CVE-2019-25333

CVE-2019-25333 affects Bullwark Momentum Series JAWS 1.0. The issue is a directory traversal vulnerability where unauthenticated attackers can read sensitive files by manipulating HTTP request paths with multiple “../” sequences, potentially reading files such as “/etc/passwd” outside the web roo...

CVE-2026-24897

Erugo is a self-hosted file-sharing platform. In versions up to and including 0.2.14, an authenticated low-privileged user can upload arbitrary files to any specified location due to insufficient validation of user‑supplied paths when creating shares. By specifying a writable path within the publ...

CVE-2026-24897 Authenticated Remote Code Execution via Arbitrary File Upload

Erugo is a self-hosted file-sharing platform. In versions up to and including 0.2.14, an authenticated low-privileged user can upload arbitrary files to any specified location due to insufficient validation of user‑supplied paths when creating shares. By specifying a writable path within the publ...

CVE-2026-24897

Erugo is a self-hosted file-sharing platform. In versions up to and including 0.2.14, an authenticated low-privileged user can upload arbitrary files to any specified location due to insufficient validation of user‑supplied paths when creating shares. By specifying a writable path within the publ...

CVE-2026-24897 Authenticated Remote Code Execution via Arbitrary File Upload

Erugo is a self-hosted file-sharing platform. In versions up to and including 0.2.14, an authenticated low-privileged user can upload arbitrary files to any specified location due to insufficient validation of user‑supplied paths when creating shares. By specifying a writable path within the publ...

CVE-2021-47751

CuteEditor for PHP now referred to as Rich Text Editor 6.6 contains a directory traversal vulnerability in the browse template feature that allows attackers to write files to arbitrary web root directories. Attackers can exploit the ServerMapPath function by renaming uploaded HTML files using...

CVE-2021-47751

CuteEditor for PHP now referred to as Rich Text Editor 6.6 contains a directory traversal vulnerability in the browse template feature that allows attackers to write files to arbitrary web root directories. Attackers can exploit the ServerMapPath function by renaming uploaded HTML files using...

CVE-2021-47751 CuteEditor for PHP 6.6 - Directory Traversal

CuteEditor for PHP now referred to as Rich Text Editor 6.6 contains a directory traversal vulnerability in the browse template feature that allows attackers to write files to arbitrary web root directories. Attackers can exploit the ServerMapPath function by renaming uploaded HTML files using...

CVE-2021-47751

CVE-2021-47751 affects CuteEditor for PHP (Rich Text Editor) version 6.6. The vulnerability is a directory traversal in the browse template feature that enables writing files to arbitrary web root directories by abusing ServerMapPath() to rename uploaded HTML files with traversal sequences, outsi...

PT-2026-2360

Name of the Vulnerable Software and Affected Versions CuteEditor for PHP now referred to as Rich Text Editor version 6.6 Description The software contains a directory traversal issue in the browse template feature. This allows attackers to write files to arbitrary web root directories by exploiti...

CVE-2021-22785

A CWE-200: Information Exposure vulnerability exists that could cause sensitive information of files located in the web root directory to leak when an attacker sends a HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 Versions prior to V3.40, Modicon M340 X...

CVE-2019-11879

The WEBrick gem 1.4.2 for Ruby allows directory traversal if the attacker once had local access to create a symlink to a location outside of the web root directory. NOTE: The vendor states that this is analogous to Options FollowSymlinks in the Apache HTTP Server, and therefore it is "not a probl...

Vivotek IP7137 路径遍历漏洞

The Vivotek IP7137 is an IP camera from China's Vivotek Communications Vivotek. A path traversal vulnerability exists in the Vivotek IP7137 version 0200a, which can be exploited by an authenticated attacker to access resources outside of the web root directory via a direct HTTP request, potential...

CVE-1999-0882

Falcon web server allows remote attackers to determine the absolute path of the web root via long file names...

CVE-2023-53956

Flatnux 2021-03.25 contains an authenticated file upload vulnerability that allows administrative users to upload arbitrary PHP files through the file manager. Attackers with admin credentials can upload malicious PHP scripts to the web root directory, enabling remote code execution on the server...

EUVD-2025-204594

Flatnux 2021-03.25 contains an authenticated file upload vulnerability that allows administrative users to upload arbitrary PHP files through the file manager. Attackers with admin credentials can upload malicious PHP scripts to the web root directory, enabling remote code execution on the server...

CVE-2023-53956

Flatnux 2021-03.25 is affected by an authenticated file upload vulnerability in the file manager that allows an admin with credentials to upload arbitrary PHP files to the web root, enabling remote code execution on the server. Public reference shows an exploit exists (exploits/51295). Root cause...

CVE-2023-53956 Flatnux 2021-03.25 Authenticated File Upload Remote Code Execution

Flatnux 2021-03.25 contains an authenticated file upload vulnerability that allows administrative users to upload arbitrary PHP files through the file manager. Attackers with admin credentials can upload malicious PHP scripts to the web root directory, enabling remote code execution on the server...

PT-2025-52526

Name of the Vulnerable Software and Affected Versions Flatnux version 2021-03.25 Description The software contains an authenticated file upload issue that permits administrative users to upload arbitrary PHP files via the file manager. An attacker with administrative access can upload malicious P...

CVE-2025-67487

Static Web Server SWS is a production-ready web server suitable for static web files or assets. Versions 2.40.0 and below contain symbolic links symlinks which can be used to access files or directories outside the intended web root folder. SWS generally does not prevent symlinks from escaping th...