Design/Logic Flaw

/contingency/servlet/ServletFileDownload executes as root and provides unauthenticated access to files via the file parameter...

CVE-2018-14928

/contingency/servlet/ServletFileDownload executes as root and provides unauthenticated access to files via the file parameter...

CVE-2018-14928

CVE-2018-14928 describes a vulnerability where /contingency/servlet/ServletFileDownload executes with root privileges and exposes unauthenticated access to files via the file parameter. This enables file disclosure without authentication. The NVD entry assigns a CVSSv3 base score of 7.5 (HIGH) wi...

CVE-2018-14927

CVE-2018-14927 affects Matera Banco 1.0.0. The vulnerability is a path traversal flaw that allows access to system files outside the default application folder via the /contingency/servlet/ServletFileDownload parameter, related to /contingency/web/receiptQuery/receiptDisplay.jsp. Documented impac...

Security Bulletin: Unix File Parameter Alteration vulnerability in GDS component of IBM® InfoSphere® Master Data Management - Collaborative Edition (CVE-2014-3064).

Summary IBM® InfoSphere® Master Data Management - Collaborative Edition is vulnerable to a Unix file parameter alteration vulnerability. This vulnerability might allow unauthorized access to data; specifically, an authorized person might be able to copy files from the InfoSphere MDM - Collaborati...

DEBIAN-CVE-2018-12040

Reflected Cross-site scripting XSS vulnerability in the web profiler in SensioLabs Symfony 3.3.6 allows remote attackers to inject arbitrary web script or HTML via the "file" parameter, aka an profiler/open?file= URI. NOTE: The vendor states "The XSS ... is in the web profiler, a tool that should...

UBUNTU-CVE-2018-12040

DISPUTED Reflected Cross-site scripting XSS vulnerability in the web profiler in SensioLabs Symfony 3.3.6 allows remote attackers to inject arbitrary web script or HTML via the "file" parameter, aka an profiler/open?file= URI. NOTE: The vendor states "The XSS ... is in the web profiler, a tool th...

CVE-2018-12040

Reflected Cross-site scripting XSS vulnerability in the web profiler in SensioLabs Symfony 3.3.6 allows remote attackers to inject arbitrary web script or HTML via the "file" parameter, aka an profiler/open?file= URI. NOTE: The vendor states "The XSS ... is in the web profiler, a tool that should...

PT-2018-10962 · Sensiolabs · Symfony

Name of the Vulnerable Software and Affected Versions: SensioLabs Symfony version 3.3.6 Description: A reflected Cross-site scripting XSS issue exists in the web profiler, allowing remote attackers to inject arbitrary web script or HTML via the file parameter in an profiler/open?file= URI. The...

Directory Traversal

studio-42/elfinder is vulnerable to directory traversals. The application does not properly validate the file parameter in the zipdl function of elFinder.class.php, allowing a malicious user to conduct a directory traversals attack, and may cause file deletion. This vulnerability exists due to an...

Directory Traversal

studio-42/elfinder is vulnerable to directory traversals. The application does not validate the file parameter of the zipdl function in elFinder.class.php, allowing a malicious user to cause a directory traversal attack and may cause file deletion...

CVE-2018-11344

A path traversal vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to arbitrarily specify a file on the system to download via the file1 parameter...

CVE-2018-7669

An issue was discovered in Sitecore Sitecore.NET 8.1 rev. 151207 Hotfix 141178-1 and above. The 'Log Viewer' application is vulnerable to a directory traversal attack, allowing an attacker to access arbitrary files from the host Operating System using a...

CVE-2014-2069

Absolute path traversal vulnerability in Eshtery CMS allows remote attackers to read arbitrary files via a full pathname in the file parameter to FileManager.aspx...

The vulnerability of the update_module.php script in the U.motion builder system allows a perpetrator to execute arbitrary code.

The vulnerability of the updatemodule.php script in the U.motion builder system exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending a specially crafted request to the server using the updatefile parameter...

3CX Device Path Traversal Vulnerability

3CX devices is an IP phone device from 3CX USA. A path traversal vulnerability exists in 3CX devices. The vulnerability can be exploited to access a file on the server by using the 'file' parameter in the /api/RecordingList/download?file=request...

CVE-2018-7654

On 3CX 15.5.6354.2 devices, the parameter "file" in the request "/api/RecordingList/download?file=" allows full access to files on the server via path traversal...

CVE-2018-5716

An issue was discovered in Reprise License Manager 11.0. This vulnerability is a Path Traversal where the attacker, by changing a field in the Web Request, can have access to files on the File System of the Server. By specifying a pathname in the POST parameter "lf" to the goform/editlfgetdata UR...

Jtag Members Directory Arbitrary File Download Vulnerability

Joomla! is the U.S. Open Source Matters team developed a set of open source content management system CMS, the system provides RSS feeds, site search and other features . Jtag Members Directory is used in one of the member management plug-ins. An arbitrary file download vulnerability exists in...

CVE-2018-6008

Arbitrary File Download exists in the Jtag Members Directory 5.3.7 component for Joomla! via the downloadfile parameter...