15 matches found
CVE-2026-41370
OpenClaw before 2026.3.31 contains a path traversal vulnerability in ACP dispatch that allows attackers to read arbitrary files by manipulating inbound channel attachment paths. Remote attackers can bypass attachment-cache and root directory checks to access files outside intended directories...
Echo 路径遍历漏洞
Echo is a set of open-source community systems developed by Veal98, where the front-end and back-end are not separated. Versions 5.0.0 to 5.0.2 of Echo have a path traversal vulnerability. This vulnerability arises from improper handling of backslashes by the middleware.Static on Windows systems,...
Croogo CMS has a path traversal vulnerability
A path traversal vulnerability in Croogo CMS 4.0.7 allows remote attackers to read arbitrary files via a specially crafted path in the 'edit-file' parameter...
CVE-2024-4464
Authorization bypass through user-controlled key vulnerability in streaming service in Synology Media Server before 1.4-2680, 2.0.5-3152 and 2.2.0-3325 allows remote attackers to read specific files via unspecified vectors...
The vulnerability of the Titan SFTP and Titan MFT NextGen server software lies in the improper restriction on the path name to the restricted directory. This allows attackers to read arbitrary files from the file system.
The vulnerability of the Titan SFTP and Titan MFT NextGen server software lies in improper restrictions on the path name to the restricted directory. Exploiting this vulnerability allows a malicious actor to remotely read arbitrary files from the file system...
CVE-2022-35650
The vulnerability was found in Moodle, occurs due to input validation error when importing lesson questions. This insufficient path checks results in arbitrary file read risk. This vulnerability allows a remote attacker to perform directory traversal attacks. The capability to access this feature...
CVE-2020-7914
In JetBrains IntelliJ IDEA 2019.2, an XSLT debugger plugin misconfiguration allows arbitrary file read operations over the network. This issue was fixed in 2019.3...
CVE-2017-14384
In Dell Storage Manager versions earlier than 16.3.20, the EMConfigMigration service is affected by a directory traversal vulnerability. A remote malicious user could potentially exploit this vulnerability to read unauthorized files by supplying specially crafted strings in input parameters of th...
Accellion File Transfer Appliance Path Traversal Vulnerability
Accellion File Transfer Appliance FTA is a file transfer solution from Accellion USA. The solution supports file transfer, file sharing, file transfer tracking and reporting, and more. A directory traversal vulnerability exists in the 'template' function of the functions.inc file in versions of...
The vulnerability of the autonomous configuration tool for the visualization and control system “U.motion Builder” arises from deficiencies in access control and the disclosure of information in error messages, allowing attackers to read arbitrary files.
The vulnerability of the autonomous configuration tool for the U.motion Builder visualization and control system stems from deficiencies in access control and the disclosure of information in error messages. Exploiting this vulnerability allows a malicious actor to remotely read arbitrary files...
CVE-2016-6139
SAP TREX 7.10 Revision 63 allows remote attackers to read arbitrary files via unspecified vectors, aka SAP Security Note 2203591...
The vulnerability of the Microsoft .NET Framework software platform, which allows a hacker to read arbitrary files
The vulnerability of the XML DTD parser component in the Microsoft .NET Framework is related to the lack of protection for operational data. Exploiting this vulnerability allows an attacker to remotely read arbitrary files by creating external declarations on XXE objects...
RESTEasy: XXE via parameter entities
It was found that the fix for CVE-2012-0818 was incomplete: external parameter entities were not disabled when the resteasy.document.expand.entity.references parameter was set to false. A remote attacker able to send XML requests to a RESTEasy endpoint could use this flaw to read files accessible...
Mozilla: Local Java applets may read contents of local file system (MFSA 2013-75)
Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 do not properly restrict local-filesystem access by Java applets, which allows user-assisted remote attackers to read arbitrary files by leveraging...
PT-2011-2318 · Cisco · Cisco Asa
Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliances ASA 5500 series devices versions 8.0 before 8.05.23 Cisco Adaptive Security Appliances ASA 5500 series devices versions 8.1 before 8.12.49 Cisco Adaptive Security Appliances ASA 5500 series devices versions...