Traversée de Répertoires (Directory Traversal)

OpenRefine before 3.5 allows directory traversal via a relative pathname in a ZIP archive. (CVSS:0.0) (Last Update:2018-12-05)

Directory Traversal in downloadwallpaper.cgi in ASUSTOR ADM version 3.1.1 allows attackers to download arbitrary files by manipulating the "file" and "folder" URL parameters. (CVSS:0.0) (Last Update:2018-12-04)

Directory Traversal in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to view arbitrary files by modifying the "file1" URL parameter, a similar issue to CVE-2018-11344. (CVSS:0.0) (Last Update:2018-12-04)

Data Center Expert, versions 7.5.0 and earlier, allows for the upload of a zip file from its user interface to the server. A carefully crafted, malicious file could be mistakenly uploaded by an authenticated user via this feature which could contain path traversal file names. As such, it could allow for the arbitrary upload of files contained with the zip onto the server file system outside of the intended directory. This is leveraging the more commonly known ZipSlip vulnerability within Java code. (CVSS:0.0) (Last Update:2018-11-30)

Tarantella Enterprise before 3.11 allows Directory Traversal. (CVSS:0.0) (Last Update:2018-12-05)

Directory Traversal in upload.cgi in ASUSTOR ADM version 3.1.1 allows attackers to upload files to arbitrary locations by modifying the "path" URL parameter. NOTE: the "filename" POST parameter is covered by CVE-2018-11345. (CVSS:0.0) (Last Update:2018-12-04)

Directory traversal in the Drobo Pix web application on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to upload files to arbitrary locations. (CVSS:0.0) (Last Update:2018-12-03)

Data Center Operation allows for the upload of a zip file from its user interface to the server. A carefully crafted, malicious file could be mistakenly uploaded by an authenticated user via this feature which could contain path traversal file names. As such, it could allow for the arbitrary upload of files contained with the zip onto the server file system outside of the intended directory. This is leveraging the more commonly known ZipSlip vulnerability within Java code. (CVSS:0.0) (Last Update:2018-11-30)