CVE-2025-59744 Multiple vulnerabilities in AndSoft's e-TMS

Path traversal vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to access files only within the web root using the “docurl” parameter in “/lib/asp/DOCSAVEASASP.ASP”...

CVE-2025-59744

AndSoft e-TMS v25.03 suffers a path traversal in the docurl parameter of /lib/asp/DOCSAVEASASP.ASP, due to insufficient filtering of path elements. This allows access to files within the web root. Documented in multiple sources (NVD/CNVD/CNNVD) with no explicit remediation details provided in the...

PT-2025-40364

Name of the Vulnerable Software and Affected Versions AndSoft's e-TMS version 25.03 Description A path traversal issue exists in AndSoft's e-TMS version 25.03. This allows an attacker to access files within the web root. The issue is related to the docurl parameter in the...

AndSoft e-TMS 路径遍历漏洞

AndSoft e-TMS is a logistics management software from AndSoft Spain. A path traversal vulnerability exists in AndSoft e-TMS, which stems from the docurl parameter failing to properly filter special elements in the path of a resource or file, and can be exploited by an attacker to gain access to a...

Avepoint多款产品 代码问题漏洞

AvePoint DocAve and others are products of AvePoint, Inc.AvePoint DocAve is a document management platform.AvePoint Perimeter is a document sharing platform.AvePoint Compliance Guardian is a data governance platform. A code issue vulnerability exists in various Avepoint products that stems from n...

PT-2025-39630

Name of the Vulnerable Software and Affected Versions DocAve versions prior to 6.13.2 Perimeter versions prior to 1.12.3 Compliance Guardian versions prior to 4.7.1 Description The software contains an unrestricted file upload issue that affects administrator users. The issue allows the upload of...

CVE-2021-4459

An authorized remote attacker can access files and directories outside the intended web root, potentially exposing sensitive system information of the affected Sunny Boy devices...

CVE-2021-4459

An authorized remote attacker can access files and directories outside the intended web root, potentially exposing sensitive system information of the affected Sunny Boy devices...

CVE-2021-4459 SMA: Directory Traversal in Sunny Boy <3.10.27.R

An authorized remote attacker can access files and directories outside the intended web root, potentially exposing sensitive system information of the affected Sunny Boy devices...

PT-2025-34841 · Sma Solar Technology · Sunny Boy

Name of the Vulnerable Software and Affected Versions: Sunny Boy affected versions not specified Description: An authorized remote attacker can access files and directories outside the intended web root, potentially exposing sensitive system information of the affected devices. Recommendations: A...

Linux Distros Unpatched Vulnerability : CVE-2025-24367

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cacti is an open source performance and fault management framework. An authenticated Cacti user can abuse graph creation and graph template functionality to...

SUSE SLES15 / openSUSE 15 Security Update : tomcat11 (SUSE-SU-2025:02979-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02979-1 advisory. Updated to Tomcat 11.0.9 - CVE-2025-52520: Fixed integer overflow can lead to DoS for some unlikely configurations o...

CVE-2025-53120

CVE-2025-53120 concerns Securden Unified PAM. A path-traversal flaw in the unauthenticated file-upload feature lets an attacker craft arbitrary file names/paths to place binaries or scripts into the server’s configuration and web root directories, achieving remote code execution on the Unified PA...

CVE-2025-53120 Securden Unified PAM Path Traversal In File Upload

A path traversal vulnerability in unauthenticated upload functionality allows a malicious actor to upload binaries and scripts to the server’s configuration and web root directories, achieving remote code execution on the Unified PAM server...

CVE-2025-53120 Securden Unified PAM Path Traversal In File Upload

A path traversal vulnerability in unauthenticated upload functionality allows a malicious actor to upload binaries and scripts to the server’s configuration and web root directories, achieving remote code execution on the Unified PAM server...

PT-2025-34677 · Unknown · Unified Pam

Name of the Vulnerable Software and Affected Versions: Unified PAM server affected versions not specified Description: A path traversal vulnerability exists in the unauthenticated upload functionality. This allows a malicious actor to upload binaries and scripts to the server’s configuration and...

CVE-2012-10061

Sockso Music Host Server versions = 1.5 are vulnerable to a path traversal flaw that allows unauthenticated remote attackers to read arbitrary files from the server’s filesystem. The vulnerability exists in the HTTP interface on port 4444, where the endpoint /file/ fails to properly sanitize...

CVE-2012-10061

Sockso Music Host Server versions = 1.5 are vulnerable to a path traversal flaw that allows unauthenticated remote attackers to read arbitrary files from the server’s filesystem. The vulnerability exists in the HTTP interface on port 4444, where the endpoint /file/ fails to properly sanitize...

CVE-2011-10009

S40 CMS v0.4.2 contains a path traversal vulnerability in its index.php page handler. The p parameter is not properly sanitized, allowing attackers to traverse the file system and access arbitrary files outside the web root. This can be exploited remotely without authentication by appending...

CVE-2011-10009 S40 CMS 0.4.2 Path Traversal

S40 CMS v0.4.2 contains a path traversal vulnerability in its index.php page handler. The p parameter is not properly sanitized, allowing attackers to traverse the file system and access arbitrary files outside the web root. This can be exploited remotely without authentication by appending...