Mongoose 2.4 (win) webserver is vulnerable to directory traversal. An attacker can exploit this vulnerability to gain access to sensitive files on the server.
Payara Micro Community 5.2021.6 and below contains a directory traversal vulnerability.
The vulnerability exists due to insufficient validation of user-supplied input in the 'file' parameter of the 'admin-ajax.php' script. A remote attacker can send a specially crafted request to the vulnerable script and execute arbitrary code on the target system. Successful exploitation of this vulnerability may result in unauthorized access to sensitive information.
Lantronix Secure Console Server SCS820/SCS1620 devices are susceptible to multiple local vulnerabilities. The first issue is an insecure default permission vulnerability. Attackers may exploit this vulnerability to write data to arbitrary files with superuser privileges. Other attacks are also possible. The second issue is a directory traversal vulnerability in the command-line interface. Attackers may exploit this vulnerability to gain inappropriate access to the underlying operating system. The third issue is a privilege escalation vulnerability in the command-line interface. Local users with 'sysadmin' access to the device can escape the command-line interface to gain superuser privileges in the underlying operating system. The last issue is a buffer overflow vulnerability in the 'edituser' binary. Attackers may exploit this vulnerability to execute arbitrary machine code with superuser privileges.
SD Server is vulnerable to a directory traversal attack, which allows an attacker to gain access to potentially sensitive system files. This is possible due to the way SD Server handles certain types of requests. An example of such an attack is demonstrated in the URL provided, which attempts to access the SAM file in the Windows repair directory.
TinyServer is prone to multiple vulnerabilities, including a directory traversal issue that could allow a remote user to view or download any file to which the server has access, a denial of service issue due to the failure of the server to check input strings received, and a cross-site scripting issue that could allow for theft of cookie-based authentication credentials or other attacks.
It has been reported that @mail Webmail System may be prone to multiple vulnerabilities that include directory traversal, SQL injection, session hijacking, and cross-site scripting. These issues may allow an attacker to gain access to sensitive information including user email messages and mailboxes.
Shoutbox is vulnerable to directory traversal attacks due to insufficient sanitization of user-supplied values to the expanded.php script. This allows attackers to view potentially sensitive files.
mcNews does not sufficiently filter dot-dot-slash (../) sequences from URL parameters, allowing a remote attacker to disclose the contents of arbitrary web-readable files that exist on a host running the vulnerable software.
Abyss Web Server is a freely available personal web server maintained by Aprelium Technologies and runs on Microsoft Windows operating systems, as well as Linux. It is possible for a remote attacker to disclose the contents of arbitrary web-readable files by making a specially crafted web request containing encoded dot-dot-slash (../) sequences. This issue may be exploited by a remote attacker to gain access to the administrative configuration file for the web server.
Services By CQR