CVE-2011-10009 S40 CMS 0.4.2 Path Traversal

S40 CMS v0.4.2 contains a path traversal vulnerability in its index.php page handler. The p parameter is not properly sanitized, allowing attackers to traverse the file system and access arbitrary files outside the web root. This can be exploited remotely without authentication by appending...

CVE-2015-10142 Sitecore XP < 8.0 and CMS < 7.2 and < 7.5 File Read via Known Path

Sitecore Experience Platform XP prior to 8.0 Initial Release rev. 141212 and Content Management System CMS prior to 7.2 Update-3 rev. 141226 and prior to 7.5 Update-1 rev. 150130 contain a vulnerability that may allow an attacker to download files under the web root of the site when the name of t...

PT-2025-31211 · Undefined · Undefined

Sitecore Experience Platform XP prior to 8.0 Initial Release rev. 141212 and Content Management System CMS prior to 7.2 Update-3 rev. 141226 and prior to 7.5 Update-1 rev. 150130 contain a vulnerability that may allow an attacker to download files under the web root of the site when the name of t...

CVE-2025-41240

Three Bitnami Helm charts mount Kubernetes Secrets under a predictable path /opt/bitnami//secrets that is located within the web server document root. In affected versions, this can lead to unauthenticated access to sensitive credentials via HTTP/S. A remote attacker could retrieve these secrets ...

CVE-2025-41240

Three Bitnami Helm charts mount Kubernetes Secrets under a predictable path /opt/bitnami//secrets that is located within the web server document root. In affected versions, this can lead to unauthenticated access to sensitive credentials via HTTP/S. A remote attacker could retrieve these secrets ...

CVE-2024-5866

Vulnerability in Delinea Centrify PAS v. 21.3 and possibly others. The application is prone to the path traversal vulnerability allowing listing of arbitrary directory outside the root directory of the web application. Versions 23.1-HF7 and on have the patch...

CVE-2023-26578

Arbitrary file upload to web root in the IDAttend’s IDWeb application 3.1.013 allows authenticated attackers to upload dangerous files to web root such as ASP or ASPX, gaining command execution on the affected server...

CVE-2023-2688

The WordPress File Upload and WordPress File Upload Pro plugins for WordPress are vulnerable to Path Traversal in versions up to, and including, 4.19.1 via the vulnerable parameter wfunewpath. This allows administrator-level attackers to move files uploaded with the plugin located in...

CVE-2021-20148

ManageEngine ADSelfService Plus below build 6116 stores the password policy file for each domain under the html/ web root with a predictable filename based on the domain name. When ADSSP is configured with multiple Windows domains, a user from one domain can obtain the password policy for another...

CVE-2021-26293

An issue was discovered in AfterLogic Aurora through 8.5.3 and WebMail Pro through 8.5.3, when DAV is enabled. They allow directory traversal to create new files such as an executable file under the web root. This is related to DAVServer.php in 8.x and DAV/Server.php in 7.x...

CVE-2020-5916

In BIG-IP versions 15.1.0-15.1.0.4 and 15.0.0-15.0.1.3 the Certificate Administrator user role and higher privileged roles can perform arbitrary file reads outside of the web root directory...

CVE-2020-11440

httpRpmFs in WebCLI in Wind River VxWorks 5.5 through 7 SR0640 has no check for an escape from the web root...

CVE-2010-4145

Kisisel Radyo Script stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for sevvo/eco23.mdb...

CVE-2002-2007

The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages JSP in the 1 test/jsp, 2 samples/jsp and 3 examples/jsp directories, or the 4...

CVE-2002-2024

Horde IMP 2.2.7 allows remote attackers to obtain the full web root pathname via an HTTP request for 1 poppassd.php3, 2 login.php3?reason=chpass2, 3 spelling.php3, and 4 ldap.search.php3?ldapserv=nonsense which leaks the information in error messages...

CVE-2005-3163

Unspecified vulnerability in Polipo 0.9.8 and earlier allows attackers to read files outside of the web root...

CVE-2003-0802

Nokia Electronic Documentation NED 5.0 allows remote attackers to obtain a directory listing of the WebLogic web root, and the physical path of the NED server, via a "retrieve" action with a location parameter of . dot...

CVE-2005-2325

Clever Copy 2.0 and 2.0a allows remote attackers to obtain the full path of the web root via a direct request to 1 ticker.php, 2 menu.php, 3 banned.php, 4 endlayout.php, 5 randomhlinesblock.php, 6 showlast.php, 7 showlast5class1.php, 8 showlast5phorum.php, 9 showlast5phorumblock.php, 10...

CVE-2002-2158

zenTrack 2.0.3 and earlier allows remote attackers to obtain the full path to the web root via an invalid ticket ID, which leaks the path in an error message...

CVE-2002-2094

Joe Testa hellbent 01 allows remote attackers to determine the full path of the web root directory via a GET request with a relative path that includes the root's parent, which generates a 403 error message if the parent is incorrect, but a normal response if the parent is correct...