Local File Inclusion due to path traversal in D-Link DAP-1620 leads to unauthorized internal files reading [/etc/passwd] and [/etc/shadow].
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An attacker can get access to sensitive information outside the working directory via Directory Traversal attacks against AprolSqlServer, a different vulnerability than CVE-2019-16357.
A path traversal flaw was found in the Ceph dashboard implemented in upstream versions v14.2.5, v14.2.6, v15.0.0 of Ceph storage and has been fixed in versions 14.2.7 and 15.1.0. An unauthenticated attacker could use this flaw to cause information disclosure on the host machine running the Ceph dashboard.
In Joomla! before 3.9.14, a missing access check in framework files could lead to a path disclosure.
UnRAR before 5.5.7 allows remote attackers to bypass a directory-traversal protection mechanism via vectors involving a symlink to the . directory, a symlink to the .. directory, and a regular file.
D-Link DIR-600 Rev Bx devices with v2.x firmware allow remote attackers to read passwords via a model/__show_info.php?REQUIRE_FILE= absolute path traversal attack, as demonstrated by discovering the admin password.
TVT NVMS-1000 devices allow GET /.. Directory Traversal
The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows directory traversal attacks for reading arbitrary files via the module/admin_conf/download.php file parameter.
A Directory Traversal vulnerability exists in WeBankPartners wecube-platform 3.2.1 via the file variable in PluginPackageController.java.
Directory traversal vulnerability in qinggan phpok 5.1, allows attackers to disclose sensitive information, via the title parameter to admin.php.
Cellopoint CelloOS v4.1.10 Build 20190922 does not validate URL inputted properly, which allows unauthorized user to launch Path Traversal attack and access arbitrate file on the system.
Directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS in SAP NetWeaver Application Server Java 7.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the query string, as exploited in the wild in August 2017, aka SAP Security Note 2486657.
A Directory Traversal issue was discovered in SpiderControl SCADA Web Server. An attacker may be able to use a simple GET request to perform a directory traversal into system files.
Directory traversal vulnerability in the administration console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.41, 7.0 before 7.0.0.19, and 8.0 before 8.0.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.
Absolute path traversal vulnerability in list_main_pages.php in Cromosoft Simple Plantilla PHP (SPP) allows remote attackers to list arbitrary directories, and read arbitrary files, via an absolute pathname in the nfolder parameter.
Multiple directory traversal vulnerabilities in LoveCMS 1.4 allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the step parameter to install/index.php or (2) the load parameter to the top-level URI.
In the WP Rocket plugin 2.9.3 for WordPress, the Local File Inclusion mitigation technique is to trim traversal characters (..) -- however, this is insufficient to stop remote attacks and can be bypassed by using 0x00 bytes, as demonstrated by a .%00.../.%00.../ attack.
get2post.php in IDERA Uptime Monitor 7.8 has directory traversal in the file_name parameter.
The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the filepath parameter for the download-file URL. An unauthenticated remote attacker can use this vulnerability to download arbitrary files.
tar/TarFileReader.cpp in Cauldron cbang (aka C-Bang or C!) before 1.6.0 allows Directory Traversal during extraction from a TAR archive.
Directory traversal vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 on Windows allows remote attackers to determine the existence of arbitrary files, and possibly load resources, via vectors involving a resource: URL.
The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the name parameter for the download-snapshot URL. An unauthenticated remote attacker can use this vulnerability to download arbitrary files.
Directory Traversal in Dell Storage Manager 2016 R2.1 causes Information Disclosure when the doGet method of the EmWebsiteServlet class doesn't properly validate user provided path before using it in file operations. Was ZDI-CAN-4459.
The Log module in SECUDOS DOMOS before 5.6 allows local file inclusion.
mfrserver is a simple file server. mfrserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
All versions prior to V2.06.00.00 of ZTE ZXDT22 SF01, an monitoring system of ZTE energy product, are impacted by directory traversal vulnerability that allows remote attackers to read arbitrary files on the system via a full path name after host address.
tencent-server is a simple web server. tencent-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
lib/yard/core_ext/file.rb in the server in YARD before 0.9.11 does not block relative paths with an initial ../ sequence, which allows attackers to conduct directory traversal attacks and read arbitrary files.
peiserver is a static file server. peiserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Franklin Fueling Systems FFS TS-550 evo 2.23.4.8936 is affected by an unauthenticated directory traversal vulnerability, which allows an attacker to obtain sensitive information.
A directory traversal vulnerability exists in rack < 2.2.0 that allows an attacker perform directory traversal vulnerability in the Rack::Directory app that is bundled with Rack which could result in information disclosure.
jqueryFileTree 2.1.5 and older Directory Traversal
This affects versions of package browserless-chrome before 1.40.2-chrome-stable. User input flowing from the workspace endpoint gets used to create a file path filePath and this is fetched and then sent back to a user. This can be escaped to fetch arbitrary files from a server.
dgard8.lab6 is a static file server. dgard8.lab6 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Structured Data Linter versions 2.4.1 and older are vulnerable to a directory traversal attack in the URL input field resulting in the possibility of disclosing information about the remote host.
An issue was discovered in webp_server_go 0.4.0. There is a directory traversal vulnerability that can read arbitrary file information on the server.
PluginServlet.java in Ignite Realtime Openfire through 4.4.2 does not ensure that retrieved files are located under the Openfire home directory, aka a directory traversal vulnerability.
Directory traversal vulnerability in Spark 2.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.
IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 133638.
A Directory Traversal vulnerability in CliMonitorReportServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to read arbitrary files including files with sensitive user information.
The _list_file_get function in lib/Majordomo.pm in Majordomo 2 20110203 and earlier allows remote attackers to conduct directory traversal attacks and read arbitrary files via a ./.../ sequence in the "extra" parameter to the help command, which causes the regular expression to produce .. (dot dot) sequences. NOTE: this vulnerability is due to an incomplete fix for CVE-2011-0049.
EMC Data Protection Advisor 6.1.x, EMC Data Protection Advisor 6.2, EMC Data Protection Advisor 6.2.1, EMC Data Protection Advisor 6.2.2, EMC Data Protection Advisor 6.2.3 prior to patch 446 has a path traversal vulnerability that may potentially be exploited by malicious users to compromise the affected system.
Directory traversal vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to enumerate the files on the system via the var_url parameter in a valider_xml action.
An issue was discovered in the rust-embed crate before 6.3.0 for Rust. A ../ directory traversal can sometimes occur in debug mode.
ZEIT Next.js 4 before 4.2.3 has Directory Traversal under the /_next request namespace.
fbr-client sends files through sockets via socket.io and webRTC. fbr-client is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
In com.wowza.wms.timedtext.http.HTTPProviderCaptionFile in Wowza Streaming Engine before 4.7.1, traversal of the directory structure and retrieval of a file are possible via a remote, specifically crafted HTTP request.
Directory traversal vulnerability in the GetData method in the Dell DellSystemLite.Scanner ActiveX control in DellSystemLite.ocx 1.0.0.0 allows remote attackers to read arbitrary files via directory traversal sequences in the fileID parameter.
yzt is a simple file server. yzt is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Absolute path traversal vulnerability in xftpd in the FTP Server component in Apple Mac OS X before 10.6.8 allows remote attackers to list arbitrary directories by using the root directory as the starting point of a recursive listing.