Rack has a root directory disclosure via unescaped regex interpolation in Rack::Directory

Summary Rack::Directory interpolates the configured root path directly into a regular expression when deriving the displayed directory path. If root contains regex metacharacters such as +, , or ., the prefix stripping can fail and the generated directory listing may expose the full filesystem pa...

VulnCheck KEV: CVE-2011-3600

The /webtools/control/xmlrpc endpoint in OFBiz XML-RPC event handler is exposed to External Entity Injection by passing DOCTYPE declarations with executable payloads that discloses the contents of files in the filesystem. In addition, it can also be used to probe for open network ports, and...

GHSA-FQW7-C6VR-Q29M openstack-mistral Discloses the presence of arbitrary files within the filesystem

A flaw was found in openstack-mistral. By manipulating the SSH private key filename, the std.ssh action can be used to disclose the presence of arbitrary files within the filesystem of the executor running the action. Since std.ssh privatekeyfilename can take an absolute path, it can be used to...

CVE-2020-6106

An exploitable information disclosure vulnerability exists in the initnodemanager functionality of F2fs-Tools F2fs.Fsck 1.12 and 1.13. A specially crafted filesystem can be used to disclose information. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2011-3600

The /webtools/control/xmlrpc endpoint in OFBiz XML-RPC event handler is exposed to External Entity Injection by passing DOCTYPE declarations with executable payloads that discloses the contents of files in the filesystem. In addition, it can also be used to probe for open network ports, and figur...

CVE-2011-3600

The /webtools/control/xmlrpc endpoint in OFBiz XML-RPC event handler is exposed to External Entity Injection by passing DOCTYPE declarations with executable payloads that discloses the contents of files in the filesystem. In addition, it can also be used to probe for open network ports, and figur...

CVE-2017-8770

There is LFD local file disclosure on BE126 WIFI repeater 1.0 devices that allows attackers to read the entire filesystem on the device via a crafted getpage parameter...

CVE-2017-5661

In Apache FOP before 2.2, files lying on the filesystem of the server which uses FOP can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full...

anaconda foundation 1.4-1.9 - Directory Traversal vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2338/info A vulnerability exists in Anaconda Foundation Directory which allows a remote user to traverse the filesystem of a target computer. This may lead to the disclosure of file and directory contents. Arbitrary files...

VANED LABS: icecast filesystem disclosure

listdirectory makes no effort to constrain the request to the static directory. Icecast allows for remote probing of the underlying filesystem structure. on a side note, this can also be used to list files with a .mp3 extension anywhere on the system. sendfile does do traversal checking. nc...

PerlCal 2.x - Directory Traversal

source: https://www.securityfocus.com/bid/2663/info PerlCal is a CGI script written by Acme Software that allows web-based calendar sharing and related functions. A vulnerability exists in PerlCal which can allow a remote user to traverse the filesystem of a target host. This may lead to the...

MetaProducts Offline Explorer 1.x - FileSystem Disclosure

MetaProducts Offline Explorer 1.x - FileSystem Disclosure source: https://www.securityfocus.com/bid/2084/info MetaProducts Offline Explorer is an application that allows a user to download the contents of a website or FTP site for offline browsing at a later time. It is possible to view the full...