path traversal vulnerabilities and exploits

5
CVSSv2
CVE-2018-3732

resolve-path node module before 1.4.0 suffers from a Path Traversal vulnerability due to lack of validation of paths with certain special characters, which allows a malicious user to read content of any file with known path....

4.3
CVSSv2
CVE-2015-5594

The sanitize_string function in ZenPhoto before 1.4.9 utilized the html_entity_decode function after input sanitation, which might allow remote attackers to perform a cross-site scripting (XSS) via a crafted string....

Zenphoto
NA
CVE-2015-5595

zenphoto reports: Fixes several SQL Injection, XSS and path traversal security issues...

NA
CVE-2015-5591

zenphoto reports: Fixes several SQL Injection, XSS and path traversal security issues...

NA
CVE-2015-5593

zenphoto reports: Fixes several SQL Injection, XSS and path traversal security issues...

NA
CVE-2015-5592

zenphoto reports: Fixes several SQL Injection, XSS and path traversal security issues...

7.6
CVSSv2
CVE-2013-1468

Cross-site request forgery (CSRF) vulnerability in the LocalFiles Editor plugin in Piwigo before 2.4.7 allows remote attackers to hijack the authentication of administrators for requests that create arbitrary PHP files via unspecified vectors....

Piwigo
4
CVSSv2
CVE-2013-1469

Directory traversal vulnerability in install.php in Piwigo before 2.4.7 allows remote attackers to read and delete arbitrary files via a .. (dot dot) in the dl parameter....

Piwigo
7.8
CVSSv2
CVE-2013-7174

Absolute path traversal vulnerability in cgi-bin/jc.cgi in QNAP QTS before 4.1.0 allows remote attackers to read arbitrary files via a full pathname in the f parameter....

4.3
CVSSv2
CVE-2018-1002200

plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'....