CVE-2020-11440

httpRpmFs in WebCLI in Wind River VxWorks 5.5 through 7 SR0640 has no check for an escape from the web root...

Code injection

httpRpmFs in WebCLI in Wind River VxWorks 5.5 through 7 SR0640 has no check for an escape from the web root...

CVE-2020-11440

CVE-2020-11440 describes a vulnerability in Wind River VxWorks (WebCLI) where httpRpmFs fails to validate escaping attempts from the web root, potentially exposing sensitive data. The NVD entry notes a network-based attack surface with a CVSS v3.1 base score of 7.5 (High) and a CVSS v2 base score...

Directory Traversal

jooby is vulnerable to directory traversal. Lack of path validation allows an attacker to inject ../ characters and access files outside of the web root directory...

TeamPass Injection Vulnerability

TeamPass is an open source password manager from the developers of NILS LAUMAILL? software. A security vulnerability exists in TeamPass version 2.1.27.36. An attacker can exploit this vulnerability to retrieve files including backup files or LDAP debug files in the TeamPass web root directory...

CVE-2020-12478

TeamPass 2.1.27.36 allows an unauthenticated attacker to retrieve files from the TeamPass web root. This may include backups or LDAP debug files...

CVE-2020-12478

TeamPass 2.1.27.36 allows an unauthenticated attacker to retrieve files from the TeamPass web root. This may include backups or LDAP debug files...

Code injection

TeamPass 2.1.27.36 allows an unauthenticated attacker to retrieve files from the TeamPass web root. This may include backups or LDAP debug files...

CVE-2020-12478

TeamPass 2.1.27.36 is affected by CVE-2020-12478 due to improper authentication. An unauthenticated attacker can retrieve files from the web root, potentially exposing backups and LDAP debug files and enabling data exposure or unauthorized operations. The connected Nuclei template confirms the vu...

CVE-2020-12478

TeamPass 2.1.27.36 allows an unauthenticated attacker to retrieve files from the TeamPass web root. This may include backups or LDAP debug files...

CVE-2020-11420

UPS Adapter CS141 before 1.90 allows Directory Traversal. An attacker with Admin or Engineer login credentials could exploit the vulnerability by manipulating variables that reference files and by doing this achieve access to files and directories outside the web root folder. An attacker may acce...

CVE-2020-10790

openITCOCKPIT before 3.7.3 has unnecessary files such as Lodash files under the web root, which leads to XSS...

CVE-2020-10790

openITCOCKPIT before 3.7.3 has unnecessary files such as Lodash files under the web root, which leads to XSS...

CVE-2019-16064

NETSAS Enigma NMS 65.0.0 and prior suffers from a directory traversal vulnerability that can allow an authenticated user to access files and directories stored outside of the web root folder. By exploiting this vulnerability, it is possible for an attacker to list operating-system directory...

Directory traversal

NETSAS Enigma NMS 65.0.0 and prior suffers from a directory traversal vulnerability that can allow an authenticated user to access files and directories stored outside of the web root folder. By exploiting this vulnerability, it is possible for an attacker to list operating-system directory...

CVE-2014-4019

CVE-2014-4019 affects ZTE ZXV10 W300 routers (firmware W300V1.0.0a_ZRD_LK). The issue is improper access control that allows remote attackers to read the ROM-0 backup file via a direct request, exposing sensitive router configuration/password data. Described in NVD as a network-attackable vulnera...

CVE-2015-5951

A file upload issue exists in the specid parameter in Thomson Reuters FATCH before 5.2, which allows malicious users to upload arbitrary PHP files to the web root and execute system commands...

Unrestricted file upload

A file upload issue exists in the specid parameter in Thomson Reuters FATCH before 5.2, which allows malicious users to upload arbitrary PHP files to the web root and execute system commands...

CVE-2019-19983

In the WordPress plugin, Fast Velocity Minify before 2.7.7, the full web root path to the running WordPress application can be discovered. In order to exploit this vulnerability, FVM Debug Mode needs to be enabled and an admin-ajax request needs to call the fastvelocityminfiles action...

Unspecified vulnerability in upload-image-with-ajax

upload-image-with-ajax is an image file upload tool. A security vulnerability exists in upload-image-with-ajax v1.0, which is caused by a logic error in the code. The vulnerability can be exploited to upload arbitrary files to the web root directory and execute code...