Directory traversal vulnerability in force-download.php in the Download Shortcode plugin 0.2.3 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
A path traversal vulnerability in <= v0.9.7 of statichttpserver npm module allows attackers to list files in arbitrary folders.
PHP Scripts Mall Professional Service Script allows remote attackers to obtain sensitive full-path information via a crafted PATH_INFO to service-list/category/.
Directory traversal vulnerability in controller/concerns/render_redirect.rb in the Wicked gem before 1.0.1 for Ruby allows remote attackers to read arbitrary files via a %2E%2E%2F (encoded dot dot slash) in the step.
Directory traversal vulnerability in 'an' App for iOS Version 3.2.0 and earlier allows remote attackers to read arbitrary files via unspecified vectors.
Path traversal using symlink in npm harp module versions <= 0.29.0.
Adobe Campaign version 21.2.1 (and earlier) is affected by a Path Traversal vulnerability that could lead to reading arbitrary server files. By leveraging an exposed XML file, an unauthenticated attacker can enumerate other files on the server.
The repository settings resource in Atlassian Bitbucket Server before version 5.6.0 allows remote attackers to read the first line of arbitrary files via a path traversal vulnerability through the default branch name.
Biometric Shift Employee Management System allows Arbitrary File Download via directory traversal sequences in the index.php form_file_name parameter in a download_form action.
Multiple directory traversal vulnerabilities in the doApiAction function in data/class/api/SC_Api_Operation.php in LOCKON EC-CUBE 2.12.0 through 2.12.5 on Windows allow remote attackers to read arbitrary files via vectors involving a (1) Operation, (2) Service, (3) Style, (4) Validate, or (5) Version value.
Directory traversal vulnerability in the PreBoot service in Novell ZENworks Configuration Management (ZCM) 11.2 allows remote attackers to read arbitrary files via a .. (dot dot) in a preboot update pathname, aka ZDI-CAN-1595.
There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.
Metabase is an open source data analytics platform. In affected versions a security issue has been discovered with the custom GeoJSON map (`admin->settings->maps->custom maps->add a map`) support and potential local file inclusion (including environment variables). URLs were not validated prior to being loaded. This issue is fixed in a new maintenance release (0.40.5 and 1.40.5), and any subsequent release after that. If you’re unable to upgrade immediately, you can mitigate this by including rules in your reverse proxy or load balancer or WAF to provide a validation filter before the application.
Directory traversal vulnerability in editor.php in Network Weathermap 0.97c and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the mapname parameter in a show_config action.
cPanel before 64.0.21 allows certain file-read operations via a Serverinfo_manpage API call (SEC-252).
Directory traversal in the HTTP server on Yawcam 0.2.6 through 0.6.0 devices allows attackers to read arbitrary files through a sequence of the form '.x./' or '....\x/' where x is a pattern composed of one or more (zero or more for the second pattern) of either \ or ..\ -- for example a '.\./', '....\/' or '...\./' sequence. For files with no extension, a single dot needs to be appended to ensure the HTTP server does not alter the request, e.g., a "GET /.\./.\./.\./.\./.\./.\./.\./windows/system32/drivers/etc/hosts." request.
PHP Scripts Mall Professional Service Script allows remote attackers to obtain sensitive full-path information via the id parameter to admin/review_userwise.php.
CDG through 2017-01-01 allows downloadDocument.jsp?command=download&pathAndName= directory traversal.
mfrserver is a simple file server. mfrserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
The mkdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain :sensitive information. NOTE: the vendor has disputed this as described in https://github.com/mkdocs/mkdocs/issues/2601.] and https://github.com/nisdn/CVE-2021-40978/issues/1
tencent-server is a simple web server. tencent-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
lib/yard/core_ext/file.rb in the server in YARD before 0.9.11 does not block relative paths with an initial ../ sequence, which allows attackers to conduct directory traversal attacks and read arbitrary files.
peiserver is a static file server. peiserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Directory traversal vulnerability on ONKYO TX-NR686 1030-5000-1040-0010 A/V Receiver devices allows remote attackers to read arbitrary files via a .. (dot dot) and %2f to the default URI.
ECOA BAS controller suffers from a path traversal vulnerability, causing arbitrary files disclosure. Using the specific POST parameter, unauthenticated attackers can remotely disclose arbitrary files on the affected device and disclose sensitive and system information.
dgard8.lab6 is a static file server. dgard8.lab6 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Directory traversal vulnerability in iChain Insurance Wallet App for iOS Version 1.3.0 and earlier allows remote attackers to read arbitrary files via unspecified vectors.
Directory traversal vulnerability in SavySoda WiFi HD Free before 7.0 allows remote attackers to read arbitrary files via a ..%2f (encoded dot dot slash) in a GET request.
fbr-client sends files through sockets via socket.io and webRTC. fbr-client is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
In com.wowza.wms.timedtext.http.HTTPProviderCaptionFile in Wowza Streaming Engine before 4.7.1, traversal of the directory structure and retrieval of a file are possible via a remote, specifically crafted HTTP request.
yzt is a simple file server. yzt is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
A path traversal vulnerability in localhost-now npm package version 1.0.2 allows the attackers to read content of arbitrary files on the remote server.
nodeaaaaa is a static file server. nodeaaaaa is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
A Directory Traversal vulnerability exists in WeBankPartners wecube-platform 3.2.1 via the file variable in PluginPackageController.java.
Directory traversal vulnerability in Django 1.4.x before 1.4.7, 1.5.x before 1.5.3, and 1.6.x before 1.6 beta 3 allows remote attackers to read arbitrary files via a file path in the ALLOWED_INCLUDE_ROOTS setting followed by a .. (dot dot) in a ssi template tag.
The SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows remote attackers to obtain sensitive information via (1) a direct request to dwr/call/plaincall/AsyncOperationsContainer.getOperationState.dwr, which reveals the installation path in the s0.filePath field, or (2) a T/keyManagement request to plain/settings.html, which reveals a temporary path in an error message.
sgqserve is a simple file server. sgqserve is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
elding is a simple web server. elding is vulnerable to a directory traversal issue, allowing an attacker to access the filesystem by placing "../" in the url. The files accessible, however, are limited to files with a file extension. Sending a GET request to /../../../etc/passwd, for example, will return a 404 on etc/passwd/index.js.
A path traversal vulnerability in <= v0.2.6 of http-file-server npm module allows attackers to list files in arbitrary folders.
ServerAdmin/TestDRConnection.jsp in DS3 Authentication Server allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in a -REG-E-OPEN error message.
A path traversal vulnerability in serve npm package version 7.0.1 allows the attackers to read content of arbitrary files on the remote server.
An log-management directory traversal issue was discovered in OverIT Geocall 6.3 before build 2:346977.
Directory traversal vulnerability in Aspen before 0.22 allows remote attackers to read arbitrary files via a .. (dot dot) to the default URI.
SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal. An attacker can partially include arbitrary files via the file_name parameter of the Step3 import functionality.
Directory traversal vulnerability in IBM InfoSphere Data Replication Dashboard 9.7 and 10.1 allows remote attackers to read arbitrary files via unspecified vectors. IBM X-Force ID: 84127.
Absolute path traversal vulnerability in the web interface in Cisco Finesse allows remote attackers to read directory contents via a direct request to a directory URL, aka Bug ID CSCug16772.
The Process function in RemoteTaskServer/WebServer/HttpServer.cs in Ulterius before 1.9.5.0 allows HTTP server directory traversal.
Directory traversal vulnerability in app/webroot/js/vendors.php in Cake Software Foundation CakePHP before 1.1.8.3544 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, followed by a filename ending with "%00" and a .js filename.
Directory traversal vulnerability in LOCKON EC-CUBE 2.12.0 through 2.12.4 allows remote attackers to read arbitrary image files via vectors related to data/class/SC_CheckError.php and data/class/SC_FormParam.php, a different vulnerability than CVE-2013-3650.
Path traversal vulnerability in version up to v1.1.3 in serve-here.js npm module allows attackers to list any file in arbitrary folder.