Apache OFBiz version 18.12.12 and below is vulnerable to directory traversal. An attacker can exploit this vulnerability by sending a crafted XML request to the '/webtools/control/xmlrpc' endpoint, allowing them to access files outside of the web root directory, such as sensitive system files like '/etc/passwd' or executing commands on the server.
The CrushFTP server version below 10.7.1 and 11.1.0, including legacy 9.x, is vulnerable to directory traversal. An attacker can exploit this vulnerability to access sensitive files on the server by manipulating the file path in the URL.
The Automatic-Systems SOC FL9600 FastLine V06 allows Directory Traversal via a specially crafted HTTP request. An attacker can exploit this vulnerability to read arbitrary files on the server, such as sensitive system files like 'passwd'. This vulnerability has been assigned CVE-2023-37607.
The exploit allows an attacker to access sensitive files like /etc/shadow on TP-Link TL-WR740N routers with firmware version 3.12.11 Build 110915 Rel.40896n. This can lead to unauthorized access and potential compromise of the device. This vulnerability has not been assigned a CVE yet.
The Automatic-Systems SOC FL9600 FastLine V06 allows an attacker to traverse directories by manipulating the 'dir' parameter in the 'csvServer.php' script, leading to unauthorized access to sensitive files such as '/etc/passwd'. This vulnerability has been assigned CVE-2023-37607.
The exploit allows an unauthenticated user to traverse directories and access sensitive system files like /etc/shadow on TP-Link TL-WR740N version 3.12.11 Build 110915 Rel.40896n. This vulnerability could lead to unauthorized access to critical system information.
Cherokee Web Server <= 0.5.4 is vulnerable to remote directory traversal attack by accessing files outside of the webroot directory.
There is directory traversal vulnerability in the checkview(??). Exploit Testing involves sending a crafted HTTP request to the vulnerable application, which can be used to access files outside the web root directory.
This module exploits a directory traversal in Persits Software Inc's XUpload ActiveX control(version 3.0.0.3) that's included in HP LoadRunner 9.5. By passing a string containing ".." sequences to the MakeHttpRequest method
This module exploits a directory traversal vulnerability in Motorola's Timbuktu Pro for Windows 8.6.5.