP7137 version 0200a, which can be exploited by an authenticated attacker to access resources outside of the web root directory via a direct HTTP request, potential...

CVE-2025-67487

Static Web Server SWS is a production-ready web server suitable for static web files or assets. Versions 2.40.0 and below contain symbolic links symlinks which can be used to access files or directories outside the intended web root folder. SWS generally does not prevent symlinks from escaping th...

EUVD-2025-198992

Ruijie NBR series routers contain an unauthenticated arbitrary file upload vulnerability via /ddi/server/fileupload.php. The endpoint accepts attacker-supplied values in the name and uploadDir parameters and saves the provided multipart file content without adequate validation or sanitization of...

CVE-2016-15056

The CVE affects Ubee EVW3226 cable modem/router firmware up to 1.0.20. A configuration backup file (Configuration_file.cfg) is stored in the web root after generation and remains accessible without authentication until the next reboot, enabling a local-network attacker to retrieve the backup arch...

PT-2025-47014

Name of the Vulnerable Software and Affected Versions Ubee EVW3226 versions up to and including 1.0.20 Description The Ubee EVW3226 cable modem/router firmware stores configuration backup files in the web root after they are generated for download. These files remain accessible without...

EUVD-2005-1660

Malware in sbrugna...

EUVD-2015-9402

Malware in sbrugna...

EUVD-2001-0263

Malware in sbrugna...

EUVD-2005-3163

Malware in sbrugna...

EUVD-2007-0083

Malware in sbrugna...

EUVD-2008-7039

Malware in sbrugna...

EUVD-2008-6831

Malware in sbrugna...

CVE-2025-59744

Path traversal vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to access files only within the web root using the “docurl” parameter in “/lib/asp/DOCSAVEASASP.ASP”...

CVE-2025-59744

Path traversal vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to access files only within the web root using the “docurl” parameter in “/lib/asp/DOCSAVEASASP.ASP”...

CVE-2025-59744

AndSoft e-TMS v25.03 suffers a path traversal in the docurl parameter of /lib/asp/DOCSAVEASASP.ASP, due to insufficient filtering of path elements. This allows access to files within the web root. Documented in multiple sources (NVD/CNVD/CNNVD) with no explicit remediation details provided in the...