loginok.html in Wing FTP Server before 7.4.4 discloses the full local installation path of the application when using a long value in the UID cookie.
Wing FTP Server 6.0.7 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquo
Wing FTP Server before 7.4.4 does not properly validate and sanitize the url parameter of the downloadpass.html endpoint, allowing injection of an arbitrary link. If a user clicks a crafted link, this
In Wing FTP Server through 7.4.4, the administrative web interface (listening by default on port 5466) runs as root or SYSTEM by default. The web application itself offers several legitimate ways to e
A vulnerability has been found in Wing FTP Server up to 7.4.3 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Lua Admin Console. The manipulatio
Wing FTP Server before 8.1.3 contains an authenticated remote code execution vulnerability in the session serialization mechanism that allows authenticated administrators to inject arbitrary Lua code
Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers t
The paths "/cgi-bin/CliniNET.prd/utils/userlogstat.pl", "/cgi-bin/CliniNET.prd/utils/usrlogstat.pl", and "/cgi-bin/CliniNET.prd/utils/dblogstat.pl" expose data containing session IDs.
A path traversal vulnerability in /ftl/web/setup.cgi in Small Cell Sercomm SCE4255W (FreedomFi Englewood) firmware before DG3934v3@2308041842 allows remote authenticated users to read arbitrary files
DBLTek GoIP-1 firmware versions up to and including GHSFVT-1.1-67-5 contain a local file inclusion vulnerability. The device's web server exposes handlers (`frame.html` and `frame.A100.html`) that acc
Avigilon – CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in FortiWeb version 7.6.2 and below, version 7.4.6 and below, 7.2 all versions, 7.0 all version
An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiDLP Agent's Outlookproxy plugin for Windows 11.5.1 and 11.4.2 through 11.4.6 a
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Filippo Bodei WP Cookies Enabler wp-cookies-enabler allows PHP Local File Inclusion.This issue affects W
Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Administration WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated atta
In TOTOLink A7100RU V7.4, A950RG V5.9, and T10 V5.9, the chroot_local_user option is enabled in the vsftpd.conf. This could lead to unauthorized access to system files, privilege escalation, or use of
An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiDLP Agent's Outlookproxy plugin for MacOS 11.5.1 and 11.4.2 through 11.4.6 and
In WS_FTP Server versions before 8.8.8 (2022.0.8), an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Web Transfer Module allows File Discovery, Pro
An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiManager version 7.4.0 through 7.4.2 and below 7.2.5, FortiAnalyzer version 7.4
The `basic-ftp` FTP client library for Node.js contains a path traversal vulnerability (CWE-22) in versions prior to 5.2.0 in the `downloadToDir()` method. A malicious FTP server can send directory li
Page 1+ Next →