CVE-2026-33513

The connected GHSA advisory documents an unauthenticated Local File Inclusion in AVideo via the API locale endpoint (plugin/API/get.json.php?APIName=locale). User input is concatenated into an include path without canonicalization or validation, allowing path traversal to arbitrary PHP files unde...

GHSA-8FW8-Q79C-FP9M AVideo has an Unauthenticated Local File Inclusion in API locale (RCE possible with writable PHP)

Summary An unauthenticated API endpoint APIName=locale concatenates user input into an include path with no canonicalization or whitelist. Path traversal is accepted, so arbitrary PHP files under the web root can be included. In our test this yielded confirmed file disclosure and code execution o...

CVE-2021-22785

A CWE-200: Information Exposure vulnerability exists that could cause sensitive information of files located in the web root directory to leak when an attacker sends a HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 Versions prior to V3.40, Modicon M340 X...

AndSoft e-TMS Path Traversal Vulnerability

AndSoft e-TMS is a logistics management software from AndSoft Spain. A path traversal vulnerability exists in AndSoft e-TMS, which stems from the docurl parameter failing to properly filter special elements in the path of a resource or file, and can be exploited by an attacker to gain access to a...

EUVD-2015-4068

Malware in sbrugna...

AndSoft e-TMS 路径遍历漏洞

AndSoft e-TMS is a logistics management software from AndSoft Spain. A path traversal vulnerability exists in AndSoft e-TMS, which stems from the docurl parameter failing to properly filter special elements in the path of a resource or file, and can be exploited by an attacker to gain access to a...

PT-2024-34013 · Ipswitch · Whatsup Gold

Name of the Vulnerable Software and Affected Versions: WhatsUp Gold versions prior to 2023.1.3 Description: The issue allows for an unauthenticated Path Traversal, enabling the reading of any file from the application's web-root directory. This is due to a vulnerability in the...

CVE-2022-24248

RiteCMS version 3.1.0 and below suffers from an arbitrary file deletion via path traversal vulnerability in Admin Panel. Exploiting the vulnerability allows an authenticated attacker to delete any file in the web root along with any other file on the server that the PHP process user has the prope...

CVE-2021-22785

A CWE-200: Information Exposure vulnerability exists that could cause sensitive information of files located in the web root directory to leak when an attacker sends a HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 Versions prior to V3.40, Modicon M340 X...

Schneider Electric 多款产品信息泄露漏洞

Schneider Electric Modicon Quantum is a large programmable logic controller PLC for process applications, high availability and safety solutions. Schneider Electric Modicon M340 is a medium-range PLC programmable logic controller for industrial processes and infrastructure. An information...

SuiteCRM 代码问题漏洞

SuiteCRM is a customer relationship management system from the SuiteCRM Suitecrm team. A security vulnerability exists in SuiteCRM that stems from SuiteCRM prior to 7.11.19 that allows remote code execution to be set via the system settings log file name. An attacker can exploit the vulnerability...

F5 BIG-IP 路径遍历漏洞

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. The F5 BIG-IP TMUI Unauthorized Access vulnerability can be exploited by an authenticated attacker by sending a crafted reque...

TeamPass Injection Vulnerability

TeamPass is an open source password manager from the developers of NILS LAUMAILL? software. A security vulnerability exists in TeamPass version 2.1.27.36. An attacker can exploit this vulnerability to retrieve files including backup files or LDAP debug files in the TeamPass web root directory...

MiniCMS Information Disclosure Vulnerability (CNVD-2018-08993)

MiniCMS is a mini content management system CMS designed for personal websites. An information disclosure vulnerability exists in the mc-admin/post.php file in MiniCMS version 1.10. A remote attacker can exploit this vulnerability to view all files located in the web root path...

F5 BIG-IP Directory Traversal Vulnerability

F5 BIG-IP products provide organizations with integrated application delivery services such as acceleration, security, access control and high availability. A directory traversal vulnerability exists in the configuration program of F5 BIG-IP versions prior to 12.0.0, Enterprise Manager versions...

PT-2015-6396

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions prior to 12.0.0 Enterprise Manager versions 3.0.0 through 3.1.1 Description A directory traversal issue exists in the configuration utility, allowing remote authenticated users to access arbitrary files in the web root...

Directory traversal

Directory traversal vulnerability in Cisco Unified Contact Center Enterprise allows remote authenticated users to read arbitrary web-root files via a crafted URL, aka Bug ID CSCun25262...