basic-ftp vulnerable to denial of service via unbounded memory consumption in Client.list()

Summary [email protected] is vulnerable to denial of service through unbounded memory growth while processing directory listings from a remote FTP server. A malicious or compromised server can send an extremely large or never-ending listing response to Client.list, causing the client process to...

CXF: directory listing / code exfiltration

A vulnerability was found in Apache CXF that could allow an attacker to perform a remote directory listing or code exfiltration. This issue only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to ...

SUSE CVE-2016-7031

The RGW code in Ceph before 10.0.1, when authenticated-read ACL is applied to a bucket, allows remote attackers to list the bucket contents via a URL...

PT-2022-27839 · Apache · Apache Cxf

Name of the Vulnerable Software and Affected Versions: Apache CXF versions prior to 3.4.10 Apache CXF versions prior to 3.5.5 Description: A vulnerability in Apache CXF allows an attacker to perform a remote directory listing or code exfiltration. This issue arises when the CXFServlet is configur...

CVE-2018-19226

An issue was discovered in LAOBANCMS 2.0. It allows remote attackers to list .txt files via a direct request for the /data/0/admin.txt URI...

Advantech WebAccess Directory Traversal Vulnerability

WebAccess HMI/SCADA software provides remote control and management, allowing users to easily view and configure automation devices in facility management systems, power stations and building automation systems. A directory traversal vulnerability exists in Advantech WebAccess versions prior to...

CVE-2016-0855

Directory traversal vulnerability in Advantech WebAccess before 8.1 allows remote attackers to list arbitrary virtual-directory files via unspecified vectors...

DEBIAN-CVE-2010-0287

Directory traversal vulnerability in the ACL Manager plugin plugins/acl/ajax.php in DokuWiki before 2009-12-25b allows remote attackers to list the contents of arbitrary directories via a .. dot dot in the ns parameter...

UBUNTU-CVE-2010-0287

Directory traversal vulnerability in the ACL Manager plugin plugins/acl/ajax.php in DokuWiki before 2009-12-25b allows remote attackers to list the contents of arbitrary directories via a .. dot dot in the ns parameter...

CVE-2007-1143

Directory traversal vulnerability in pn-menu.php in J-Web Pics Navigator 1.0 allows remote attackers to list arbitrary directories via a .. dot dot in the dir parameter...