CVE-2023-33277

The web interface of Gira Giersiepen Gira KNX/IP-Router 3.1.3683.0 and 3.3.8.0 allows a remote attacker to read sensitive files via directory-traversal sequences in the URL...

Jeecg P3 Biz Chat allows remote attackers to read arbitrary files

Jeecg P3 Biz Chat 1.0.5 allows remote attackers to read arbitrary files through specific parameters...

CVE-2023-1864

FANUC ROBOGUIDE-HandlingPRO Versions 9 Rev.ZD and prior is vulnerable to a path traversal, which could allow an attacker to remotely read files on the system running the affected software...

CVE-2023-1864

FANUC ROBOGUIDE-HandlingPRO, Versions 9 Rev.ZD and prior, is affected by CVE-2023-1864 (path traversal). The root cause is improper limitation of a pathname to a restricted directory, enabling a remote attacker to read files on the system running the software. According to published advisories, t...

CVE-2023-33510

Jeecg P3 Biz Chat 1.0.5 allows remote attackers to read arbitrary files through specific parameters...

CVE-2023-32235

Ghost before 5.42.1 allows remote attackers to read arbitrary files within the active theme's folder via /assets/built%2F..%2F..%2F/ directory traversal. This occurs in frontend/web/middleware/static-theme.js...

SUSE CVE-2006-2758

Directory traversal vulnerability in jetty 6.0.x jetty6 beta16 allows remote attackers to read arbitrary files via a %2e%2e%5c encoded ../ in the URL. NOTE: this might be the same issue as CVE-2005-3747...

CVE-2022-36982

This vulnerability allows remote attackers to read arbitrary files on affected installations of Ivanti Avalanche 6.3.3.101. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the AgentTaskHandle...

Design/Logic Flaw

This vulnerability allows remote attackers to read arbitrary files on affected installations of Ivanti Avalanche 6.3.3.101. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the AgentTaskHandle...

CVE-2022-36982

CVE-2022-36982 affects Ivanti Avalanche 6.3.3.101. The flaw is in the AgentTaskHandler and stems from inadequate validation of a user-supplied path before file operations, enabling a path-traversal-like disclosure of arbitrary files and stored session cookies. Authentication is required to exploi...

PT-2023-2050 · Adobe · Commerce

Name of the Vulnerable Software and Affected Versions: Adobe Commerce versions 2.4.4-p2 and earlier Adobe Commerce versions 2.4.5-p1 and earlier Description: The issue is related to errors in processing XML requests, which could allow a remote attacker to gain unauthorized access to protected...

SUSE CVE-2004-0759

Mozilla before 1.7 allows remote web servers to read arbitrary files via Javascript that sets the value of an tag...

SUSE CVE-2004-1020

The addslashes function in PHP 4.3.9 does not properly escape a NULL /0 character, which may allow remote attackers to read arbitrary files in PHP applications that contain a directory traversal vulnerability in require or include statements, but are otherwise protected by the magicquotesgpc...

SUSE CVE-2004-1148

phpMyAdmin before 2.6.1, when configured with UploadDir functionality, allows remote attackers to read arbitrary files via the sqllocalfile parameter...

SUSE CVE-2005-0202

Directory traversal vulnerability in the truepath function in private.py for Mailman 2.1.5 and earlier allows remote attackers to read arbitrary files via ".../....///" sequences, which are not properly cleansed by regular expressions that are intended to remove "../" and "./" sequences...

SUSE CVE-2006-1260

Horde Application Framework 3.0.9 allows remote attackers to read arbitrary files via a null character in the url parameter in services/go.php, which bypasses a sanity check...

SUSE CVE-2006-2082

Directory traversal vulnerability in Quake 3 engine, as used in products including Quake3 Arena, Return to Castle Wolfenstein, Wolfenstein: Enemy Territory, and Star Trek Voyager: Elite Force, when the svallowdownload cvar is enabled, allows remote attackers to read arbitrary files from the serve...

SUSE CVE-2006-2658

Directory traversal vulnerability in the xsp component in modmono in Mono/C web server, as used in SUSE Open-Enterprise-Server 1 and SUSE Linux 9.2 through 10.0, allows remote attackers to read arbitrary files via a .. dot dot sequence in an HTTP request...

SUSE CVE-2006-2782

Firefox 1.5.0.2 does not fix all test cases associated with CVE-2006-1729, which allows remote attackers to read arbitrary files by inserting the target filename into a text box, then turning that box into a file upload control...

SUSE CVE-2007-0450

Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules modproxy, modrewrite, modjk, allows remote attackers to read arbitrary files via a .. dot dot sequence with combinations of 1 "/" slash, 2 "" backslash, and...