YesWiki before 4.5.2 allows unauthenticated path traversal via the 'squelette' parameter. An attacker can exploit this to read arbitrary files on the server, like /etc/passwd.
The OpenPanel File Manager version 0.3.4 is vulnerable to a directory traversal exploit. By sending a crafted GET request to view_file with the filename parameter set to 'shadow' and path_param set to '/etc', an attacker can access sensitive system files outside the intended directory. This vulnerability has been assigned CVE-2024-53582.
NagVis version 1.9.33 is vulnerable to an arbitrary file read exploit. An attacker can read arbitrary files on the system by sending a crafted request to the '/nagvis/server/core/ajax_handler.php' endpoint with a file path parameter. This vulnerability has been assigned CVE-2022-46945.
Vite versions <= 6.2.2, <= 6.1.1, <= 6.0.11, <= 5.4.14, <= 4.5.9 have a vulnerability that allows access to files outside the Vite serving allow list by adding specific query strings like `?raw??` or `?import&raw??` to the URL. This issue arises due to the removal of trailing separators in certain instances without considering them in query string regexes. Attackers can retrieve content from arbitrary files if present, affecting only applications explicitly exposing the Vite dev server to the network. Versions 6.2.3, 6.1.2, 6.0.12, 5.4.15, and 4.5.10 address this vulnerability.
The ABB Cylon Aspect 3.07.02 product is prone to an authenticated arbitrary file disclosure vulnerability. This vulnerability exists in the 'downloadDb.php' script due to improper validation of user-supplied input in the 'file' GET parameter. Attackers can exploit this issue to read sensitive files by traversing directories.
The WordPress Core version 6.2 is vulnerable to a directory traversal attack. An attacker can manipulate input in a way that allows them to access files outside of the intended directory, such as sensitive system files like /etc/passwd. This vulnerability is identified as CVE-2023-2745.
The ABB Cylon Aspect version 3.08.01 and below is vulnerable to remote code execution. The issue arises due to the improper handling of user input in the uploadFile() function of bigUpload.php. This vulnerability allows an attacker to upload malicious files to arbitrary locations on the server, leading to arbitrary code execution. An authenticated attacker can exploit this to gain unauthorized access to the building controller.
The Ethercreative Logs plugin for Craft CMS 3.0.3 allows authenticated users to perform a path traversal attack via the 'Logs' functionality. This vulnerability (CVE-2022-23409) enables an attacker to access arbitrary files on the file system with the permissions of the web service user by manipulating the requested log file.
The OpenPanel version 0.3.4 is vulnerable to directory traversal. By exploiting this vulnerability, an attacker can traverse the directories outside the intended location and gain unauthorized access to sensitive files. This vulnerability has been assigned CVE-2024-53537.
The ABB Cylon controller in the version 3.08.02 and below is vulnerable to an authenticated path traversal issue. By manipulating the 'devName' POST parameter in ethernetUpdate.php script, an attacker can write partially controlled data like IP addresses to arbitrary file paths. This could potentially result in unauthorized configuration changes, system compromise, and denial of service by overwriting ethernet configuration backup files.
Services By CQR