50312 matches found
EUVD-2026-40908
The WP-BusinessDirectory plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Deletion in versions up to and including 4.0.1. This is due to insufficient path validation in the remove method of the JBusinessDirectoryControllerUpload class. The task=upload.remove endpoint is...
Koha 3.20.1 - Directory Traversal
Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to read arbitrary files via a ..%2f dot dot encoded slash in the templatepath parameter to 1 svc/virtualshelves/search or 2 svc/members/search. id: CVE-2015-4632 info: name:...
Solara <1.35.1 - Local File Inclusion
A Local File Inclusion LFI vulnerability was identified in widgetti/solara, in version 1.35.1, which was fixed in version 1.35.1. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as '../' when serving static files. ...
ManageEngine OpManager - Directory Traversal
A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. A specially crafted HTTP request can lead to arbitrary file creation. An attacker can send a malicious MiB file to trigger this vulnerability. id: CVE-2023-47211 info: name: ManageEngine...
FileMage Gateway - Directory Traversal
Directory Traversal vulnerability in FileMage Gateway Windows Deployments v.1.10.8 and before allows a remote attacker to obtain sensitive information via a crafted request to the /mgmt/ component. id: CVE-2023-39026 info: name: FileMage Gateway - Directory Traversal author: DhiyaneshDk severity:...
Onkyo TX-NR585 Web Interface - Directory Traversal
Onkyo TX-NR585 1000-0000-000-0008-0000 devices allows remote unauthenticated users on the network to read sensitive files via %2e%2e%2f directory traversal and local file inclusion. id: CVE-2020-12447 info: name: Onkyo TX-NR585 Web Interface - Directory Traversal author: 0xAkoko severity: high...
Netsweeper 4.0.8 - Directory Traversal
A directory traversal vulnerability in webadmin/reporter/viewserverlog.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to list directory contents via a .. dot dot in the log parameter in a stats action. id: CVE-2014-9609 info: name: Netsweeper...
Geddy <13.0.8 - Local File Inclusion
Geddy prior to version 13.0.8 contains a directory traversal vulnerability in lib/app/index.js that allows remote attackers to read arbitrary files via a ..%2f dot dot encoded slash in the PATHINFO to the default URI. id: CVE-2015-5688 info: name: Geddy 13.0.8 - Local File Inclusion author:...
Xibo 1.2.2/1.4.1 - Directory Traversal
A directory traversal vulnerability in Spring Signage Xibo 1.2.x before 1.2.3 and 1.4.x before 1.4.2 allows remote attackers to read arbitrary files via a .. dot dot in the p parameter to index.php. id: CVE-2013-5979 info: name: Xibo 1.2.2/1.4.1 - Directory Traversal author: daffainfo severity:...
Joomla! Component Jfeedback 1.2 - Local File Inclusion
A directory traversal vulnerability in the Ternaria Informatica Jfeedback! comjfeedback component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1478 info: name:...
Joomla! Cmimarketplace 0.1 - Local File Inclusion
Joomla! Cmimarketplace 0.1 is susceptible to local file inclusion because comcmimarketplace allows remote attackers to list arbitrary directories via a .. dot dot in the viewit parameter to index.php. id: CVE-2009-1496 info: name: Joomla! Cmimarketplace 0.1 - Local File Inclusion author: daffainf...
Joomla! Component Love Factory 1.3.4 - Local File Inclusion
A directory traversal vulnerability in the Love Factory comlovefactory component 1.3.4 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1957 info: name: Joomla! Component Love Factory 1.3.4 - Local File Inclusion...
Joomla! Component Music Manager - Local File Inclusion
A directory traversal vulnerability in the Music Manager component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. dot dot in the cid parameter to album.html. id: CVE-2010-2857 info: name: Joomla! Component Music Manager - Local Fil...
qdPM 9.2 - Directory Traversal
qdPM 9.2 allows Directory Traversal to list files and directories by navigating to the /uploads URI. id: CVE-2023-45855 info: name: qdPM 9.2 - Directory Traversal author: DhiyaneshDk severity: high description: | qdPM 9.2 allows Directory Traversal to list files and directories by navigating to t...
Joomla! Component com_janews - Local File Inclusion
A directory traversal vulnerability in the JA News comjanews component 1.0 for Joomla! allows remote attackers to read arbitrary local files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1219 info: name: Joomla! Component comjanews - Local File Inclusion author: daffainf...
Yearning - Directory Traversal
Yearning has a directory traversal vulnerability that can be exploited by attackers to obtain sensitive information. The vulnerability is present in multiple versions of Yearning. id: CVE-2022-27043 info: name: Yearning - Directory Traversal author: Co5mos severity: high description: | Yearning h...
Caucho Resin >=4.0.52 <=4.0.56 - Directory traversal
There is a Directory traversal vulnerability in Caucho Resin, as distributed in Resin 4.0.52 - 4.0.56, which allows remote attackers to read files in arbitrary directories via a ; in a pathname within an HTTP request. id: CVE-2021-44138 info: name: Caucho Resin =4.0.52 =4.0.56 - Directory travers...
LG-Ericsson iPECS NMS 30M - Local File Inclusion
Ericsson-LG iPECS NMS 30M allows local file inclusion via ipecs-cm/download?filename=../ URIs. id: CVE-2018-15138 info: name: LG-Ericsson iPECS NMS 30M - Local File Inclusion author: 0xAkoko severity: high description: Ericsson-LG iPECS NMS 30M allows local file inclusion via...
Joomla! Component PicSell 1.0 - Arbitrary File Retrieval
A directory traversal vulnerability in the PicSell compicsell component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the dflink parameter in a prevsell dwnfree action to index.php. id: CVE-2010-3203 info: name: Joomla! Component PicSell 1.0 - Arbitrary File...
WordPress DZS Zoomsounds <=6.50 - Local File Inclusion
WordPress Zoomsounds plugin 6.45 and earlier allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the dzsapdownload action using directory traversal in the link parameter. id: CVE-2021-39316 info: name: WordPress DZS Zoomsounds =6.51 to fix t...