FlightPath 4.x and 5.0-x allows directory traversal and Local File Inclusion through the form_include parameter in an index.php?q=system-handle-form-submit POST request because of an include_once in system_handle_form_submit in modules/system/system.module.
FileRun 2019.05.21 allows images/extjs Directory Listing. This issue has been fixed in FileRun 2019.06.01.
Directory traversal vulnerability in sources/_template_parser.php in Moa Gallery 1.2.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the p_filename parameter, a different issue than CVE-2009-4614.
doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/download.php. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information.
ExaGrid appliances with firmware version v4.8.1.1044.P50 have a /monitor/data/Upgrade/ directory traversal vulnerability, which allows remote attackers to view and retrieve verbose logging information. Files within this directory were observed to contain sensitive run-time information, including Base64 encoded 'support' credentials, leading to administrative access of the device.
Directory traversal vulnerability in geohttpserver in Geovision Digital Video Surveillance System 8.2 allows remote attackers to read arbitrary files via a .. (dot dot) in a GET request.
Directory traversal vulnerability in dialog/file_manager.php in Interspire Knowledge Manager 5 allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/downloaddir.php. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information.
Directory traversal vulnerability in gallery/gallery.php in Wap-Motor before 18.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the image parameter.
A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. An attacker can supply a string using special patterns via the SCP protocol to disclose WS_FTP usernames as well as filenames.
Specific page parameters in Dr. ID Door Access Control and Personnel Attendance Management system does not filter special characters. Remote attackers can apply Path Traversal means to download credential files from the system without permission.
A HTTP Traversal Attack in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.0.2 allows remote attackers to read files outside the http root.
doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/copydir.php. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information.
A Path Traversal vulnerability in Controllers/LetsEncryptController.cs in LetsEncryptController in GrandNode 4.40 allows remote, unauthenticated attackers to retrieve arbitrary files on the web server via specially crafted LetsEncrypt/Index?fileName= HTTP requests. A patch for this issue was made on 2019-05-30 in GrandNode 4.40.
Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the Download() method of AutoUpdateService in SMServer.exe, leading to Directory Traversal. An attacker could use ..\ with this method to iterate over lists of interesting system files and download them without previous authentication. This includes SAM-database backups, Web.config files, etc. and might cause a serious impact on confidentiality.
Directory traversal vulnerability in WebCoreModule.ashx in RADactive I-Load before 2008.2.5.0 allows remote attackers to read arbitrary files via unspecified vectors.
yard before 0.9.20 allows path traversal.
Directory traversal vulnerability in get_message.cgi in QuarkMail allows remote attackers to read arbitrary files via a .. (dot dot) in the tf parameter.
Cartadis Gespage through 8.2.1 allows Directory Traversal in gespage/doDownloadData and gespage/webapp/doDownloadData.
Directory traversal vulnerability in Cherokee Web Server 0.5.4 and earlier for Windows allows remote attackers to read arbitrary files via a /\.. (slash backslash dot dot) in the URL.
files.php in Vivvo CMS 4.1.5.1 allows remote attackers to conduct directory traversal attacks and read arbitrary files via the file parameter with "logs/" in between two . (dot) characters, which is filtered into a "../" sequence.
Directory traversal vulnerability in get_file.php in phpMyBackupPro 2.1 allows remote attackers to read arbitrary files via directory traversal sequences in the view parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Directory traversal vulnerability in navigation.php in An image gallery 1.0 allows remote attackers to list arbitrary directories via a .. (dot dot) in the path parameter.
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system allows to download arbitrary files under a user controlled path and does not correctly check if the relative path is still within the intended target directory.
An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. On the /cbs/system/ShowAdvanced.do "File Explorer" screen, it is possible to change the directory in the JavaScript code. If changed to (for example) "C:" then one can browse the whole server.
An issue in index.php of OneNav v0.9.14 allows attackers to perform directory traversal.
Directory traversal vulnerability in phpspot PHP BBS, PHP Image Capture BBS, PHP & CSS BBS, PHP BBS CE, PHP_RSS_Builder, and webshot, dated before 20090914, allows remote attackers to read arbitrary files via unspecified vectors.
admin/index.php in Monstra CMS 3.0.4 allows arbitrary directory listing via id=filesmanager&path=uploads/.......//./.......//./ requests.
In Eclipse Kura versions up to 4.0.0, the SkinServlet did not checked the path passed during servlet call, potentially allowing path traversal in get requests for a limited number of file types.
Directory traversal vulnerability in index.php in TFTgallery 0.13 allows remote attackers to read arbitrary files via a ..%2F (encoded dot dot slash) in the album parameter.
Directory traversal vulnerability in Xerver HTTP Server 4.32 allows remote attackers to read arbitrary files via a full pathname with a drive letter in the currentPath parameter in a chooseDirectory action.
Directory traversal vulnerability in the ICC_Profile.getInstance method in Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local International Color Consortium (ICC) profile files via a .. (dot dot) in a pathname, aka Bug Id 6631533.
Absolute path traversal vulnerability in cvs.php in OCS Inventory NG before 1.02.1 on Unix allows remote attackers to read arbitrary files via a full pathname in the log parameter.
Multiple directory traversal vulnerabilities in upfiles/index.php in Pc4 Uploader 10.0 and earlier allow remote attackers to read arbitrary files via (1) a .. (dot dot) or (2) absolute path in the file parameter.
Multiple directory traversal vulnerabilities in BitmixSoft PHP-Lance 1.52 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) language parameter to show.php and (2) in parameter to advanced_search.php.
Zucchetti HR Portal through 2019-03-15 allows Directory Traversal. Unauthenticated users can escape outside of the restricted location (dot-dot-slash notation) to access files or directories that are elsewhere on the system. Through this vulnerability it is possible to read the application's java sources from /WEB-INF/classes/*.class
Multiple directory traversal vulnerabilities in view.php in Webboard 2.90 beta and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the topic parameter.
An attacker can include file contents from outside the `/adapter/xxx/` directory, where `xxx` is the name of an existent adapter like "admin". It is exploited using the administrative web panel with a request for an adapter file. **Note:** The attacker has to be logged in if the authentication is enabled (by default isn't enabled).
A path traversal vulnerability in the DxWebEngine component of DH2i DxEnterprise and DxOdyssey for Windows, version 19.5 through 20.x before 20.0.219.0, allows an attacker to read any file on the host file system via an HTTP request.
Absolute path traversal vulnerability in forcedownload.php in Gravy Media Photo Host 1.0.8 allows remote attackers to read arbitrary files via an encoded "/" (slash) in the file parameter.
Directory traversal vulnerability in engine.php in Kasseler CMS 1.3.5 lite allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter during a download action, a different vector than CVE-2008-3087. NOTE: some of these details are obtained from third party information.
Directory traversal vulnerability in index.php in Clicknet CMS 2.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the side parameter.
Multiple directory traversal vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to (1) read portions of arbitrary files via a .. (dot dot) and a ..\ (dot dot backslash) in the lang parameter to main/exercice/hotspot_lang_conversion.php and (2) read arbitrary files via a .. (dot dot) in the doc_url parameter to main/exercice/Hpdownload.php.
In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.7 the filename parameter is vulnerable to unauthenticated path traversal attacks, enabling read access to arbitrary files on the server.
In Druid 1.2.3, visiting the path with parameter in a certain function can lead to directory traversal.
Node-RED-Dashboard before 2.26.2 allows ui_base/js/..%2f directory traversal to read files.
Directory traversal vulnerability in index.php in AdaptWeb 0.9.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the newlang parameter.
The Admin media handler in core/servers/basehttp.py in Django 1.0 and 0.96 does not properly map URL requests to expected "static media files," which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a crafted URL.
A Local File Inclusion (LFI) vulnerability was identified in mlflow/mlflow, specifically in version 2.9.2, which was fixed in version 2.11.3. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as '../'. An attacker can exploit this flaw by manipulating the fragment part of the URI to read arbitrary files on the local file system, including sensitive files like '/etc/passwd'. The vulnerability is a bypass to a previous patch that only addressed similar manipulation within the URI's query string, highlighting the need for comprehensive validation of all parts of a URI to prevent LFI attacks.
Path traversal vulnerability in QSAN Storage Manager allows remote unauthenticated attackers to download arbitrary files thru injecting file path in download function. Suggest contacting with QSAN and refer to recommendations in QSAN Document.