GHSA-4R6G-XHX7-FM36 Contao Core directory traversal vulnerability

Directory traversal vulnerability in Contao before 3.2.19, and 3.4.x before 3.4.4 allows remote authenticated backend users to view files outside their file mounts or the document root via unspecified vectors...

Contao Core directory traversal vulnerability

Directory traversal vulnerability in Contao before 3.2.19, and 3.4.x before 3.4.4 allows remote authenticated backend users to view files outside their file mounts or the document root via unspecified vectors...

uWSGI Directory Traversal vulnerability

uWSGI before 2.0.17 mishandles a DOCUMENTROOT check during use of the --php-docroot option, allowing directory traversal...

CVE-2022-26960

connector.minimal.php in std42 elFinder through 2.1.60 is affected by path traversal. This allows unauthenticated remote attackers to read, write, and browse files outside the configured document root. This is due to improper handling of absolute file paths...

CVE-2022-26960

CVE-2022-26960 affects elFinder

UBUNTU-CVE-2021-44960

In SVGPP SVG++ library 1.3.0, the XMLDocument::getRoot function in the renderDocument function handled the XMLDocument object improperly, returning a null pointer in advance at the second if, resulting in a null pointer reference behind the renderDocument function...

Apache HTTP Server vulnerable to directory traversal

Overview Apache HTTP Server provided by The Apache Software Foundation contains a directory traversal vulnerability CWE-22. Shungo Kumasaka of Internet Initiative Japan Inc. reported this vulnerability to the developer, and also to IPA in order to notify users of its solution through JVN. JPCERT/...

Path Traversal

Apache HTTP Server is vulnerable to path traversal attacks. An attacker could use a path traversal attack to map URLs to the files outside of the document root are not protected by the “require all denied” directive in the Apache configuration file...

CVE-2021-41773

A path transversal flaw was found in Apache 2.4.49. A remote attacker could use this flaw to map URLs to files outside the expected document root. Additionally this flaw could leak the source of interpreted files like CGI scripts...

Information disclosure

Magento versions 2.4.2 and earlier, 2.4.1-p1 and earlier and 2.3.6-p1 and earlier are vulnerable to an Information Disclosure vulnerability when uploading a modified png file to a product image. Successful exploitation could lead to the disclosure of document root path by an unauthenticated...

Directory Traversal

Overview webrick is a HTTP server toolkit that can be configured as an HTTPS server, a proxy server, and a virtual-host server. Affected versions of this package are vulnerable to Directory Traversal. WEBrick, when using NTFS or FAT filesystems, allows remote attackers to read arbitrary CGI files...

PT-2021-3425 · Adobe · Magento

Name of the Vulnerable Software and Affected Versions: Magento versions 2.4.2 and earlier Magento versions 2.4.1-p1 and earlier Magento versions 2.3.6-p1 and earlier Description: The issue is related to insufficient input validation, which could allow a remote attacker to access confidential...

VulnCheck KEV: CVE-2021-27101

Accellion FTA contains a SQL injection vulnerability exploited via a crafted host header in a request to documentroot.html...

CVE-2021-27101

Accellion FTA 912370 and earlier is affected by SQL injection via a crafted Host header in a request to documentroot.html. The fixed version is FTA912380 and later...

PT-2021-2473

Name of the Vulnerable Software and Affected Versions Accellion FTA versions 9 12 370 and earlier Description The issue is related to a lack of protection against SQL query structure exploitation. This can be exploited by a remote attacker to execute arbitrary SQL code and gain unauthorized acces...

Bagisto Credential Disclosure

Vendor: Bagisto https://bagisto.com/ Affected version: All Introduction: Bagisto is an open source shop system based on PHP and Laravel framework Vulnerability description: Bagisto can be installed in sub-directories below the document root exposing the Laravel .env file which includes database a...

PT-2022-11605 · Libxml2 +3 · Libxml2 +3

Name of the Vulnerable Software and Affected Versions: VTK versions prior to 9.2.5 Description: The issue is a NULL pointer dereference vulnerability that lies in IO/Infovis/vtkXMLTreeReader.cxx. It occurs because the vendor did not check the return value of the libxml2 API xmlDocGetRootElement a...

thrift: Improper Access Control grants access to files outside the webservers docroot path

A flaw was found in the Node.js static web server in Apache Thrift, where it allowed a remote user to access files outside of the set web servers' docroot path. An attacker could use this flaw to possibly access unauthorized files and sensitive information...

CVE-2018-19512

In Webgalamb through 7.0, a system/ajax.php "wgmfile restore" directory traversal vulnerability could lead to arbitrary code execution by authenticated administrator users, because PHP files are restored under the document root directory...

Apache Thrift Node.js static web server access control error vulnerability

Apache Thrift is the United States Apache Apache Software Foundation for cross-platform development of a framework . Node.js static web server is one of the static web server . An access control error vulnerability exists in the Apache Thrift Node.js static web server versions 0.9.2 through 0.11....