Directory traversal

QSAN Storage Manager through directory listing vulnerability in antivirus function allows remote authenticated attackers to list arbitrary directories by injecting file path parameter. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3...

CVE-2020-14946

downloadFile.ashx in the Administrator section of the Surveillance module in Global RADAR BSA Radar 1.6.7234.24750 and earlier allows users to download transaction files. When downloading the files, a user is able to view local files on the web server by manipulating the FileName and FilePath...

CVE-2018-13290

Information exposure vulnerability in SYNO.Core.ACL in Synology Router Manager SRM before 1.1.7-6941-2 allows remote authenticated users to determine the existence of files or obtain sensitive information of files via the filepath parameter...

Information disclosure

Information exposure vulnerability in SYNO.Core.ACL in Synology Router Manager SRM before 1.1.7-6941-2 allows remote authenticated users to determine the existence of files or obtain sensitive information of files via the filepath parameter...

Synology DiskStation Manager Information Disclosure Vulnerability

Synology DiskStation Manager DSM is an operating system for use on Network Storage Servers NAS from Synology. The operating system manages information such as data, files, photos, music, and more. An information disclosure vulnerability exists in SYNO.Core.ACL in Synology DSM versions prior to...

CVE-2018-13281

Information exposure vulnerability in SYNO.Core.ACL in Synology DiskStation Manager DSM before 6.2-23739-2 allows remote authenticated users to determine the existence and obtain the metadata of arbitrary files via the filepath parameter...

CVE-2017-11511

The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the filepath parameter for the download-file URL. An unauthenticated remote attacker can use this vulnerability to download arbitrary files...

DEBIAN-CVE-2009-1148

Directory traversal vulnerability in bsdispasmimetype.php in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote attackers to read arbitrary files via directory traversal sequences in the filepath parameter $filename variable...

PHPAuctionSystem - Multiple Remote File Inclusions

PHPAuctionSystem - Multiple Remote File Inclusions »=======================================================================================================-X » » » PHPAuctionSystem Multiple Remote File Inclusion Vulnerability » » » » ======= ------d-------m------ ==== ==== » » || = | |o...