CVE-2019-25740

Joomla comjsjobs 1.2.6 contains an arbitrary file deletion vulnerability that allows authenticated attackers to delete files by manipulating custom userfield parameters. Attackers can send POST requests to the job.savejob task with path traversal sequences in the field2 parameter to delete...

Schneider Electric Pelco VideoXpert Enterprise 2.0 - Path Traversal

Schneider Electric Pelco VideoXpert Enterprise versions 2.0 and prior contain a directory traversal caused by insufficient input validation, letting unauthorized persons view web server files, exploit requires no authentication. id: CVE-2017-9965 info: name: Schneider Electric Pelco VideoXpert...

PT-2026-46210

Joomla com jsjobs 1.2.6 contains an arbitrary file deletion vulnerability that allows authenticated attackers to delete files by manipulating custom userfield parameters. Attackers can send POST requests to the job.savejob task with path traversal sequences in the field 2 parameter to delete...

EUVD-2026-28263

Admidio is an open-source user management solution. Prior to version 5.0.9, the ecardpreview.php endpoint does not validate that the ecardtemplate POST parameter is a safe filename before passing it to ECard::getEcardTemplate. An authenticated user can supply a path traversal payload e.g.,...

CVE-2025-44163

RaspAP raspap-webgui 3.3.1 is vulnerable to Directory Traversal in ajax/networking/getwgkey.php. An authenticated attacker can send a crafted POST request with a path traversal payload in the entity parameter to overwrite arbitrary files writable by the web server via abuse of the tee command use...

PT-2024-34545 · Vegam 4I · Vegam 4I

Name of the Vulnerable Software and Affected Versions: Vegam 4i versions 6.3.47.0 and earlier Description: A Local File Inclusion issue allows a remote attacker to obtain sensitive information through the print label function. The filePathList parameter is susceptible to this issue, enabling a...

CVE-2023-26580

Unauthenticated arbitrary file read in the IDAttend’s IDWeb application 3.1.013 allows the retrieval of any file present on the web server by unauthenticated attackers...

PT-2023-20543 · Tibco Software · Tibco Ebx Add-Ons

Name of the Vulnerable Software and Affected Versions: TIBCO EBX Add-ons versions 4.5.16 and below Description: The server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an issue that allows an attacker with low-privileged application access to read system files that are accessible...

PT-2022-11303 · Alt Linux · Alt Linux

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is related to insufficient escaping of the LaTeX preamble, which allows site administrators to read files available to the HTTP server system...

CVE-2020-25985

MonoCMS Blog 1.0 is affected by: Arbitrary File Deletion. Any authenticated user can delete files on and off the webserver php files can be unlinked and not deleted...

PCI DSS Compliance - Information Leakage

The remote host is vulnerable to one or more conditions that are considered to be 'information leakage' and so are not automatic failures according to the PCI DSS Approved Scanning Vendors Program Guide version 3.1. These information leakage issues include one or more of the following : - Detaile...

Directory traversal

An exposure of sensitive information vulnerability exists in Schneider Electric's Pelco VideoXpert Enterprise versions 2.0 and prior. Using a directory traversal attack, an unauthorized person can view web server files...

CVE-2017-9965

An exposure of sensitive information vulnerability exists in Schneider Electric's Pelco VideoXpert Enterprise versions 2.0 and prior. Using a directory traversal attack, an unauthorized person can view web server files...

CVE-2017-9965

An exposure of sensitive information vulnerability exists in Schneider Electric's Pelco VideoXpert Enterprise versions 2.0 and prior. Using a directory traversal attack, an unauthorized person can view web server files...

Schneider Electric Pelco VideoXpert Enterprise Directory Traversal Vulnerability (CNVD-2017-38304)

Pelco VideoXpert Enterprise is an enterprise video management system. A directory traversal vulnerability exists in Schneider Electric Pelco VideoXpert Enterprise, which can be exploited by unauthorized attackers to view web server files...

CVE-2017-6045

An Information Exposure issue was discovered in Trihedral VTScada Versions prior to 11.2.26. Some files are exposed within the web server application to unauthenticated users. These files may contain sensitive configuration information...

I, Librarian PDF Manager Directory Enumeration Vulnerability

I, Librarian PDF Manager is an online service that will organize your collection of PDF and office documents. A directory enumeration vulnerability exists in I, Librarian PDF Manager, which can be exploited by an attacker to enumerate files in a web server directory...

CVE-2016-8017

Special element injection vulnerability in Intel Security VirusScan Enterprise Linux VSEL 2.0.3 and earlier allows authenticated remote attackers to read files on the webserver via a crafted user input...

CVE-2017-6527

An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to a NUL-terminated directory traversal attack allowing an unauthenticated attacker to access system files readable by the web server user by using the viewAppletFsa.cgi seqID parameter...

PBLang Bulletin Board System 4.x SendPM.PHP Directory Traversal Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/12690/info PBLang is reported prone to a directory traversal vulnerability. It is reported that the issue exists due to a lack of sufficient sanitization performed on user-supplied input. A remote attacker may exploit thi...