Directory traversal vulnerability in misc/tell_a_friend/tell.php in phpunity.newsmanager allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter.
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system allows to download arbitrary files under a user controlled path and does not correctly check if the relative path is still within the intended target directory.
Multiple directory traversal vulnerabilities in WebMaid CMS 0.2-6 Beta and earlier allow remote attackers to read arbitrary files via directory traversal sequences in the com parameter to (1) cContactus.php, (2) cGuestbook.php, and (3) cArticle.php.
Directory traversal vulnerability in news/include/customize.php in Web Server Creator - Web Portal 0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the l parameter.
Directory traversal vulnerability in the JCollection (com_jcollection) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
Directory traversal vulnerability in the SVMap (com_svmap) component 1.1.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
The AGG Software Web Server version 4.0.40.1014 and prior is vulnerable to a path traversal attack, which may allow an attacker to read arbitrary files from the file system.
Directory traversal vulnerability in weberpcustomer.php in the webERPcustomer (com_weberpcustomer) component 1.2.1 and 1.x before 1.06.02 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information.
SAP Cloud Connector, version - 2.0, allows the upload of zip files as backup. This backup file can be tricked to inject special elements such as '..' and '/' separators, for attackers to escape outside of the restricted location to access files or directories.
Directory traversal vulnerability in Irmin CMS (formerly Pepsi CMS) 0.6 BETA2 allows remote attackers to read arbitrary files via a .. (dot dot) in the w parameter to index.php.
Directory traversal vulnerability in the LoginBox Pro (com_loginbox) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.
Directory traversal vulnerability in wgarcmin.cgi in WebGlimpse 2.18.7 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the DOC parameter.
Directory traversal in RStudio Shiny Server before 1.5.16 allows attackers to read the application source code, involving an encoded slash.
Directory traversal vulnerability in modules/backup/download.php in Lanai Core 0.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the f parameter.
In Druid 1.2.3, visiting the path with parameter in a certain function can lead to directory traversal.
In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.7 the filename parameter is vulnerable to unauthenticated path traversal attacks, enabling read access to arbitrary files on the server.
Directory traversal vulnerability in geohttpserver in Geovision Digital Video Surveillance System 8.2 allows remote attackers to read arbitrary files via a .. (dot dot) in a GET request.
Multiple directory traversal vulnerabilities in phpCommunity 2 2.1.8 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) file parameter to module/admin/files/show_file.php and the (2) path parameter to module/admin/files/show_source.php.
Directory traversal vulnerability in api/download_checker.php in MegaLab The Uploader 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.
Directory traversal vulnerability in gastbuch.php in Gästebuch (Gastebuch) 1.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the start parameter.
Directory traversal vulnerability in team.rc5-72.php in DNET Live-Stats 0.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the showlang parameter.
Secure Bytes Cisco Configuration Manager, as bundled in Secure Bytes Secure Cisco Auditor (SCA) 3.0, has a Directory Traversal issue in its TFTP Server, allowing attackers to read arbitrary files via ../ sequences in a pathname.
A path traversal vulnerability in the DxWebEngine component of DH2i DxEnterprise and DxOdyssey for Windows, version 19.5 through 20.x before 20.0.219.0, allows an attacker to read any file on the host file system via an HTTP request.
Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. NOTE: it could be argued that this is resultant from a vulnerability in which an emoticon download request is processed even without a preceding text/x-mms-emoticon message that announced availability of the emoticon.
The _list_file_get function in lib/Majordomo.pm in Majordomo 2 20110203 and earlier allows remote attackers to conduct directory traversal attacks and read arbitrary files via a ./.../ sequence in the "extra" parameter to the help command, which causes the regular expression to produce .. (dot dot) sequences. NOTE: this vulnerability is due to an incomplete fix for CVE-2011-0049.
Directory traversal vulnerability in sources/_template_parser.php in Moa Gallery 1.2.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the p_filename parameter, a different issue than CVE-2009-4614.
All versions of the package files-bucket-server are vulnerable to Directory Traversal where an attacker can traverse the file system and access files outside of the intended directory.
Directory traversal vulnerability in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25b allows remote attackers to list the contents of arbitrary directories via a .. (dot dot) in the ns parameter.
Directory traversal vulnerability in WebSEAL in IBM Tivoli Access Manager for e-business 6.1.1 before 6.1.1-TIV-AWS-FP0001 on AIX allows remote attackers to read arbitrary files via a %uff0e%uff0e (encoded dot dot) in a URI.
Directory traversal vulnerability in thumbnail.ghp in Easy File Sharing (EFS) Web Server 4.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the vfolder parameter.
Directory traversal vulnerability in CuteSoft_Client/CuteEditor/Load.ashx in CuteSoft Components Cute Editor for ASP.NET allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
Micronaut is a JVM-based, full stack Java framework designed for building JVM applications. A path traversal vulnerability exists in versions prior to 2.5.9. With a basic configuration, it is possible to access any file from a filesystem, using "/../../" in the URL. This occurs because Micronaut does not restrict file access to configured paths. The vulnerability is patched in version 2.5.9. As a workaround, do not use `**` in mapping, use only `*`, which exposes only flat structure of a directory not allowing traversal. If using Linux, another workaround is to run micronaut in chroot.
Directory traversal vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 on Windows allows remote attackers to determine the existence of arbitrary files, and possibly load resources, via vectors involving a resource: URL.
Cartadis Gespage through 8.2.1 allows Directory Traversal in gespage/doDownloadData and gespage/webapp/doDownloadData.
Path traversal vulnerability in back-end analysis function in QSAN XEVO allows remote attackers to download arbitrary files without permissions. The referred vulnerability has been solved with the updated version of QSAN XEVO v2.1.0.
Directory traversal vulnerability in Pforum.php in Rocomotion P forum before 1.28 allows remote attackers to read arbitrary files via directory traversal sequences in unspecified vectors.
Path traversal vulnerability in share_link in QSAN Storage Manager allows remote attackers to download arbitrary files. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3.
Directory traversal vulnerability in Yaws 1.89 allows remote attackers to read arbitrary files via ..\ (dot dot backslash) and other sequences.
Directory traversal vulnerability in includes/feedcreator.class.php in Elxis CMS allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.
Directory traversal vulnerability in dialog/file_manager.php in Interspire Knowledge Manager 5 allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Directory traversal vulnerability in Xerver HTTP Server 4.32 allows remote attackers to read arbitrary files via a full pathname with a drive letter in the currentPath parameter in a chooseDirectory action.
Directory traversal vulnerability in VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138 on Linux, VMware ESXi 3.5, and VMware ESX 3.0.3 and 3.5 allows remote attackers to read arbitrary files via unspecified vectors.
A directory traversal vulnerability in the Markdown engine of Gotenberg through 6.2.1 allows an attacker to read any container files.
Directory traversal vulnerability in includes/bookx_export.php BookX plugin 1.7 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
Directory traversal vulnerability in the nBill (com_netinvoice) component before 2.0.9 standard edition, 2.0.10 lite edition, and 1.2_10 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in unspecified vectors related to (1) administrator/components/com_nbill/admin.nbill.php, (2) components/com_nbill/nbill.php, (3) administrator/components/com_netinvoice/admin.netinvoice.php, or (4) components/com_netinvoice/netinvoice.php, as exploited in the wild in November 2010.
A vulnerability was found in Kingdee Cloud-Starry-Sky Enterprise Edition up to 8.2. It has been classified as problematic. Affected is the function BaseServiceFactory.getFileUploadService.deleteFileAction of the file K3Cloud\BBCMallSite\WEB-INF\lib\Kingdee.K3.O2O.Base.WebApp.jar!\kingdee\k3\o2o\base\webapp\action\FileUploadAction.class of the component IIS-K3CloudMiniApp. The manipulation of the argument filePath leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor recommends as a short-term measure to "[t]emporarily disable external network access to the Kingdee Cloud Galaxy Retail System or set up an IP whitelist for access control." The long-term remediation will be: "Install the security patch provided by the Starry Sky system, with the specific solutions being: i) Adding authentication to the vulnerable CMKAppWebHandler.ashx interface; ii) Removing the file reading function."
Allied Telesis AT-S115 1.2.0 devices before 1.00.024 with Boot Loader 1.00.006 allow Directory Traversal to achieve partial access to data.
Directory traversal vulnerability in FileStorageUpload.ashx in SmarterMail 7.1.3876 allows remote attackers to read arbitrary files via a (1) ../ (dot dot slash), (2) %5C (encoded backslash), or (3) %255c (double-encoded backslash) in the name parameter.
Organization Portal System developed by WellChoose has an Arbitrary File Reading vulnerability, allowing unauthenticated remote attackers to exploit Absolute Path Traversal to download arbitrary system files.
Directory traversal vulnerability in the ICC_Profile.getInstance method in Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local International Color Consortium (ICC) profile files via a .. (dot dot) in a pathname, aka Bug Id 6631533.