BrowserStack Runner through 0.9.5 contains a path traversal vulnerability in the _default HTTP handler in lib/server.js that allows unauthenticated network-adjacent attackers to read arbitrary files.
BrowserStack Runner through 0.9.5 contains a remote code execution vulnerability in the /_log HTTP handler that allows unauthenticated network-adjacent attackers to execute arbitrary code by submittin
A path traversal vulnerability exists in httpdasm version 0.92, a lightweight Windows HTTP server, that allows unauthenticated attackers to read arbitrary files on the host system. By sending a specia
C++ HTTP Server is an HTTP/1.1 server built to handle client connections and serve HTTP requests. Versions 1.0 and below are vulnerable to Path Traversal via the RequestHandler::handleRequest method.
A path traversal vulnerability exists in A10 Networks AX Loadbalancer versions 2.6.1-GR1-P5, 2.7.0, and earlier. The vulnerability resides in the handling of the filename parameter in the /xml/downloa
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.8 and 9.5.0-alpha.8, the PagesRouter static file serving route is vulnerab
A path traversal vulnerability exists in Linknat VOS Manager versions prior to 2.1.9.07, including VOS2009 and early VOS3000 builds, that allows unauthenticated remote attackers to read arbitrary file
A path traversal vulnerability in unauthenticated upload functionality allows a malicious actor to upload binaries and scripts to the server’s configuration and web root directories, achieving remote
Path traversal and content injection in JobRunnerBackground.aspx in DynamicWeb 8 (all) and 9 (<9.19.7 and <9.20.3) allows unauthenticated attackers to execute code via simple web requests
A Path traversal vulnerability in the file
download functionality was identified. This vulnerability allows
unauthenticated users to download arbitrary files, in the context of the
application server,
Lyrion Music Server 9.2.0 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting directory traversal in the web server context. Attackers c
FalkorDB Browser 1.9.3 contains an unauthenticated path traversal vulnerability in the file upload API that allows remote attackers to write arbitrary files and achieve remote code execution.
Sockso Music Host Server versions <= 1.5 are vulnerable to a path traversal flaw that allows unauthenticated remote attackers to read arbitrary files from the server’s filesystem. The vulnerability ex
Windmill is an open-source developer platform for internal code: APIs, background jobs, workflows and UIs. Prior to version 1.603.3, an unauthenticated path traversal vulnerability exists in Windmill'
A vulnerability was found in jsnjfz WebStack-Guns 1.0. This affects the function renderPicture of the file src/main/java/com/jsnjfz/manage/modular/system/controller/KaptchaController.java. Performing
A path traversal vulnerability exists in the Leadsec SSL VPN (formerly Lenovo NetGuard), allowing unauthenticated attackers to read arbitrary files on the underlying system via the ostype parameter in
The Open ISES Project 3.30A contains a path traversal vulnerability in the ajax/download.php endpoint that allows unauthenticated attackers to download arbitrary files by manipulating the filename par
In Erxes <1.6.2, an unauthenticated attacker can read arbitrary files from the system using a Path Traversal vulnerability in the /read-file endpoint handler.
UnForm Server Manager versions prior to 10.1.12 expose an unauthenticated file read vulnerability via its log file analysis interface. The flaw resides in the arc endpoint, which accepts a fl paramete
A path traversal vulnerability exists in RIPS Scanner version 0.54. The vulnerability allows remote attackers to read arbitrary files on the system with the privileges of the web server by sending cra
Page 1+ Next →