CVE-2017-20248

Apptha Slider Gallery 1.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the imgname parameter. Attackers can send requests to asgallDownload.php with directory traversal sequences ../ to access sensitive files outside the...

CVE-2018-25421

Open STA Manager 2.3 contains a path traversal vulnerability that allows authenticated users to download arbitrary files by manipulating the file parameter. Attackers can send GET requests to modules/backup/actions.php with op=getfile and traverse directories using ../ sequences to access sensiti...

PT-2026-44871

Navigate CMS 2.8.5 contains a path traversal vulnerability that allows authenticated users to download arbitrary files by injecting directory traversal sequences in the id parameter. Attackers can send GET requests to navigate download.php with path traversal payloads ../../../cfg/globals.php to...

CVE-2019-25610

NetNumber Titan Master 7.9.1 contains a path traversal vulnerability in the drp endpoint that allows authenticated users to download arbitrary files by injecting directory traversal sequences. Attackers can manipulate the path parameter with base64-encoded payloads containing ../ sequences to...

Hewlett Packard Enterprise ArubaOS 安全漏洞

Hewlett Packard Enterprise ArubaOS HPE ArubaOS is a networked wireless operating system from Hewlett Packard Enterprise USA. A security vulnerability exists in Hewlett Packard Enterprise ArubaOS HPE ArubaOS that stems from an arbitrary file download vulnerability in the web-based management...

ROS-20251008-02

Thunderbird email client vulnerability is related to insufficient protection of service data. Exploitation exploitation of the vulnerability could allow an attacker acting remotely to download arbitrary files...

EUVD-2023-52430

Malicious code in bioql PyPI...

EUVD-2022-31757

Malicious code in bioql PyPI...

CVE-2024-55459

CVE-2024-55459 affects keras 3.7.0, allowing an attacker to write arbitrary files to a user’s machine by downloading a crafted tar via the get_file function. The connected IBM advisories corroborate that this vulnerability has been addressed in product-specific updates (e.g., upgrading impacted I...

PT-2024-16114 · Wellchoose · Administrative Management System

Name of the Vulnerable Software and Affected Versions: Administrative Management System from Wellchoose affected versions not specified Description: The Administrative Management System from Wellchoose has a Path Traversal issue, allowing unauthenticated remote attackers to exploit this...

PT-2024-30231

Name of the Vulnerable Software and Affected Versions HGiga iSherlock including MailSherlock, SpamSherlock, AuditSherlock affected versions not specified Description The system configuration interface of HGiga iSherlock fails to filter special characters in certain function parameters, allowing...

PT-2024-15650 · Git +2 · Anything-Llm +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: A user who is already privileged as manager or admin can exploit this issue by setting their profile picture via the frontend API using a relative...

CVE-2023-48383

NetVision Information airPASS has a path traversal vulnerability within its parameter in a specific URL. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files...

Path traversal

NetVision Information airPASS has a path traversal vulnerability within its parameter in a specific URL. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files...

CVE-2023-48242

The vulnerability allows an authenticated remote attacker to download arbitrary files in all paths of the system under the context of the application OS user “root” via a crafted HTTP request...

Bosch Nexo cordless nutrunner security breach

Bosch Nexo Cordless nutrunner is a series of cordless tightening wrenches with integrated controls from Bosch Germany. A security vulnerability exists in Bosch Nexo cordless nutrunner. The vulnerability allows an authenticated, remote attacker to download arbitrary files in all system paths via a...

CVE-2023-48378 Softnext Mail SQR Expert - Path Traversal

Softnext Mail SQR Expert has a path traversal vulnerability within its parameter in a specific URL. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files...

CVE-2022-39022

U-Office Force Download function has a path traversal vulnerability. A remote attacker with general user privilege can exploit this vulnerability to download arbitrary system file...

CVE-2022-27617

Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in webapi component in Synology Calendar before 2.3.4-0631 allows remote authenticated users to download arbitrary files via unspecified vectors...

CVE-2021-43930

Elcomplus SmartPTT is vulnerable as the backup and restore system does not adequately validate download requests, enabling malicious users to perform path traversal attacks and potentially download arbitrary files from the system...