FileRise is a self-hosted web file manager / WebDAV server. In versions prior to 3.8.0, a missing-authentication vulnerability in the deleteShareLink endpoint allows any unauthenticated user to delete
A flaw was found in Keycloak. This issue allows an attacker, who controls another path on the same web server, to bypass the allowed path in redirect Uniform Resource Identifiers (URIs) that use a wil
An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in Backup.Repository webapi component in Synology Hyper Backup before 4.1.2-4036 allows remote authentic
PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, An unauthenticated path traversal vulnerability in the PX4 Autopilot MAVLink FTP implementation allows any MAVLink peer to r
A path traversal vulnerability was identified in SourceCodester Pet Grooming Management System 1.0, affecting the admin/manage_website.php component. An authenticated user with administrative privileg
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause arbitrary file writes when an authenticated user on the web server manipula
A CWE-23 "Relative Path Traversal" in the file upload mechanism in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to overwrite arbitrary files via crafted
Craft is a content management system (CMS). A vulnerability in CraftCMS allows an attacker to bypass local file system validation by utilizing a double file:// scheme (e.g., file://file:////). This en
Plack::Middleware::Security::Common versions before 0.13.1 for Perl did not block header injections in request paths.
The header injection rule was ineffective at blocking header injections in the re
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. From version 9.8.0 to before version 9.9.1-alpha.3, the routeAllowList server option restricts e
A vulnerability classified as critical was found in D-Link DIR-880L up to 104WWb01. Affected by this vulnerability is the function sub_16570 of the file /htdocs/ssdpcgi of the component Request Header
PacsOne Server version 6.6.2 (prior versions are likely affected) contains a directory traversal vulnerability within the web-based DICOM viewer component. Successful exploitation allows a remote unau
A path traversal vulnerability exists in the Altium Enterprise Server Vault Service UploadController due to improper validation of a user-controlled path component in image upload requests. An authent
A path traversal (directory traversal) vulnerability in D-Link DSR series routers allows unauthenticated remote attackers to manipulate input parameters used for file or directory path resolution (e.g
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in share file list functionality in Synology Active Backup for Business before 2.7.1-13234, 2.7.1-23234 and
An unauthenticated command injection vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin. The vulnerability occurs in the 'SetDynamicDNSSettings' functionality, where the 'Server
A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setWiFiAdvancedCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management
An issue in the relPath parameter of WebFileSys version 2.31.0 allows attackers to perform directory traversal via a crafted HTTP request. By injecting traversal payloads into the parameter, attackers
A path traversal vulnerability in Vedo Suite 2024.17 allows remote authenticated attackers to read arbitrary filesystem files by exploiting an unsanitized 'file_get_contents()' function call in '/api_
An External Control of File Name or Path vulnerability in the APROL Web Portal used in B&R APROL <4.4-005P may allow an authenticated network-based attacker to access data from the file system.
← Previous Page 5