Path Traversal in http-live-simulator

Versions of http-live-simulator prior to 1.0.7 are vulnerable to Path Traversal. Due to insufficient input sanitization, attackers can access server files by using relative paths. For example: curl --path-as-is http://localhost:8080//../../../../etc/passwd. Recommendation Upgrade to version 1.0.7...

CVE-2018-16493

A path traversal vulnerability was found in module static-resource-server 1.7.2 that allows unauthorized read access to any file on the server by appending slashes in the URL...

CVE-2019-6799

An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access. This is related to the mysql.allowlocalinfile PHP...

CVE-2019-6799

An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access. This is related to the mysql.allowlocalinfile PHP...

Path Traversal

Overview Versions of http-live-simulator prior to 1.0.7 are vulnerable to Path Traversal. Due to insufficient input sanitization, attackers can access server files by using relative paths. For example: curl --path-as-is http://localhost:8080//../../../../etc/passwd. Recommendation Upgrade to...

Arbitrary File Download Vulnerability in LaySNS v2.40

LaySNS is a lightweight, ThinkPHP+Layui-based integrated website management system that integrates content management and community interaction. LaySNS v2.40 has an arbitrary file download vulnerability that can be exploited by attackers to obtain sensitive file information on the server...

Directory Traversal Vulnerability in 56iq Digital Signage Software Frontend

56iq digital signage software is a digital signage content creation software, used to create exciting programs in plasma liquid crystal LCD flat-panel TVs, LED screens, projection equipment and other multimedia terminals playback and touch interactive applications. A directory traversal...

CVE-2018-19458

In PHP Proxy 3.0.3, any user can read files from the server without authentication due to an index.php?q=file:/// LFI URI, a different vulnerability than CVE-2018-19246...

CVE-2018-19458

In PHP Proxy 3.0.3, any user can read files from the server without authentication due to an index.php?q=file:/// LFI URI, a different vulnerability than CVE-2018-19246...

Cybozu Mailwise Directory Traversal Vulnerability

Cybozu Mailwise is a web-based e-mail system. A directory traversal vulnerability exists in Cybozu Mailwise, which can be exploited by a remote attacker to delete arbitrary files on the server...

WordPress WooCommerce Plugin RCE Vulnerability - Windows

The WooCommerce Plugin for WordPress is prone to a remote code execution RCE vulnerability. This VT has been deprecated and merged into the VT SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

GHSA-3HVM-HGPW-RX4J Path Traversal in knightjs

All versions of knightjs are vulnerable to Path Traversal. This vulnerability allows an attacker to read content of arbitrary files on the server due to lack of input validation. Recommendation As there is currently no fix for this module we recommend not using this module in production...

Directory traversal

Directory Traversal vulnerability in salt-api in SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allows remote attackers to determine which files exist on the server...

CVE-2018-15750

Directory Traversal vulnerability in salt-api in SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allows remote attackers to determine which files exist on the server...

Path Traversal in buttle

All versions of buttle are vulnerable to Path Traversal. Due to insufficient input sanitization, attackers can access server files by using relative paths when fetching files. Recommendation No fix is currently available. Consider using an alternative module until a fix is made available...

GHSA-M8CR-Q935-8J67 Path Traversal in buttle

All versions of buttle are vulnerable to Path Traversal. Due to insufficient input sanitization, attackers can access server files by using relative paths when fetching files. Recommendation No fix is currently available. Consider using an alternative module until a fix is made available...

Cybozu Garoon vulnerable to directory traversal

Overview Cybozu Garoon provided by Cybozu, Inc. contains a directory traversal vulnerability CWE-22 due to a flaw in processing of the session information. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated und...

Responsive FileManager Information Disclosure Vulnerability

Responsive FileManager is an open source file manager written in PHP that supports uploading and managing videos, images and other files. An information disclosure vulnerability exists in the /filemanager/upload.php file in versions of Responsive FileManager prior to 9.13.3, which stems from the...

CVE-2017-16790

An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5. When a form is submitted by the user, the request handler classes of the Form component merge POST data and uploaded files data into one array. This big array forms the data that are then bound to...

Path Traversal in crud-file-server

Versions of crud-file-server prior to 0.9.0 are vulnerable to Path Traversal. The package fails to sanitize URLs, allowing attackers to access server files outside of the served folder using relative paths. Recommendation Upgrade to version 0.9.0 or later...