360class.jansenhm is a static file server. 360class.jansenhm is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
datachannel-client is a signaling implementation for DataChannel.js. datachannel-client is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
sspa is a server dedicated to single-page apps. sspa is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
quickserver is a simple static file server. quickserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
utahcityfinder constructs lists of Utah cities with a certain prefix. utahcityfinder is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
IBM Sterling File Gateway 2.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 131288.
ewgaddis.lab6 is a file server. ewgaddis.lab6 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
uekw1511server is a static file server. uekw1511server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
serverxxx is a static file server. serverxxx is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
11xiaoli is a simple file server. 11xiaoli is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Directory traversal vulnerability in download.lib.php in Pragyan CMS 3.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the fileget parameter in a profile action to index.php.
hostr is a simple web server that serves up the contents of the current directory. There is a directory traversal vulnerability in hostr 2.3.5 and earlier that allows an attacker to read files outside the current directory by sending `../` in the url path for GET requests.
jn_jj_server is a static file server. jn_jj_server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Directory traversal vulnerability in the getContent function in codes/wcms.php in w-CMS 2.01 allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter. NOTE: some of these details are obtained from third party information.
e7d Speed Test (aka speedtest) 0.5.3 allows a path-traversal attack that results in information disclosure via the "GET /.." substring.
IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 133638.
Multiple directory traversal vulnerabilities in the Vitamin plugin before 1.1.0 for WordPress allow remote attackers to access arbitrary files via a .. (dot dot) in the path parameter to (1) add_headers.php or (2) minify.php.
Directory traversal vulnerability in json.php in TomatoCart 1.2.0 Alpha 2 and possibly earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the module parameter in a "3" action.
scott-blanch-weather-app is a sample Node.js app using Express 4. scott-blanch-weather-app is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Multiple directory traversal vulnerabilities in the (1) View Connection Server and (2) View Security Server in VMware View 4.x before 4.6.2 and 5.x before 5.1.2 allow remote attackers to read arbitrary files via unspecified vectors.
Directory traversal vulnerability in a_getlog.cgi in Polycom HDX Video End Points before 3.0.4 and UC APL before 2.7.1.J allows remote attackers to read arbitrary files via a .. (dot dot) in the name parameter.
A path traversal vulnerability has been reported to affect QNAP device running QuTScloud, QuTS hero, QTS, QVR Pro Appliance. If exploited, this vulnerability allows attackers to read the contents of unexpected files and expose sensitive data. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero, QTS, QVR Pro Appliance: QuTScloud c5.0.1.1949 and later QuTS hero h5.0.0.1949 build 20220215 and later QuTS hero h4.5.4.1951 build 20220218 and later QTS 5.0.0.1986 build 20220324 and later QTS 4.5.4.1991 build 20220329 and later
The True Ranker plugin <= 2.2.2 for WordPress allows arbitrary files, including sensitive configuration files such as wp-config.php, to be accessed via the src parameter found in the ~/admin/vendor/datatables/examples/resources/examples.php file.
ZEIT Next.js 4 before 4.2.3 has Directory Traversal under the /_next request namespace.
Directory traversal vulnerability in VMware CapacityIQ 1.5.x allows remote attackers to read arbitrary files via unspecified vectors.
Directory traversal vulnerability in index.php in phpSysInfo 2.5.1 allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) sequence and a trailing null (%00) byte in the lng parameter, which will display a different error message if the file exists.
Directory traversal vulnerability in modules/com_vtiger_workflow/sortfieldsjson.php in vtiger CRM 5.1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the module_name parameter.
The Zoomsounds plugin <= 6.45 for WordPress allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the `dzsap_download` action using directory traversal in the `link` parameter.
Absolute path traversal vulnerability in controlcenter.php in FlatnuX CMS 2011 08.09.2 allows remote administrators to read arbitrary files via a full pathname in the dir parameter in a contents/Files action.
Directory traversal vulnerability in Online Catering Reservation System 1.0 exists due to lack of validation in index.php.
grav is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Directory traversal vulnerability in the WebServer (Thttpd.bat) in IpTools (aka Tiny TCP/IP server) 0.1.4 allows remote attackers to read arbitrary files via a .. (dot dot) in a HTTP request.
In NASCENT RemKon Device Manager 4.0.0.0, a Directory Traversal vulnerability in a log-reading function in maintenance/readLog.php allows an attacker to read any file via a specialized URL.
Directory traversal vulnerability in LayerLoader.jsp in the theme component in IBM WebSphere Portal 7.0.0.1 and 7.0.0.2 before CF19 and 8.0 before CF03 allows remote attackers to read arbitrary files via a crafted URI.
Directory traversal vulnerability in the Web UI in EMC Data Protection Advisor (DPA) 5.6 through SP1, 5.7 through SP1, and 5.8 through SP4 allows remote attackers to read arbitrary files via unspecified vectors.
Directory traversal vulnerability in the zing_forum_output function in forum.php in the Zingiri Forum (aka Forums) plugin before 1.4.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter to index.php.
chatbyvista is a file server. chatbyvista is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was incompatible with the pathname validation used by unspecified community modules.
cuciuci is a simple fileserver. cuciuci is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Directory traversal vulnerability in the Google Doc Embedder plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to libs/pdf.php.
The File Download API in Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to read arbitrary files via absolute path traversal in the SearchString JSON field in /home/download POST data.
Directory traversal vulnerability in gmap/view_overlay.php in Bitweaver 2.8.1 and earlier allows remote attackers to read arbitrary files via "''%2F" (dot dot encoded slash) sequences in the overlay_type parameter.
A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries.
infraserver is a RESTful server. infraserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Multiple directory traversal vulnerabilities in the management console in Symantec Messaging Gateway (SMG) 9.5.x allow remote authenticated users to read arbitrary files via a .. (dot dot) in the (1) logFile parameter in a logs action to brightmail/export or (2) localBackupFileSelection parameter in an APPLIANCE restoreSource action to brightmail/admin/restore/download.do.
simple-npm-registry is a local npm package cache. simple-npm-registry is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
node-simple-router is a minimalistic router for Node. node-simple-router is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL.
Directory traversal vulnerability in MODx Evolution 1.0.4 and earlier allows remote attackers to read arbitrary files via unspecified vectors related to AjaxSearch, a different vulnerability than CVE-2010-1427.
Multiple directory traversal vulnerabilities in the cssgen contrib module in GeSHi before 1.0.8.11 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) geshi-path or (2) geshi-lang-path parameter.
serveryztyzt is a simple http server. serveryztyzt is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL.