CVE-2018-5755

Absolute path traversal vulnerability in the readerengine component in Open-Xchange OX App Suite before 7.6.3-rev3, 7.8.x before 7.8.2-rev4, 7.8.3 before 7.8.3-rev5, and 7.8.4 before 7.8.4-rev4 allows remote attackers to read arbitrary files via a full pathname in a formula in a spreadsheet...

Path traversal

Absolute path traversal vulnerability in the readerengine component in Open-Xchange OX App Suite before 7.6.3-rev3, 7.8.x before 7.8.2-rev4, 7.8.3 before 7.8.3-rev5, and 7.8.4 before 7.8.4-rev4 allows remote attackers to read arbitrary files via a full pathname in a formula in a spreadsheet...

Schools Alert Management Script Absolute Path Traversal Vulnerability

Schools Alert Management Script is a set of school management system scripts. An absolute path traversal vulnerability exists in PHP Scripts Mall Schools Alert Management Script. The vulnerability can be exploited to read arbitrary files via the f parameter in img.php...

Path traversal

Arbitrary File Read exists in PHP Scripts Mall Schools Alert Management Script via the f parameter in img.php, aka absolute path traversal...

CVE-2018-12054

Arbitrary File Read exists in PHP Scripts Mall Schools Alert Management Script via the f parameter in img.php, aka absolute path traversal...

CVE-2014-2069

Absolute path traversal vulnerability in Eshtery CMS allows remote attackers to read arbitrary files via a full pathname in the file parameter to FileManager.aspx...

Information Disclosure

github.com/golang/tools is vulnerable to information disclosure. The vulnerability exists as the absolute path can be found on the 404 page, exposing sensitive information to the users...

CVE-2018-9010

Intelbras TELEFONE IP TIP200/200 LITE 60.0.75.29 devices allow remote authenticated admins to read arbitrary files via the /cgi-bin/cgiServer.exx page parameter, aka absolute path traversal. In some cases, authentication can be achieved via the admin account with its default admin password...

CVE-2018-9010

Intelbras TELEFONE IP TIP200/200 LITE (firmware 60.0.75.29) is affected by an absolute path traversal via the /cgi-bin/cgiServer.exx parameter, allowing remote authenticated admins to read arbitrary files. Some entries note possible authentication via a default admin password. No remediation deta...

CVE-2018-9010

Intelbras TELEFONE IP TIP200/200 LITE 60.0.75.29 devices allow remote authenticated admins to read arbitrary files via the /cgi-bin/cgiServer.exx page parameter, aka absolute path traversal. In some cases, authentication can be achieved via the admin account with its default admin password...

CVE-2018-7422

A Local File Inclusion vulnerability in the Site Editor plugin through 1.1.1 for WordPress allows remote attackers to retrieve arbitrary files via the ajaxpath parameter to editor/extensions/pagebuilder/includes/ajaxshortcodepattern.php, aka absolute path traversal...

Path traversal

A Local File Inclusion vulnerability in the Site Editor plugin through 1.1.1 for WordPress allows remote attackers to retrieve arbitrary files via the ajaxpath parameter to editor/extensions/pagebuilder/includes/ajaxshortcodepattern.php, aka absolute path traversal...

CVE-2018-7422

A Local File Inclusion vulnerability in the Site Editor plugin through 1.1.1 for WordPress allows remote attackers to retrieve arbitrary files via the ajaxpath parameter to editor/extensions/pagebuilder/includes/ajaxshortcodepattern.php, aka absolute path traversal...

CVE-2018-7422

CVE-2018-7422 : WordPress Site Editor plugin (

DLL Hijacking Vulnerability in INVT Studio

INVT Studio is a configuration software used to configure and monitor INVT drives. A DLL hijacking vulnerability exists in INVT Studio due to a failure to specify an absolute path for a DLL contained in an INVT Studio application, which allows an attacker to build a malicious application, place i...

eFront CMS 3.6.15.4 Multiple Vulnerabilities

eFront CMS is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only Info: There is an EOL detection for this produ...

[SECURITY] [DLA 1239-1] poco security update

Package : poco Version : 1.3.6p1-4+deb7u1 CVE ID : CVE-2017-1000472...

Path traversal

The ZipCommon::isValidPath function in Zip/src/ZipCommon.cpp in POCO C++ Libraries before 1.8 does not properly restrict the filename value in the ZIP header, which allows attackers to conduct absolute path traversal attacks during the ZIP decompression, and possibly create or overwrite arbitrary...

DEBIAN-CVE-2017-1000472

The ZipCommon::isValidPath function in Zip/src/ZipCommon.cpp in POCO C++ Libraries before 1.8 does not properly restrict the filename value in the ZIP header, which allows attackers to conduct absolute path traversal attacks during the ZIP decompression, and possibly create or overwrite arbitrary...

CVE-2017-1000472

The ZipCommon::isValidPath function in Zip/src/ZipCommon.cpp in POCO C++ Libraries before 1.8 does not properly restrict the filename value in the ZIP header, which allows attackers to conduct absolute path traversal attacks during the ZIP decompression, and possibly create or overwrite arbitrary...