EUVD-2019-15456

Malware in sbrugna...

EUVD-2017-6979

Malware in sbrugna...

EUVD-2024-0273

Malicious code in bioql PyPI...

CVE-2025-34058

Hikvision Streaming Media Management Server v2.3.5 uses default credentials that allow remote attackers to authenticate and access restricted functionality. After authenticating with these credentials, an attacker can exploit an arbitrary file read vulnerability in the /systemLog/downFile.php...

CVE-2025-28382

OpenC3 COSMOS has a directory traversal vulnerability in the openc3-api/tables endpoint affecting versions prior to 6.1.0. Impact is high (CVE-2025-28382) with potential unauthorized access; CVSS 3.1 base score 7.5. A fixed release is 6.1.0. Remediation is to upgrade to 6.1.0 or apply vendor-prov...

CVE-2025-27445

The CVE-2025-27445 entry concerns RSFirewall for Joomla (RSJoomla) with versions 2.9.7 through 3.1.5. A path traversal flaw arises from insufficient sanitization of user-supplied file path parameters, allowing authenticated users to read arbitrary files outside the Joomla root. The issue is descr...

CVE-2018-19181

statics/ueditor/php/vendor/Local.class.php in YUNUCMS 1.1.5 allows arbitrary file deletion via the statics/ueditor/php/controller.php?action=remove key parameter, as demonstrated by using directory traversal to delete the install.lock file...

(Pwn2Own) Lexmark CX331adwe basic_auth.cgi PATH_TRANSLATED Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark CX331adwe printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the PATHTRANSLATED parameter provided to the...

CVE-2022-3184

Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where the device’s existing firmware allows unauthenticated users to access an old PHP page vulnerable to directory traversal, which may allow a user to write a file to the webroot directory...

CVE-2020-11738

The Snap Creek Duplicator plugin before 1.3.28 for WordPress and Duplicator Pro before 3.8.7.1 allows Directory Traversal via ../ in the file parameter to duplicatordownload or duplicatorinit...

CVE-2023-38012 IBM Cloud Pak System directory traversal

IBM Cloud Pak System 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, and 2.3.4.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...

CVE-2022-3184

Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where the device’s existing firmware allows unauthenticated users to access an old PHP page vulnerable to directory traversal, which may allow a user to write a file to the webroot directory...

GateOne Arbitrary File Download Vulnerability

GateOne is a terminal emulator and SSH client based on HTML5 implementation. GateOne 1.1 suffers from an arbitrary file download vulnerability. An attacker can download arbitrary files via /downloads/... Directory traversal can be exploited to download arbitrary files...

CVE-2017-15527

Prior to ITMS 8.1 RU4, the Symantec Management Console can be susceptible to a directory traversal exploit, which is a type of attack that can occur when there is insufficient security validation / sanitization of user-supplied input file names, such that characters representing "traverse to pare...

Directory traversal

Prior to ITMS 8.1 RU4, the Symantec Management Console can be susceptible to a directory traversal exploit, which is a type of attack that can occur when there is insufficient security validation / sanitization of user-supplied input file names, such that characters representing "traverse to pare...

Carel PlantVisor 2.4.4 - Directory Traversal Information Disclosure (Metasploit)

require 'msf/core' class MetasploitModule 'Carel Pl@ntVisor Directory Traversal', 'Description' = %q This module exploits a directory traversal vulnerability found in Carel Pl@ntVisor 'james fitts' , 'License' = MSFLICENSE, 'References' = 'CVE', '2011-3487' , 'BID', '49601' , , 'DisclosureDate' =...

CVE-2016-7452

The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch 2 could be used to upload a malicious file to any folder on the site via a cpi directory traversal...

DevExpress 13.2.8 /FileManagerComponent.aspx 目录穿越漏洞

No description provided by source...

t. hauck jana webserver 1.0/1.45/1.46 - Directory Traversal vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/699/info The Jana webserver is susceptible to directory traversal attacks using multiple dots in the URL. If the request is made in specific formats, the server will send out files outside of the intended webroot. http...

QuickCart 3.x - XSS/CSRF/LFI/Directory Traversal

No description provided by source...