CVE-2017-11440

CVE-2017-11440 : In Sitecore 8.2, there is an absolute path traversal vulnerability via the fi parameter in shell/Applications/Layouts/IDE.aspx and the Reference parameter in admin/LinqScratchPad.aspx, enabling an attacker to disclose local files. Multiple connected sources (NVD, CNVD, PrioN/CVEs...

(0Day) Schneider Electric U.motion Builder sendmail email_attachment Parameter Absolute Path Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to extract arbitrary files on vulnerable installations of Schneider Electric U.motion Builder. Authentication is not required to exploit this vulnerability. The specific flaw exists within processing of sendmail.php. The applet allows callers to select...

CVE-2017-8841

Arbitrary file deletion exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2380hw6580hw2710hw31350hw22500-7.0.1-build2093. The attack methodology is absolute path traversal in cgi-bin/MANGA/firmwareprocess.cgi via the upfile.path parameter...

CVE-2017-8841

Arbitrary file deletion exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2380hw6580hw2710hw31350hw22500-7.0.1-build2093. The attack methodology is absolute path traversal in cgi-bin/MANGA/firmwareprocess.cgi via the upfile.path parameter...

NIUSHOP open source mall system with arbitrary file deletion vulnerability

NiuShop open source mall system is by Shanxi Niu Cool Information Technology Co., Ltd. completely independent design, research and development of a set of PHP open source e-commerce system . NIUSHOP open source mall system latest version of the existence of arbitrary file deletion vulnerability...

CVE-2017-7494

Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it. Recent assessments: bwatters-r7 at April 14, 2020 4:47p...

CVE-2017-5966

Sitecore CRM 8.1 Rev 151207 allows remote authenticated administrators to read arbitrary files via an absolute path traversal attack on sitecore/shell/download.aspx with the file parameter...

Path traversal

Sitecore CRM 8.1 Rev 151207 allows remote authenticated administrators to read arbitrary files via an absolute path traversal attack on sitecore/shell/download.aspx with the file parameter...

CVE-2017-5966

CVE-2017-5966 affects Sitecore CRM 8.1 Rev 151207. The vulnerability is an absolute path traversal in sitecore/shell/download.aspx (parameter: file) that allows remote authenticated administrators to read arbitrary files. Root cause is improper validation of the file parameter in the download end...

CVE-2015-5469

CVE-2015-5469 affects the WordPress MDC YouTube Downloader plugin (v2.1.0). The vulnerability is a Local File Inclusion via the file parameter to includes/download.php, enabling an attacker to read arbitrary server files through an absolute path. Impact described in sources includes potential exp...

CVE-2015-5609

The CVE-2015-5609 entry describes an absolute path traversal in the WordPress Image Export plugin 1.1, allowing remote attackers to read and delete arbitrary files via a full pathname passed to download.php. Affected component is the WordPress Image Export plugin (version 1.1); root cause is a pa...

CVE-2017-7433

An absolute path traversal vulnerability CWE-36 in Micro Focus Vibe 4.0.2 and earlier allows a remote authenticated attacker to download arbitrary files from the server by submitting a specially crafted request to the viewFile endpoint. Note that the attack can be performed without authentication...

Path traversal

An Absolute Path Traversal issue was discovered in Advantech WebAccess Version 8.1 and prior. The absolute path traversal vulnerability has been identified, which may allow an attacker to traverse the file system to access restricted files or directories...

CVE-2017-7929

An Absolute Path Traversal issue was discovered in Advantech WebAccess Version 8.1 and prior. The absolute path traversal vulnerability has been identified, which may allow an attacker to traverse the file system to access restricted files or directories...

CVE-2017-7929

An Absolute Path Traversal issue was discovered in Advantech WebAccess Version 8.1 and prior. The absolute path traversal vulnerability has been identified, which may allow an attacker to traverse the file system to access restricted files or directories...

CVE-2017-7929

CVE-2017-7929 is an Absolute Path Traversal vulnerability in Advantech WebAccess (versions 8.1 and earlier). The issue allows an attacker to traverse the file system and access restricted files or directories via network-accessible input, due to insufficient input filtering in the WebAccess web i...

Advantech WebAccess

CVSS v3 7.1 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Advantech Equipment: WebAccess Vulnerability: Absolute Path Traversal AFFECTED PRODUCTS The following WebAccess versions are affected: WebAccess Version 8.1 and prior. IMPACT Successful exploitation of this...

LAquis SCADA dll Hijacking Vulnerability

LAquis SCADA is the tool and language for data collection, process supervision, industrial automation, storage and report generation for quality management and application development. LAquis SCADA suffers from a dll hijacking vulnerability. The vulnerability is caused due to the LAquis SCADA...

Solarwinds LEM 6.3.1 Management Shell Arbitrary File Read Vulnerability

The management shell on Solarwinds Log and Event Manager Virtual Appliance version 6.3.1 allows the end user to edit the MOTD banner displayed during SSH logon. The editor provided for this is nano. This editor has a keyboard mapped function which lets the user import a file from the local file...

Solarwinds LEM 6.3.1 Management Shell Arbitrary File Read

KL-001-2017-008 : Solarwinds LEM Management Shell Arbitrary File Read Title: Solarwinds LEM Management Shell Arbitrary File Read Advisory ID: KL-001-2017-008 Publication Date: 2017.04.24 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-008.txt 1. Vulnerability Details...