CVE-2022-44016

An issue was discovered in Simmeth Lieferantenmanager before 5.6. An attacker can download arbitrary files from the web server by abusing an API call: /DS/LMAPI/api/ConfigurationService/GetImages with an '"ImagesPath":"C:\"' value...

Advantech iView Path Traversal Vulnerability

Advantech iView is a device management application from Advantech. A path traversal vulnerability exists in the handling of calls to the importZtpConfiguration method in the ZTPConfig class in Advantech iView 5.6 and earlier versions. An attacker can exploit this vulnerability to create or downlo...