The create_response function in server/server.c in Psensor before 1.1.4 allows Directory Traversal because it lacks a check for whether a file is under the webserver directory.
The epic theme through 2014-09-07 for WordPress allows arbitrary file downloads via the file parameter to includes/download.php.
A vulnerability, which was classified as problematic, has been found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. This issue affects some unknown processing of the file \Service\FileHandler.ashx. The manipulation of the argument FileDirectory leads to absolute path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-236207.
YesWiki is a wiki system written in PHP. The squelette parameter is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server. This vulnerability is fixed in 4.5.2.
In Apache Ambari versions 2.6.2.2 and earlier, malicious users can construct file names for directory traversal and traverse to other directories to download files.
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in LambertGroup CLEVER allows Path Traversal. This issue affects CLEVER: from n/a through 2.6.
A vulnerability was found in keycloak, where path traversal using URL-encoded path segments in the request is possible because the resources endpoint applies a transformation of the url path to the file path. Only few specific folder hierarchies can be exposed by this flaw
Soundminer – CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
In Zoho ManageEngine OpManager before 125144, when <cachestart> is used, directory traversal validation can be bypassed.
OpenMRS is a patient-based medical record system focusing on giving providers a free customizable electronic medical record system. Affected versions are subject to arbitrary file exfiltration due to failure to sanitize request when satisfying GET requests for `/images` & `/initfilter/scripts`. This can allow an attacker to access any file on a system running OpenMRS that is accessible to the user id OpenMRS is running under. Affected implementations should update to the latest patch version of OpenMRS Core for the minor version they use. These are: 2.1.5, 2.2.1, 2.3.5, 2.4.5 and 2.5.3. As a general rule, this vulnerability is already mitigated by Tomcat's URL normalization in Tomcat 7.0.28+. Users on older versions of Tomcat should consider upgrading their Tomcat instance as well as their OpenMRS instance.
The Snap Creek Duplicator plugin before 1.3.28 for WordPress (and Duplicator Pro before 3.8.7.1) allows Directory Traversal via ../ in the file parameter to duplicator_download or duplicator_init.
A directory traversal vulnerability in the Markdown engine of Gotenberg through 6.2.1 allows an attacker to read any container files.
openSIS through 7.4 allows Directory Traversal.
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in LambertGroup HTML5 Radio Player - WPBakery Page Builder Addon allows Path Traversal. This issue affects HTML5 Radio Player - WPBakery Page Builder Addon: from n/a through 2.5.
Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails before 3.2.18, 4.0.x before 4.0.5, and 4.1.x before 4.1.1, when certain route globbing configurations are enabled, allows remote attackers to read arbitrary files via a crafted request.
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. HWRResProvider allows path traversal for data exposure. The Samsung ID is SVE-2020-16954 (June 2020).
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in wp01ru WP01 allows Path Traversal. This issue affects WP01: from n/a through 2.6.2.
BigBlueButton before 2.2.5 allows remote attackers to obtain sensitive files via Local File Inclusion.
Kirby is an open-source content management system. A vulnerability in versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 affects all Kirby setups that use PHP's built-in server. Such setups are commonly only used during local development. Sites that use other server software (such as Apache, nginx or Caddy) are not affected. A missing path traversal check allowed attackers to navigate all files on the server that were accessible to the PHP process, including files outside of the Kirby installation. The vulnerable implementation delegated all existing files to PHP, including existing files outside of the document root. This leads to a different response that allows attackers to determine whether the requested file exists. Because Kirby's router only delegates such requests to PHP and does not load or execute them, contents of the files were not exposed as PHP treats requests to files outside of the document root as invalid. The problem has been patched in Kirby 3.9.8.3, Kirby 3.10.1.2, and Kirby 4.7.1. In all of the mentioned releases, the maintainers of Kirby have updated the router to check if existing static files are within the document root. Requests to files outside the document root are treated as page requests of the error page and will no longer allow to determine whether the file exists or not.
IBM License Metric Tool 9.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 266893.
A Local File Inclusion (LFI) issue on Onkyo TX-NR585 1000-0000-000-0008-0000 devices allows remote unauthenticated users on the network to read sensitive files via %2e%2e%2f directory traversal, as demonstrated by reading /etc/shadow.
FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable. An exposed API call allows users to provide files to be processed without sanitation. This may allow an attacker to use specially crafted requests to traverse the file system and expose sensitive data on the local hard drive.
OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 7.3.0 are vulnerable to Directory Traversal in the Load Code feature. Version 7.3.0 contains a patch for the issue.
Zoho ManageEngine OpManager Stable build before 124196 and Released build before 125125 allows an unauthenticated attacker to read arbitrary files on the server by sending a crafted request.
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Property Hive Houzez Property Feed allows Path Traversal. This issue affects Houzez Property Feed: from n/a through 2.5.4.
OSSIM before 4.3.3.1 has tele_compress.php path traversal vulnerability
In s::can moni::tools in versions below 4.2 an unauthenticated attacker could get any file from the device by path traversal in the image-relocator module.
In s::can moni::tools in versions below 4.2 an unauthenticated attacker could get any file from the device by path traversal in the camera-file module.
Artica Proxy before 4.30.000000 Community Edition allows Directory Traversal via the fw.progrss.details.php popup parameter.
DONG JOO CHO File Transfer iFamily 2.1 allows directory traversal related to the ./etc/ path.
Gurbalib through 2020-04-30 allows lib/cmds/player/help.c directory traversal for reading administrative paths.
Motorola FX9500 devices allow remote attackers to conduct absolute path traversal attacks, as demonstrated by PL/SQL Server Pages files such as /include/viewtagdb.psp.
In GitLab EE 11.7 through 12.9, the NPM feature is vulnerable to a path traversal issue.
All versions of package http-server-node are vulnerable to Directory Traversal via use of --path-as-is.
upset-gal-web v7.1.0 /api/music/v1/cover.ts contains an arbitrary file read vulnerabilit
The LUNA RADIO PLAYER plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 6.24.01.24 via the js/fallback.php file. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.
Directory Traversal vulnerability in WebLaudos 24.2 (04) allows a remote attacker to obtain sensitive information via the id parameter.
PerfreeBlog v4.0.11 has a directory traversal vulnerability in the getThemeFilesByName function.
PHPGurukul Pre-School Enrollment System is vulnerable to Directory Traversal in manage-teachers.php.
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in FWDesign Easy Video Player Wordpress & WooCommerce allows Path Traversal. This issue affects Easy Video Player Wordpress & WooCommerce: from n/a through 10.0.
NCSIST ManageEngine Mobile Device Manager(MDM) APP's special function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and read arbitrary system files.
A Directory Traversal issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make HTTP GET requests to a certain URL and obtain information about what files and directories reside on the server.
Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to arbitrary file read in train.py's `export_index` function. This issue may lead to reading arbitrary files on the Applio server. It can also be used in conjunction with blind server-side request forgery to read files from servers on the internal network that the Applio server has access to. As of time of publication, no known patches are available.
Zoo 2.10 has Directory traversal
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 159883.
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A Path Traversal vulnerability was discovered in the WeGIA application, `examples.php` endpoint. This vulnerability could allow an attacker to gain unauthorized access to sensitive information stored in `config.php`. `config.php` contains information that could allow direct access to the database. This issue has been addressed in version 3.2.14 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all previous versions are vulnerable to a path traversal vulnerability of the web interface by a crafted URL without authentication. This enables an remote attacker to read all files on the filesystem of the FDS101 device.
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A Path Traversal vulnerability was discovered in the WeGIA application, `exportar_dump.php` endpoint. This vulnerability could allow an attacker to gain unauthorized access to sensitive information stored in `config.php`. `config.php` contains information that could allow direct access to the database. This issue has been addressed in version 3.2.14 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Installation). Supported versions that are affected are 5.5.0.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal via the WSCView/Save function.