Latest Security News about directory traversal

Trend Micro Worry-Free Business Security (9.0, 9.5, 10.0) is affected by a directory traversal vulnerability

Overview : Trend Micro Worry-Free Business Security (9.0, 9.5, 10.0) is affected by a directory traversal vulnerability that could allow an attacker to manipulate a key file to bypass authentication.   Trend Micro Worry-Free Business Security Directory Traversal Authentication Bypass Vulnerability ZDI-20-307 ZDI-CAN-10073 CVE ID CVE-2020-8600 CVSS SCORE 8.6, (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H) AFFECTED VENDORS Trend Micro AFFECTED PRODUCTS [...]

Directory Traversal

Directory Traversal is an HTTP attack performed by the hacker to get access to the directory which is not normally have privileges for the normal user. Also this allows the attacker to execute commands outside the web root

Vulnerabilities Discovered in CIPAce Enterprise Platform

  Overview : A Directory Traversal issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make HTTP GET requests to a certain URL and obtain information about what files and directories reside on the server. CVE-2020-11596 Vulnerabilities Discovered in CIPAce Enterprise Platform Versions Tested: CIPAce Version < 6.80 Build 2016031401 CIPAce [...]

FiberHome HG2201T Pre-Auth RCE

Overview : FiberHome HG2201T 1.00.M5007_JS_201804 devices allows pre-authentication Directory Traversal for reading arbitrary files. Affected Product(s) : FiberHome HG2201T Vulnerability Details : CVE ID : CVE-2019-17187 Incorrect Access Control/Directory Traversal /var/WEB-GUI/cgi-bin/downloadfile.cgi on FiberHome HG2201T 1.00.M5007_JS_201804 devices allows pre-authentication Directory Traversal for reading arbitrary files. Solution : Apply the vendor Security Patch