Path Traversal

This vulnerability allows an attacker to access unauthorized files on the system, potentially leading to remote code execution, which means they could run malicious software on the affected Xerox FreeFlow Core software. It affects versions up to 8.0.7, so upgrading to version 8.1.0 is crucial to protect against this risk.

An attacker who is authenticated and has network access to the Remote Access Server can exploit this vulnerability to access files outside the intended download directory on the VLC app for Android. However, their access is limited to the app's internal storage and specific external storage areas due to Android's security restrictions.

This vulnerability allows an attacker to trick the FTP client into saving files outside of the intended download folder, potentially overwriting important system files. It occurs when the client connects to a malicious FTP server that sends specially crafted directory listings, and it affects versions prior to 5.2.0 of the basic-ftp library.

An attacker can exploit a vulnerability in Dromara UJCMS to gain unauthorized access to files on the server by manipulating the deleteDirectory function, potentially allowing them to delete or alter important files. This attack can be carried out remotely, and since the vendor has not responded to the issue, it remains a risk for users of this software.

An attacker can remotely manipulate the picture deletion function in the affected software to access or delete files outside the intended directory, potentially compromising sensitive data. This vulnerability affects specific versions of the software, but since it doesn't use versioning, it's unclear which releases are safe.

This vulnerability allows an attacker to access files outside of the intended directory by manipulating file paths, potentially exposing sensitive information. It affects specific versions of the Erlang OTP software, so systems running those versions need to be updated to close this security gap.

This vulnerability allows an attacker with Administrator-level access to delete any file on the server, including critical files like the configuration file for WordPress. By exploiting this flaw in the WP-DownloadManager plugin, they could potentially gain control over the website or server.

This vulnerability allows authenticated attackers with Administrator-level access to configure the WP-DownloadManager plugin to access and list any files on the server, potentially exposing sensitive information. It occurs due to a flaw in how the plugin checks file paths, which can be exploited if the attacker has the right permissions.

This vulnerability allows an attacker with valid login credentials to upload files to any location on the server's filesystem, potentially leading to the execution of malicious code. The issue arises because the application fails to properly check the file paths, making it easy for attackers to manipulate where files are saved.

This vulnerability allows an attacker to access and potentially delete files on the server by manipulating a specific file path in the ZenTao application. It affects versions up to 21.7.8, so upgrading to version 21.7.9 is necessary to fix the issue.

This vulnerability allows an attacker to remotely delete files on the ZenTao server by manipulating a specific function in the software. It affects versions up to 21.7.8, and the attack can be executed without needing special access or credentials.

This vulnerability allows an attacker to read any file on the server by manipulating the file parameter in a specific PHP interface. It occurs in version 3.2.7 of smanga and does not require any special access, making it a significant risk for exposed systems.

This vulnerability allows an attacker to remotely access sensitive files on a server by manipulating a specific filename in the IP Blacklist Cloud Plugin for WordPress. To exploit this, the attacker needs to send a specially crafted request to the affected plugin, which could lead to unauthorized access to the server's file system.

This vulnerability allows an attacker to access files outside of the intended directories on an Apache HTTP Server, potentially leading to remote code execution if certain scripts are enabled. This can happen if the server is misconfigured and does not properly restrict access to these files.