Vulnerability allows a user of Apache Oozie 3.1.3-incubating to 4.3.0 and 5.0.0-beta1 to expose private files on the Oozie server process. The malicious user can construct a workflow XML file containing XML directives and configuration that reference sensitive files on the Oozie server host.
Multiple directory traversal vulnerabilities in Home FTP Server 1.10.1.139 allow remote authenticated users to (1) create arbitrary directories via directory traversal sequences in an MKD command or (...
Directory traversal vulnerability in MyBB (aka MyBulletinBoard) 1.4.10, and possibly earlier versions, when changing the user avatar from the gallery, allows remote authenticated users to determine th...
Yaws 1.91 has a directory traversal vulnerability in the way certain URLs are processed. A remote authenticated user could use this flaw to obtain content of arbitrary local files via specially-crafte...
A Directory Traversal vulnerability exists in Vivotek PT7135 IP Cameras 0300a and 0400a via a specially crafted GET request, which could let a malicious user obtain user credentials.
In OpenCart 1.4.7 to 1.5.5.1, implemented anti-traversal code in filemanager.php is ineffective and can be bypassed.
IBM InfoSphere BigInsights before 2.1.0.3 allows remote authenticated users to bypass intended file and directory restrictions, or access untrusted data or code, via crafted parameters in unspecified ...