Directory Traversal

Overview Affected versions of yjmyjmyjm resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system...

Directory Traversal

Overview Affected versions of sly07 resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system...

Directory Traversal

Overview Affected versions of picard resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system...

Directory Traversal

Overview Affected versions of uv-tj-demo resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system...

Directory Traversal

Overview Affected versions of looppake resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system...

Directory Traversal

Overview Affected versions of node-server-forfront resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the...

Directory Traversal

Overview Affected versions of cuciuci resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system...

Directory Traversal

Overview Affected versions of wangguojing123 resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable...

Directory Traversal

Overview Affected versions of citypredict.whauwiller resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the...

Stack Overflow Vulnerability in File Paths of Antenna SmartArmor

Antenna Intelligent Armor Terminal Defense System hereinafter referred to as Intelligent Armor, or IEP in English, is a terminal threat security protection product specially developed for business networks of enterprises, governments and organizations. There is a stack overflow vulnerability in t...

Directory Traversal

Overview Affected versions of serverlyr resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system...

Zimbra < 8.7.6 Multiple Vulnerabilities

Zimbra is prone to multiple vulnerabilities. Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2016-6852

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Users can provide local file paths to the RSS reader; the response and error code give hints about whether the provided file exists or not. Attackers may discover specific system files or library versions on the middleware...

ZKTeco ZKBioSecurity 3.0 Directory Traversal Vulnerability

ZKBioSecurity is a comprehensive management platform for biometric security. A directory traversal vulnerability exists in ZKTeco ZKBioSecurity 3.0, which can be exploited by an attacker to obtain sensitive information by modifying a file path...

The vulnerability of Google Chrome allows a malicious actor to circumvent domain restriction rules.

The Google Chrome browser contains a vulnerability related to the implementation of drag-and-drop functionality. This vulnerability allows malicious actors to circumvent domain restrictions and replace local file paths by accessing resources through rendering. To exploit this vulnerability, activ...

The Definitive Guide on Win32 to NT Path Conversion

Posted by James Forshaw, path’ological reverse engineer. How the Win32 APIs process file paths on Windows NT is a tale filled with backwards compatibility hacks, weird behaviour, and beauty†. Incorrect handling of Win32 paths can lead to security vulnerabilities. This blog post is to try and give...

CVE-2015-7934

The Java client in Adcon Telemetry A840 Telemetry Gateway Base Station allows remote attackers to discover log-file pathnames via unspecified vectors...

Adcon Telemetry A840 Telemetry Gateway Information Disclosure Vulnerability (CNVD-2015-08414)

The Adcon Telemetry A840 Telemetry Gateway is the A840 series of gateway products from Adcon Telemetry, Germany. The Adcon Telemetry A840 Telemetry Gateway displays the full pathname of the log file in the server, allowing remote attackers to exploit this vulnerability to obtain sensitive...

Kaseya Virtual System Administrator Elevation of Privilege Vulnerability

Kaseya Virtual System Administrator is a suite of IT system management platforms for simplifying and automating IT services. Kaseya Virtual System Administrator does not enforce user authentication and does not restrict target file paths, allowing remote attackers to exploit vulnerabilities to...

Kaseya Virtual System Administrator Remote File Upload Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Kaseya Virtual System Administrator. Authentication is not required to exploit this vulnerability. The specific flaw exists within the uploader.aspx page, which does not properly require that users...