CVE-2018-25311

VideoFlow Digital Video Protection DVP 2.10 contains an authenticated directory traversal vulnerability that allows attackers with valid credentials to disclose arbitrary files by injecting path traversal sequences in the ID parameter. Attackers can submit requests to downloadsys.pl,...

CVE-2018-25311 VideoFlow Digital Video Protection DVP 2.10 Authenticated Directory Traversal

VideoFlow Digital Video Protection DVP 2.10 contains an authenticated directory traversal vulnerability that allows attackers with valid credentials to disclose arbitrary files by injecting path traversal sequences in the ID parameter. Attackers can submit requests to downloadsys.pl,...

PT-2026-35994

VideoFlow Digital Video Protection DVP 2.10 contains an authenticated directory traversal vulnerability that allows authenticated attackers to disclose arbitrary files by injecting path traversal sequences in the ID parameter. Attackers can submit requests to downloadsys.pl, download xml.pl,...

CVE-2025-34181

NetSupport Manager prior to version 14.12.0001 contains an authenticated path traversal and arbitrary file-write vulnerability in the Connectivity Server/Gateway PUTFILE handler. An attacker with a valid Gateway Key can craft a filename with directory traversal sequences to write files to arbitra...

ABB Cylon FLXeon 9.3.5 (siteGuide.js) Authenticated Directory Traversal

Summary BACnet® Smart Building Controllers. ABB's BACnet portfolio features a series of BACnet® IP and BACnet MS/TP field controllers for ASPECT® and INTEGRA™ building management solutions. ABB BACnet controllers are designed for intelligent control of HVAC equipment such as central plant, boiler...

CVE-2021-44519

In Citrix XenMobile Server through 10.12 RP9, there is an Authenticated Directory Traversal vulnerability, leading to remote code execution...

CVE-2021-34638

Authenticated Directory Traversal in WordPress Download Manager = 3.1.24 allows authenticated Contributor+ users to obtain sensitive configuration file information, as well as allowing Author+ users to perform XSS attacks, by setting Download template to a file containing configuration informatio...

Authenticated command path traversal on timezone settings in Guardian/CMC before 20.0.7.4

Summary An authenticated command path traversal vulnerability in the management interface allows an authenticated administrator to read-protected system files. Impact Authenticated web GUI administrator can force the system to copy system files to the wrong location allowing him to read the...