CVE-2013-2978

Absolute path traversal vulnerability in the server in IBM Cognos Business Intelligence BI 8.4.1, 10.1, 10.1.1, 10.2, and 10.2.1 allows remote authenticated users to read files by leveraging the Report Author privilege, a different vulnerability than CVE-2013-2988...

CVE-2013-3457

Absolute path traversal vulnerability in the web interface in Cisco Finesse allows remote attackers to read directory contents via a direct request to a directory URL, aka Bug ID CSCug16772...

Path traversal

Absolute path traversal vulnerability in the 3D Graph ActiveX control in cw3dgrph.ocx in National Instruments LabWindows/CVI 2012 SP1 and earlier, LabVIEW 2012 SP1 and earlier, and other products allows remote attackers to create and execute arbitrary files via a full pathname in an argument to t...

CVE-2013-5021

Multiple absolute path traversal vulnerabilities in National Instruments cwui.ocx, as used in National Instruments LabWindows/CVI 2012 SP1 and earlier, National Instruments LabVIEW 2012 SP1 and earlier, the Data Analysis component in ABB DataManager 1 through 6.3.6, and other products allow remot...

CVE-2013-5022

The CVE-2013-5022 entry concerns an Absolute path traversal via the CWGraph3D ActiveX control (cw3dgrph.ocx) in National Instruments LabWindows/CVI 2012 SP1 and earlier, LabVIEW 2012 SP1 and earlier, and other products. Root cause: the ExportStyle method accepts a full pathname and, when combined...

DEBIAN-CVE-2013-2203

WordPress before 3.5.2, when the uploads directory forbids write access, allows remote attackers to obtain sensitive information via an invalid upload request, which reveals the absolute path in an XMLHttpRequest error message...

Design/Logic Flaw

WordPress before 3.5.2, when the uploads directory forbids write access, allows remote attackers to obtain sensitive information via an invalid upload request, which reveals the absolute path in an XMLHttpRequest error message...

Path traversal

Absolute path traversal vulnerability in hpdiags/frontend2/commands/saveCompareConfig.php in HP Insight Diagnostics 9.4.0.4710 allows remote attackers to write data to arbitrary files via a full pathname in the argument to the devicePath aka mount parameter...

Design/Logic Flaw

lib/setuplib.php in Moodle through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the absolute path in an exception message...

Path traversal

Absolute path traversal vulnerability in NTWebServer.exe in Indusoft Studio 7.0 and earlier and Advantech Studio 7.0 and earlier allows remote attackers to read arbitrary files via a full pathname in an argument to the sub401A90 CreateFileW function...

CVE-2013-1831

lib/setuplib.php in Moodle through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the absolute path in an exception message...

UBUNTU-CVE-2013-1831

lib/setuplib.php in Moodle through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the absolute path in an exception message...

libarchive -- multiple vulnerabilities

MITRE reports: Integer signedness error in the archivewritezipdata function in archivewritesetformatzip.c in libarchive 3.1.2 and earlier, when running on 64-bit machines, allows context-dependent attackers to cause a denial of service crash via unspecified vectors, which triggers an improper...

The latest FCKeditor proof absolute path vulnerability-vulnerability warning-the black bar safety net

Code: FCKeditor/editor/filemanager/connectors/asp/connector. asp? Command=CreateFolder&Type=File&CurrentFolder=%2F&NewFolderName=aux Version not test it. Principle: create an aux folder, aux in the windows system is not supported, so will complain, broke the absolute path, this relatively...

Path traversal

Absolute path traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to read arbitrary files via a /FSF/CMD request with a full pathname in a PATH element of an SRS record...

The latest wordpress proof absolute path method-vulnerability warning-the black bar safety net

Vulnerability file: /wp-includes/user.php...

MagicMail Mike g & e-mail system XSS and absolute path vulnerability-vulnerability warning-the black bar safety net

This morning in the Black Box testing of the local education network of the time to find a mail system vulnerability Comprising a reflectiveXSS as well as the absolute path to the leak Looked at looks like all is linux. Keywords: Mike g & e-mail system by MagicMail ! You can see a lot of governme...

shopex front Desk ordinary users getshell the latest vulnerability-vulnerability warning-the black bar safety net

Use method: First: think of a way to find the target site's absolute path http://www.wooyun.in/install/svinfo.php?phpinfo=true http://www.wooyun.in/core/api/shopapi.php http://www.wooyun.in/core/api/site/2.0/apib2b20cat.php http://www.wooyun.in/core/api/site/2.0/apib2b20goodstype.php...

QNAP Turbo NAS privilege escalation

It's possible to manipulate files by absolute path...

CVE-2012-4878

Absolute path traversal vulnerability in controlcenter.php in FlatnuX CMS 2011 08.09.2 allows remote administrators to read arbitrary files via a full pathname in the dir parameter in a contents/Files action...