279 matches found
Joomla! Cmimarketplace 0.1 - Local File Inclusion
Joomla! Cmimarketplace 0.1 is susceptible to local file inclusion because comcmimarketplace allows remote attackers to list arbitrary directories via a .. dot dot in the viewit parameter to index.php. id: CVE-2009-1496 info: name: Joomla! Cmimarketplace 0.1 - Local File Inclusion author: daffainf...
Camtron CMNC-200 IP Camera - Directory Traversal
The CMNC-200 IP Camera has a built-in web server that is vulnerable to directory transversal attacks, allowing access to any file on the camera file system. id: CVE-2010-4231 info: name: Camtron CMNC-200 IP Camera - Directory Traversal author: daffainfo severity: high description: The CMNC-200 IP...
WordPress Plugin WP Content Source Control - Directory Traversal
A directory traversal vulnerability in the filegetcontents function in downloadfiles/download.php in the WP Content Source Control wp-source-control plugin 3.0.0 and earlier for WordPress allows remote attackers to read arbitrary files via a .. dot dot in the path parameter. id: CVE-2014-5368 inf...
WordPress DZS Zoomsounds <=6.50 - Local File Inclusion
WordPress Zoomsounds plugin 6.45 and earlier allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the dzsapdownload action using directory traversal in the link parameter. id: CVE-2021-39316 info: name: WordPress DZS Zoomsounds =6.51 to fix t...
Copyparty <= 1.8.2 - Directory Traversal
Copyparty is a portable file server. Versions prior to 1.8.2 are subject to a path traversal vulnerability detected in the .cpr subfolder. The Path Traversal attack technique allows an attacker access to files, directories, and commands that reside outside the web document root directory. This...
Caucho Resin >=4.0.52 <=4.0.56 - Directory traversal
There is a Directory traversal vulnerability in Caucho Resin, as distributed in Resin 4.0.52 - 4.0.56, which allows remote attackers to read files in arbitrary directories via a ; in a pathname within an HTTP request. id: CVE-2021-44138 info: name: Caucho Resin =4.0.52 =4.0.56 - Directory travers...
PT-2026-42856
A malicious archive with ../ path segments in its name allows escaping the current working directory. This is not desired behavior, and tar1 rejects such extractions, but ocaml-tar decompresses it anyway. The impact is that it allows arbitrary file write outside of the desired extraction director...
ThinVNC 1.0b1 - Authentication Bypass
ThinVNC 1.0b1 is vulnerable to arbitrary file read, which leads to a compromise of the VNC server. The vulnerability exists even when authentication is turned on during the deployment of the VNC server. The password for authentication is stored in cleartext in a file that can be read via a...
Important: plexus-utils
Issue Overview: Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in plexus-utils before 6d780b3378829318ba5c2d29547e0012d5b29642. This allows an attacker to execute arbitrary code CVE-2025-67030 Affected Packages: plexus-utils Note: This advisory is...
CVE-2025-55526
n8n-workflows Main Commit ee25413 allows attackers to execute a directory traversal via the downloadworkflow function within apiserver.py...
Moderate: Red Hat Security Advisory: Red Hat OpenStack Platform 18.0.3 (python-django) security update
An update for python-django is now available for Red Hat OpenStack Platform 18.0.3 Feature Release 1 Antelope. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
RHEL 9 : Red Hat OpenStack Platform 18.0.3 (python-django) (RHSA-2024:9481)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:9481 advisory. Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as muc...
RHEL 7 / 8 : Red Hat Ansible Automation Platform 1.2.2 (RHSA-2021:0781)
The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0781 advisory. Red Hat Ansible Automation Platform integrates Red Hat's automation suite consisting of Red Hat Ansible Tower, Red Hat Ansible Engine,...
BIT-JASPERREPORTS-2022-22771
The Server component of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for ActiveMatrix BPM, and TIBCO JasperReports Server for Microsoft...
Oracle Linux 7 : perl-Archive-Tar (ELSA-2019-2097)
The remote Oracle Linux 7 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2019-2097 advisory. 1.92-3 - CVE-2018-12015 - Directory traversal in Archive::Tar bug 1592803 Tenable has extracted the preceding description block directly from the Oracle Linux...
CVE-2023-33277
The web interface of Gira Giersiepen Gira KNX/IP-Router 3.1.3683.0 and 3.3.8.0 allows a remote attacker to read sensitive files via directory-traversal sequences in the URL...
PT-2023-24261 · Gira Giersiepen · Gira Knx/Ip-Router
Name of the Vulnerable Software and Affected Versions: Gira Giersiepen Gira KNX/IP-Router versions 3.1.3683.0 through 3.3.8.0 Description: The web interface of the affected device allows a remote attacker to read sensitive files via directory-traversal sequences in the URL. This issue enables...
Home Assistant < 2021.1.3 Path Traversal Vulnerability
Home Assistant instances using custom integrations are prone to a path traversal vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
CVE-2023-32767
The web interface of Symcon IP-Symcon before 6.3 i.e., before 2023-05-12 allows a remote attacker to read sensitive files via .. directory-traversal sequences in the URL...
CVE-2023-32767
The web interface of Symcon IP-Symcon before 6.3 i.e., before 2023-05-12 allows a remote attacker to read sensitive files via .. directory-traversal sequences in the URL...