path traversal vulnerabilities and exploits

7.5
CVSSv3
CVE-2018-3732

resolve-path node module before 1.4.0 suffers from a Path Traversal vulnerability due to lack of validation of paths with certain special characters, which allows a malicious user to read content of any file with known path....

6.1
CVSSv3
CVE-2015-5594

The sanitize_string function in ZenPhoto before 1.4.9 utilized the html_entity_decode function after input sanitation, which might allow remote attackers to perform a cross-site scripting (XSS) via a crafted string....

Zenphoto
4
CVE-2015-5595

zenphoto reports: Fixes several SQL Injection, XSS and path traversal security issues...

4
CVE-2015-5591

zenphoto reports: Fixes several SQL Injection, XSS and path traversal security issues...

4
CVE-2015-5593

zenphoto reports: Fixes several SQL Injection, XSS and path traversal security issues...

4
CVE-2015-5592

zenphoto reports: Fixes several SQL Injection, XSS and path traversal security issues...

NA
CVE-2013-1468

Cross-site request forgery (CSRF) vulnerability in the LocalFiles Editor plugin in Piwigo before 2.4.7 allows remote attackers to hijack the authentication of administrators for requests that create arbitrary PHP files via unspecified vectors....

Piwigo
NA
CVE-2013-1469

Directory traversal vulnerability in install.php in Piwigo before 2.4.7 allows remote attackers to read and delete arbitrary files via a .. (dot dot) in the dl parameter....

Piwigo
NA
CVE-2013-7174

Absolute path traversal vulnerability in cgi-bin/jc.cgi in QNAP QTS before 4.1.0 allows remote attackers to read arbitrary files via a full pathname in the f parameter....

5.5
CVSSv3
CVE-2018-1002200

plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'....