SNS IPS: Protocol Alarm

Directory traversal backward root folder

Description		After normalization, the requested URL starts with a combination of dots (".") and slashes ("/") leading to an attempt to reference a file or a directory backward the root folder of the URL.

Details		The normalization of an URL consists in replacing certain sets of characters into generic one to standardize the form of an URL. For example some possible normalization consists in the following substitutions : '\' are replaced by '/', multiple '/' are replaced by a unique '/', '/./' are replaced by '/'. Backward traversal of folders can also be normalized (and url containing '/folder/../folder2/' will be normalized as '/folder2/'. Once all normalizations are done, the requested URL can start with a combination of dots (".") and slashes ("/") leading to an attempt to reference a file or a directory which is backward from the root folder of the URL. This alarm was introduced in STORMSHIELD firmware 6.3.5.

Triggering conditions		After normalization, a URL starting with a combination of dots (".") and slashes ("/").

Complements

References

Available since		ASQ v3.2.0

Protects		JBoss Undertow "ServletResourceManager" Path Traversal Vulnerability AWStats "awstats.pl" Two Path Traversal Vulnerabilities Wildfly Log File Viewer Directory Traversal Vulnerability Joomla Third-Party Plugins Multiple Vulnerabilities Wordpress Themes Multiple Vulnerabilities ZoneMinder Local File Inclusion Vulnerability WordPress Third-Party Plugins Multiple Vulnerabilities Micro Focus Open Enterprise Server Directory Traversal Vulnerability Spring Framework ResourceServlet Directory Transversal Vulnerability Cisco Unified Communications Manager Administrative Web Interface Directory Traversal Vulnerability WordPress Third-Party Modules Multiple Vulnerabilities Red Hat JBoss Drools Workbench Directory Traversal Vulnerability IBM Tivoli Lightweight Infrastructure Eclipse Help Directory Traversal Vulnerability WordPress Third Party Modules Multiple Vulnerabilities WordPress Third Party Modules Multiple Vulnerabilities Liferay "barebone.jsp" Directory Traversal Vulnerability WordPress Multiple Themes Vulnerabilities Wordpress Multiple Third Party Plugins Vulnerabilities IBM Security/Tivoli Directory Server Directory Traversal Vulnerability Tiki Arbitrary File Download Vulnerability Fixed by 15.1, 12.8 and 14.3 Jenkins Multiple Plugins Vulnerabilities TYPO3 Third-Party Components Multiple Vulnerabilities Wordpress Multiple Third Party Plugins Vulnerabilities Trend Micro Security Multiple Vulnerabilities Fixed by 10.0.1265 and 8.0.2063 Wordpress Multiple Third Party Plugins Multiple Vulnerabilities Wordpress Multiple Third Party Plugins Multiple Vulnerabilities Wordpress Multiple Third Party Plugins Multiple Vulnerabilities Wordpress Themes Multiple Vulnerabilities Apache Tomcat "RequestUtil.java" Directory Traversal Vulnerability Fixed by 8.0.27, 7.0.65 and 6.0.4 Didiwiki Local File Disclosure Vulnerability Paessler PRTG Path Traversal Vulnerability Fixed by 16.1.21.1421/1422 Prosody Multiple Vulnerabilities Fixed by 0.9.9 and 0.10 build 196 Joomla Core Multiple Vulnerabilities Fixed by 3.4.6 Wordpress Multiple Third Party Plugins Multiple Vulnerabilities RoundCube Multiple Vulnerabilities Fixed by 1.1.3 Piwik Multiple Vulnerabilities Fixed by 2.15.0 Wordpress Multiple Third Party Plugins Multiple Vulnerabilities Wordpress Multiple Third Party Plugins Multiple Vulnerabilities H2O Directory Traversal Vulnerability F5 Multiple BIG-IP Products Configuration Utility Path Traversal Vulnerability Ganglia Web Arbitrary PHP Code Execution Vulnerability McAfee Agent Remote Log Viewing Directory Traversal Vulnerability Fixed by 5.0.2 Wordpress Multiple Third Party Plugins Multiple Vulnerabilities Apache ActiveMQ Directory Traversal Vulnerability Fixed by 5.12.0 and 5.11.2 Cisco AnyConnect Secure Mobilty Client Directory Traversal Vulnerability EMC Avamar Directory Traversal Vulnerability Fixed by 7.1.2 Joomla Third-Party Modules Multiple Vulnerabilities Elasticsearch Directory Traversal Vulnerability Fixed by 1.6.1 and 1.7.0 Wordpress Multiple Third Party Plugins Multiple Vulnerabilities Wordpress Multiple Third Party Plugins Multiple Vulnerabilities Elasticsearch Site Plugin Directory Traversal Vulnerability HP Network Virtualization for HP LoadRunner and Performance Center Arbitrary File Disclosure Vulnerability IBM Power Systems lighttpd Directory Traversal Vulnerability Elasticsearch Arbitrary File Disclosure Vulnerability BlueDragon Multiple Products cfchart.cfchart Directory Traversal Vulnerability WordPress Crayon Syntax Highlighter Plugin Arbitrary File Disclosure Vulnerability Novell ZENworks Configuration Management Arbitrary File Upload Vulnerability Cisco Prime Data Center Network Manager (DCNM) Directory Traversal Vulnerability Cisco Prime Data Center Network Manager (DCNM) Directory Traversal Vulnerability Embedthis GoAhead "websNormalizeUriPath()" Directory Traversal Sequences Handling Vulnerability Moodle "min_get_slash_argument()" Directory Traversal Vulnerability WordPress mb.miniAudioPlayer Plugin Information Disclosure and Cross-Site Scripting Two Vulnerabilities Sonatype Nexus Unspecified Directory Traversal Vulnerability Cisco Enterprise Content Delivery System (ECDS) Directory Traversal Vulnerability IBM Business Process Manager Two Vulnerabilities WordPress DukaPress Plugin Directory Traversal Vulnerability Schneider Electric Ethernet Modules Authentication Bypass Vulnerability Drupal Avatar Uploader Module Arbitrary File Disclosure Vulnerability WordPress WP Content Source Control Plugin "path" Arbitrary File Disclosure Vulnerability Reportico "xmlin" Directory Traversal Vulnerability Plex Media Server Multiple Vulnerabilities Kloxo "Root Directory" Directory Traversal Vulnerability VideoWhisper Video Conference Cross-Site Scripting and File Disclosure Vulnerabilities Web Video Streamer Command Injection and Cross-Site Scripting Vulnerabilities A10 Networks AX Series Application Delivery Controllers "filename" Directory Traversal Vulnerability Horizon QCMS File Disclosure and SQL Injection Vulnerabilities Hotel Booking System Cross-Site Scripting and Request Forgery Vulnerabilities Vacation Packages Listing Cross-Site Scripting and Request Forgery Vulnerabilities StivaSoft Vacation Rental Script Cross-Site Scripting and Request Forgery Vulnerabilities QNAP QTS "f" Directory Traversal Vulnerability CUBIC CMS Multiple Vulnerabilities WordPress Advanced Dewplayer Plugin download-file.php Access Bypass Vulnerability Synology DiskStation Manager Multiple Security Bypass Vulnerabilities Kaseya UploadImage Arbitrary File Upload Vulnerability Pydio Zoho Editor Directory Traversal and File Upload Vulnerabilities ZENworks Configuration Management Two Vulnerabilities OSSIM "timestamp" Arbitrary File Disclosure Vulnerability Twilight CMS Cross-Site Scripting and Arbitrary File Disclosure Vulnerabilities mooSocial Cross-Site Scripting and SQL Injection Vulnerabilities astTECS Voice Logger for Call Center / Contact Center Two Vulnerabilities OpenNetAdmin Adding Module Security Bypass Vulnerability OpenX Two Cross-Site Scripting Vulnerabilities AirLive WL-2600CAM IP Camera Security Bypass Security Issue cgit "url" File Disclosure Vulnerability WordPress wp-FileManager File Download Vulnerability Crafty Syntax Live Help "page" Remote File Inclusion Vulnerability AContent "url" Arbitrary File Disclosure Vulnerability Novell ZENworks Mobile Management "language" File Inclusion Vulnerabilities TP-LINK TL-WA701ND Directory Traversal and Cross-Site Request Forgery Vulnerabilities ezStats Multiple Products Information Disclosure Weakness ezStats2 for Battlefield 3 Information Disclosure and Cross-Site Scripting Vulnerabilities SiteGo Multiple Vulnerabilities WordPress Zingiri Forum Plugin "url" Arbitrary File Disclosure Vulnerability JSUpload "writeItemContent()" Arbitrary File Disclosure Vulnerability ATutor "tool_file" Local File Inclusion Vulnerability openSIS "modname" Local File Inclusion Vulnerability Baby Gekko Multiple Cross-Site Scripting Vulnerabilities TP-LINK TL-WR841N Router Directory Traversal and Cross-Site Request Forgery Vulnerabilities ManageEngine Security Manager Plus File Disclosure and SQL Injection Vulnerabilities Cartweaver Local File Inclusion and SQL Injection Vulnerabilities Wordpress Download Shortcode Plugin "file" Arbitrary File Disclosure Vulnerability airVision NVR "path" Arbitrary File Disclosure and "id" SQL Injection Vulnerabilities gitolite Directory Traversal Security Issue Manhali "f" Arbitrary File Disclosure Vulnerability webERP Multiple Vulnerabilities LuxCal Web Calendar Multiple Vulnerabilities Turbo NAS Firmware utilRequest.cgi Directory Traversal Vulnerabilities AB Banner Exchange "page" Local File Inclusion Vulnerability IOServer Web Interface Directory Traversal Vulnerability WebPagetest Multiple Vulnerabilities EmbryoCore Directory Traversal Vulnerability Rama Zeiten CMS Arbitrary File Disclosure Vulnerability IBM WebSphere Portal Dojo Module Directory Traversal and Cross-Site Scripting Vulnerabilities WordPress Contus Vblog Plugin Arbitrary File Upload Vulnerability SpecView Web Server Request Processing Directory Traversal Vulnerability e107 Image Gallery Plugin "name" File Download Vulnerability WordPress Wp-ImageZoom Plugin Arbitrary File Disclosure Vulnerability WordPress kk Star Ratings Plugin "root" File Inclusion Vulnerability WordPress Thinkun Remind Plugin "dirPath" Remote File Inclusion Vulnerability WordPress PICA Photo Gallery Plugin Arbitrary File Disclosure and File Upload Vulnerabilities WordPress Simple Download Button Shortcode Plugin Arbitrary File Disclosure Vulnerability WordPress Tinymce Thumbnail Gallery Plugin Arbitrary File Disclosure Vulnerability WordPress Easy Contact Forms Export Plugin File Disclosure Vulnerability WordPress Plugin Newsletter Plugin Arbitrary File Disclosure Vulnerability RuubikCMS Multiple Vulnerabilities GetSimple CMS "set" Local File Inclusion Vulnerability Piwigo Multiple Cross-Site Scripting Vulnerabilities WebCalendar "pref_THEME" File Inclusion Vulnerability Mega File Manager File Disclosure and Local File Inclusion Vulnerabilities atvise webMI2ADS Multiple Vulnerabilities CitrusDB "load" File Inclusion Vulnerabilities OpenCart Two Vulnerabilities Sysax Multi Server "file" File Disclosure Vulnerability FlatnuX NEXT CMS Cross-Site Request Forgery and Script Insertion Vulnerabilities eGroupware Products Multiple Vulnerabilities ocPortal Multiple Vulnerabilities bitweaver Cross-Site Scripting and File Inclusion Vulnerabilities Public Knowledge Project Open Journal Systems Multiple Vulnerabilities ManageEngine DeviceExpert ScheduleResultViewer Servlet Two Vulnerabilities OneFileCMS "i" and "f" Information Disclosure Vulnerabilities phpMoneyBooks Local File Inclusion and Script Insertion Vulnerabilities Joomla! PicSell Component "dflink" File Disclosure Vulnerability WordPress SEO Tools Plugin "file" File Disclosure Vulnerability Polycom HDX 8000 "name" Arbitrary File Download Weakness OSClass combine.php File Manipulation Vulnerability HomeSeer HS2 File Disclosure Vulnerability NetDecision Two Directory Traversal Vulnerabilities SAP NetWeaver Multiple Vulnerabilities IBM Tivoli Access Manager for e-business Directory Traversal Vulnerability WordPress Relocate Upload Plugin "abspath" File Inclusion Vulnerability RabidHamster R4 File Disclosure and Buffer Overflow Vulnerabilities Apache MyFaces "javax.faces.resource" File Disclosure Vulnerability WordPress myEASYbackup Plugin "dwn_file" File Disclosure Vulnerability HP StorageWorks Modular Smart Array P2000 G3 Web Interface Directory Traversal Vulnerability ImpressCMS Multiple Vulnerabilities Open Business Management Multiple Vulnerabilities mPDF "filename" Local File Inclusion Vulnerability Novell Sentinel Log Manager Multiple Vulnerabilities SourceBans "xajaxargs[]" Two Local File Inclusion Vulnerabilities ZENworks Asset Management rtrlet Component Arbitrary File Upload Vulnerability WordPress GRAND Flash Album Gallery Plugin Multiple Vulnerabilities Siemens SIMATIC WinCC Flexible Multiple Vulnerabilities OrangeHRM "path" File Inclusion Vulnerability Yaws Directory Traversal Vulnerability Koha "KohaOpacLanguage" Local File Inclusion Vulnerability Zen Cart Multiple Vulnerabilities Joomla Canteen Component Multiple Vulnerabilities Joomla JE Job Component Multiple Vulnerabilities Joomla JE Story Submit Component "view" File Inclusion Vulnerability Joomla! obSuggest Component "controller" Local File Inclusion Vulnerability CMS Made Simple Multiple Vulnerabilities vtiger CRM Multiple Local File Inclusion Vulnerabilities Dolibarr ERP/CRM Multiple Vulnerabilities osCSS2 "_ID" Local File Inclusion Vulnerability Joomla! Simple Page Options Module "spo_site_lang" Local File Inclusion Vulnerability Joomla! YJ Contact Us Component "view" Local File Inclusion Vulnerability Alsbtain Bulletin "act" Local File Inclusion Vulnerability MODx Cross-Site Scripting and Local File Inclusion Vulnerabilities WHMCompleteSolution "templatefile" Local File Inclusion Vulnerability PunBB Reputation Plugin SQL Injection and Local File Inclusion WordPress BackWPup Plugin "BackWPupJobTemp" File Inclusion Vulnerability POSH Cross-Site Scripting and File Inclusion Vulnerabilities OfficeWatch Call Accounting Directory Traversal Vulnerability gitolite Admin-Defined Commands Directory Traversal Security Issue WordPress Eventify Plugin "npath" File Inclusion Vulnerability vtiger CRM Multiple Vulnerabilities Magtrb MyNews "basepath" File Inclusion Vulnerabilities Magtrb MyNews Multiple Vulnerabilities TimeLive "FileName" File Disclosure Vulnerability Advanced Electron Forum Security Issue and Two Vulnerabilities WordPress XCloner Plugin Multiple Vulnerabilities ea-gBook "inc_ordner" File Inclusion Vulnerability GeoVision Digital Video Surveillance System Directory Traversal Vulnerability IdeaCart "page" Local File Inclusion Vulnerability WordPress Annonces Plugin "abspath" and "mainPluginFile" File Inclusion Vulnerabilities Joomla! JE Quote Form Component "view" File Inclusion Vulnerability WordPress Mailing List Plugin "wpabspath" File Inclusion Vulnerability WordPress WP Easy Stats Plugin "homep" File Inclusion Vulnerability WordPress TheCartPress Plugin "tcp_class_path" File Inclusion Vulnerability WordPress Zingiri Web Shop Plugin "wpabspath" File Inclusion Vulnerabilities WordPress AllWebMenus Plugin "abspath" File Inclusion Vulnerability WordPress Filedownload Plugin "path" File Disclosure Vulnerability iManager Multiple Vulnerabilities WordPress s2Member Plugin "s2member_file_download" File Disclosure Vulnerability WordPress Mini Mail Dashboard Widget Plugin Remote File Inclusion Vulnerability PlantVisor Enhanced Directory Traversal Vulnerability Trend Micro Data Loss Prevention Management Server Directory Traversal Vulnerability Joomla! Simple File Lister Module "sflDir" Directory Traversal Vulnerability OpenCart Cache Arbitrary File Overwrite Vulnerability Blue Coat Reporter Directory Traversal Vulnerability Blue Coat Reporter Directory Traversal Vulnerability Joomla! JCE Component Directory Traversal Vulnerability MantisBT Multiple Vulnerabilities Axway SecureTransport "/icons/" Directory Traversal Vulnerability Joomla! JCE Component Plugins Directory Traversal Vulnerability Microsoft Chart Control Directory Traversal Information Disclosure (MS11-066) Trend Micro Control Manager "module" File Disclosure Vulnerability Blue Coat ProxySG Core Files Local Information Disclosure Vulnerability Debian Security Update Fixes Request Tracker Multiple Vulnerabilities Debian Security Update Fixes Mojolicious Directory Traversal Vulnerability ICONICS GENESIS SafeNet Sentinel Protection Server Directory Traversal KDE KGet Metalink Files Processing Directory Traversal Vulnerability jHTTPd Web Server HTTP Request Remote Directory Traversal Vulnerability nostromo nhttpd Web Server Remote Directory Traversal Vulnerability Fedora Security Update Fixes Patch Directory Traversal File Creation Alcatel OmniVista 4760 NMS Server Directory Traversal Vulnerability Fedora Security Update Fixes Gitolite Directory Traversal Vulnerability Django Cross Site Scripting and Request Forgery Vulnerabilities Majordomo2 "_list_file_get()" Remote Directory Traversal Vulnerability MediaWiki CSS Injection and Local Script Inclusion Vulnerabilities SAP Crystal Reports Code Execution and Data Manipulation Vulnerabilities IBM Tivoli Access Manager for e-business Directory Traversal Vulnerability SPIP Security Update Fixes Multiple Security Bypass Vulnerabilities Sybase EAServer Remote Code Execution and Directory Traversal Debian Security Update Fixes MyDMS Directory Traversal Vulnerability LotusCMS "system" Parameter Local File Inclusion Vulnerability Zwii "set[template][value]" Parameter Local File Inclusion Vulnerability AxDCMS "aXconf[default_language]" Local File Inclusion Vulnerability PhpGedView "pgvaction" Parameter Local File Inclusion Vulnerability Fedora Security Update Fixes MantisBT Information Disclosure Issues httpdASM Request Handling Remote Directory Traversal Vulnerability QuickPHP Web Server Remote Directory Traversal Vulnerability IBM Tivoli Access Manager for e-Business Directory Traversal Vulnerability Ecava IntegraXor "file_name" Parameter Directory Traversal Vulnerability Pulse CMS "p" Parameter Handling Local File Inclusion Vulnerability AWStats Remote Code Execution and Directory Traversal Vulnerabilities HP LaserJet Printers Printer Job Language Directory Traversal Vulnerability Mongoose HTTP Requests Processing Directory Traversal Vulnerability Yaws HTTP Requests Processing Directory Traversal Vulnerability HP LoadRunner Web Tours "login.pl" Directory Traversal Vulnerability Barracuda Products Remote Directory Traversal Vulnerability Weborf HTTP Requests Processing Directory Traversal Vulnerability Piwik Unspecified Paramater Data Renderer Local File Inclusion Cisco Content Delivery System Directory Traversal Vulnerability PHP Chat Module for 123 Flash Chat Local File Inclusion Vulnerability Debian Security Update Fixes mlmmj Directory Traversal Vulnerability foobla Suggestions "controller" Local File Inclusion Vulnerability IBM BladeCenter Advanced Management Module Vulnerabilities Sandbox SQL Injection and Arbitrary File Upload Vulnerabilities nuBuilder Local File Inclusion and Cross Site Scripting Vulnerabilities Samin CMS "pg" Parameter Remote Directory Traversal Vulnerability SEF404x (com_sef) for Joomla "controller" Local File Inclusion Vulnerability Sandbox "a" Parameter Handling Local File Inclusion Vulnerability WorksForWeb iLister listing script "action" Local File Inclusion Vulnerability Seyret for Joomla "view" Parameter Local File Inclusion Vulnerability SoftComplex PHP Event Calendar Multiple Input Validation Vulnerabilities Trend Micro InterScan Web Security Virtual Appliance Vulnerabilities Ultimate PHP Board "admin_restore.php" File Download Vulnerability Linker IMG "cook_lan" Parameter Local File Inclusion Vulnerability KubeSupport "lang" Parameter Local File Inclusion Vulnerability Nakid CMS "core[system_path]" Parameter File Inclusion Vulnerability EZPX photoblog "tpl_base_dir" Parameter File Inclusion Vulnerability HigherSites "type" Parameter Local File Inclusion Vulnerability MyOWNspace File Download and Local File Inclusion Vulnerabilities Parallels System Automation "locale" Directory Traversal Vulnerability AWCM CMS "awcm_lang" Parameter Local File Inclusion Vulnerability Yamamah "download" Parameter Remote File Download Vulnerability Phreebooks Local File Inclusion and Cross Site Scripting Vulnerabilities Motorola SURFboard SBV6120E Directory Traversal Vulnerability WebBiblio "page" Parameter Local File Inclusion Vulnerability SIMM Management System "page" Local File Inclusion Vulnerability Visitor Logger "VL_include_path" Local File Inclusion Vulnerability Groone Contact Form "abspath" Parameter File inclusion Vulnerability Symphony CMS "mode" Parameter Local File Inclusion Vulnerability Nucleus Plugin NP_Gallery File inclusion and SQL Injection Vulnerabilities Nucleus Plugin NP_Twitter "DIR_PLUGINS" File inclusion Vulnerability TELE DATA Contact Management Server Directory Traversal Issue Fedora Security Update Fixes html2ps Arbitrary File Disclosure Issue Debian Security Update Fixes Aria2 Directory Traversal Vulnerability Cybertek CMS "page" Parameter Local File Inclusion Vulnerability MS Comment for Joomla "controller" Local File Inclusion Vulnerability phpGroupWare SQL Injections and Local File Inclusion Vulnerabilities KDE KGet Directory Traversal and File Download Vulnerabilities thEngine "strLanguage" Parameter Local File Inclusion Vulnerability OpenMairie openAnnuaire Multiple File Inclusion Vulnerabilities OpenMairie openCatalogue "dsn[phptype]" File Inclusion Vulnerability Docmint Local File Inclusion and Cross Site Scripting Vulnerabilities Help Center Live "file" Parameter Local File Inclusion Vulnerability Ultimate Portfolio for Joomla "controller" Local File Inclusion Vulnerability Noticeboard for Joomla "controller" Local File Inclusion Vulnerability SmartSite for Joomla "controller" Local File Inclusion Vulnerability Graphics Component for Joomla "controller" File Inclusion Vulnerability OpenMairie Opencourrier Multiple File Inclusion Vulnerabilities OpenMairie openReglement Multiple File Inclusion Vulnerabilities OpenMairie openScrutin Remote and Local File Inclusion Vulnerabilities Archery Scores for Joomla "controller" Local File Inclusion Vulnerability ZiMB Comment for Joomla "controller" Local File Inclusion Vulnerability ZiMB Manager for Joomla "controller" Local File Inclusion Vulnerability Gadget Factory for Joomla "controller" Local File Inclusion Vulnerability Matamko for Joomla "controller" Local File Inclusion Vulnerability iNetLanka Multiple Root for Joomla "controller" File Inclusion Vulnerability iNetLanka Multiple Map for Joomla "controller" File Inclusion Vulnerability iNetLanka Drawroot for Joomla "controller" File Inclusion Vulnerability iNetLanka Google for Joomla "controller" Local File Inclusion Vulnerability iF surfALERT for Joomla "controller" Local File Inclusion Vulnerability AddressBook for Joomla "controller" Local File Inclusion Vulnerability FlashGames for Joomla "controller" Local File Inclusion Vulnerability Arcade Games for Joomla "controller" Local File Inclusion Vulnerability Horoscope Component for Joomla "controller" File Inclusion Vulnerability Web TV Component for Joomla "controller" File Inclusion Vulnerability JInventory for Joomla "controller" Parameter File Inclusion Vulnerability SVMap for Joomla "controller" Parameter File Inclusion Vulnerability LoginBox Pro for Joomla "view" Local File Inclusion Vulnerability BCA RSS Syndicator for Joomla "controller" File Inclusion Vulnerability Magic Updater for Joomla "controller" Local File Inclusion Vulnerability eFront "langname" Parameter Processing Local File Inclusion Vulnerability Fw-BofF "configRootDir" and "configDBchoice" File Inclusion Issues WebMaid CMS Multiple Parameter File Inclusion Vulnerabilities Trouble Ticket Express "fid" Parameter File Download Vulnerability deV!Lz Clanportal "basePath" Parameter File Inclusion Vulnerability Geekhelps ADMP SQL Injection and Local File Inclusion Vulnerabilities AdFreely Ad Board Script "LANG_CODE" Local File Inclusion Issues Cisco Security Agent SQL Injection and Directory Traversal Vulnerabilities Gefest Web Home Server Remote Directory Traversal Vulnerability Debian Security Update Fixes phpGroupWare Multiple Vulnerabilities Apache Tomcat Directory Traversal and Security Bypass Vulnerabilities DokuWiki Information Disclosure and Security Bypass Vulnerabilities F5 Data Manager Multiple Directory Traversal Vulnerabilities IMAGIN "writeToFile.php" Remote PHP Code Injection Vulnerability MyBB "avatar" Parameter Processing File Enumeration Weakness Fedora Security Update Fixes PhpLDAPadmin Local File Inclusion Rocomotion P forum "pforum.php" Directory Traversal Vulnerability Betsy CMS "popup" Parameter Local File Inclusion Vulnerability Oscailt CMS "obj_id" Parameter Local File Inclusion Vulnerability Cherokee Web Server Remote Directory Traversal Vulnerability Basic Analysis and Security Engine Multiple Remote Vulnerabilities Fedora Security Update Fixes Sahana File Disclosure Vulnerability DM Albums for WordPress "delete_album" Directory Traversal Issue TYPO3 Multiple Code Injection and Information Disclosure Vulnerabilities PHPCMS2008 "f" Parameter Arbitrary File Disclosure Vulnerability JD-WordPress for Joomla "mosConfig_absolute_path" Inclusion Issue BookLibrary for Joomla "mosConfig_absolute_path" Inclusion Vulnerability Ajax Chat for Joomla "mosConfig_absolute_path" Inclusion Vulnerability nginx WebDAV Component Remote Directory Traversal Vulnerability FSphp "FSPHP_LIB" Parameter Remote File Inclusion Vulnerabilities ClearSite "cs_base_path" Parameter Remote File Inclusion Vulnerability Aurora CMS "AURORA_MODULES_FOLDER" File Inclusion Vulnerability phpNagios "conf[lang]" Parameter Local File Inclusion Vulnerability OBOphiX "chemin_lib" Parameter Remote File Inclusion Vulnerability yTNEF Multiple Buffer Overflow and Directory Traversal Vulnerabilities Datalife Engine "dle_config_api" Parameter File Inclusion Vulnerability Ve-EDIT Two Remote and Local File Inclusion Vulnerabilities Kingcms "CONFIG[AdminPath]" Parameter File Inclusion Vulnerability Agora for Joomla "action" Parameter Local File Inclusion Vulnerability JSFTemplating FileStreamer Remote File Disclosure Vulnerability VMware Studio Web Interface Upload Directory Traversal Vulnerability DreamCost Multiple File Inclusion and SQL Injection Vulnerabilities QuarkMail "tf" Parameter Processing Directory Traversal Vulnerability TotalCalendar SQL Injection and Local File Inclusion Vulnerabilities Moa Gallery Remote File Inclusion and File Disclosure Vulnerabilities Infinity Remote File Disclosure and Remote SQL Injection Vulnerabilities Vtiger CRM Code Execution and Information Disclosure Vulnerabilities Adobe JRun Directory Traversal and Cross Site Scripting Vulnerabilities OpenNews "username" Parameter Remote SQL Injection Vulnerability Tenrok Command Injection and Information Disclosure Vulnerabilities MyBackup Remote File Inclusion and Disclosure Vulnerabilities In-Portal "env" Parameter Processing Local File Inclusion Vulnerability ShopMaker Remote SQL Injection and Local File Inclusion Vulnerabilities Elgg "js" Parameter Processing Local File Inclusion Vulnerability MAXcms Remote File Inclusion and Disclosure Vulnerabilities Arab Portal "module" Parameter Local File Inclusion Vulnerability QuickDev "file" Parameter Remote File Disclosure Vulnerability Netpet CMS "language" Parameter Local File Inclusion Vulnerability ProjectButler "offset" Parameter Remote PHP File Inclusion Vulnerability iWiccle Local File Inclusion and Remote SQL Injection Vulnerabilities RaidenHTTPD "ulang" File Inclusion and Cross Site Scripting Issues Meta Search Engine "url" Remote File Disclosure Vulnerability MiniCWB "LANG" Parameter Remote File Inclusion Vulnerabilities Cisco Unified CCX Directory Traversal and Cross Site Scripting Issues WordPress Multiple Security Bypass and Information Disclosure Issues Adobe ColdFusion FCKeditor File Upload and Security Bypass Issues Zope.html FCKeditor File Upload and Information Disclosure Issues ClanSphere FCKeditor File Upload and Information Disclosure Issues ADbNewsSender "path_to_lang" Local File Inclusion Vulnerability GForge FCKeditor File Upload and Information Disclosure Vulnerabilities CMS Chainuk Multiple Code Injection and File Inclusion Vulnerabilities PHP-Sugar "t" Parameter Processing File Disclosure Vulnerability Kasseler CMS File Disclosure and Cross Site Scripting Vulnerabilities Gravy Media Photo Host "file" Parameter File Disclosure Vulnerability Campsite "g_campsiteDir" Remote and Local File Inclusion Vulnerabilities pc4 Uploader "file" Parameter Remote File Disclosure Vulnerability Fedora Security Update Fixes php-ZendFramework Local File Inclusion MooFAQ Component for Joomla "file" Local File Inclusion Vulnerability Omilen Photo Gallery for Joomla "controller" Local File Inclusion Vulnerability OCS Inventory NG Server SQL Injection and File Disclosure Vulnerabilities Fedora Security Update Fixes Smarty Command Injection Vulnerability Fedora Security Update Fixes Jetty Information Disclosure Vulnerabilities Flyspeck CMS "lang" Parameter Local File Inclusion Vulnerability Harland Multiple Products Remote PHP Code Injection Vulnerability Rama Zaiten CMS "file" Parameter Remote File Disclosure Vulnerability TinyButStrong "script" Parameter File Source Disclosure Vulnerability Dokeos Remote SQL Injection and Cross Site Scripting Vulnerabilities openWYSIWYG Folder Listing and Image Upload Vulnerabilities Php Recommend PHP Code Execution and Authentication Bypass Issues Bitweaver "version" Directory Traversal Code Injection Vulnerability QuiXplorer "lang" Parameter Handling Local File Inclusion Vulnerability Battle Blog Administrative Interface Arbitrary File Upload Vulnerability TinyWebGallery "lang" Parameter Local File Inclusion Vulnerability ProjectCMS File Upload and Information Disclosure Vulnerabilities eLitius Administrative Interface Arbitrary PHP File Upload Vulnerability QT-cute QuickTeam "qte_web_path" and "qte_root" File Inclusion Issues vbDrupal Cross Site Scripting and Information Disclosure Vulnerabilities Drupal Exif Module Data Handling Cross Site Scripting Vulnerability SAP Products cFolders Multiple Cross Site Scripting Vulnerabilities ElkaGroup Image Gallery Arbitrary File Upload Vulnerability Dokeos LMS "include" Parameter Local File Inclusion Vulnerability MoinMoin "AttachFile.py" File Multiple Cross Site Scripting Vulnerabilities FunGamez SQL Injection and Local File Inclusion Vulnerabilities Flatnux Multiple Local File Inclusion and File Upload Vulnerabilities Studio Lounge Address Book Arbitrary PHP File Upload Vulnerability Multi-lingual E-Commerce System File Inclusion and Security Bypass Novell NetStorage Information Disclosure and DoS Vulnerabilities Apache Geronimo Cross Site Scripting and Directory Traversal Issues Drupal Multiple Module Data Handling Cross Site Scripting Vulnerabilities phpMyAdmin Setup Script Remote PHP Code Injection Vulnerability ContentKeeper Command Injection and Privilege Escalation Vulnerabilities TYPO3 Extensions Information Disclosure and Injection Vulnerabilities phpMyAdmin HTTP Response Splitting and File Inclusion Vulnerabilities Jinzora "name" Parameter Handling Local File Inclusion Vulnerability Nucleus CMS Media Manager Remote Directory Traversal Vulnerability HFS HTTP File Server Remote Directory Traversal Vulnerability Netgear SSL312 Web Interface Remote Denial of Service Vulnerability HP LaserJet and Digital Sender Directory Traversal Vulnerability SiteXS "type" Parameter Handling Local File Inclusion Vulnerability Monstar Photobase "language" Local File Inclusion Vulnerability Openfire Cross Site Scripting and Directory Traversal Vulnerabilities PNphpBB2 "ModName" Parameter Local File Inclusion Vulnerability Debian Security Update Fixes phpPgAdmin Multiple Vulnerabilities Fedora Security Update Fixes phpPgAdmin Local File Inclusion Issue KTP Computer Customer Database CMS Multiple Vulnerabilities Ez Ringtone Manager "id" Remote File Disclosure Vulnerability Private Messaging System for PunBB Local File Inclusion Vulnerabilities Dovecot ManageSieve Script Name Directory Traversal Vulnerability Orb Requests Processing Remote Directory Traversal Vulnerability Enthusiast "path" Parameter Handling File Inclusion Vulnerability Cyberfolio "theme" Parameter Handling Local File Inclusion Vulnerability Gentoo Security Update Fixes Gallery Security Bypass Vulnerabilities MyKtools "langage" Parameter Handling Local File Inclusion Vulnerability MyForum "padmin" Parameter Local File Inclusion Vulnerability BuzzyWall "id" Parameter Remote File Disclosure Vulnerability Drupal Local File Inclusion and Cross Site Scripting Vulnerabilities PHP Easy Downloader "file" Arbitrary File Download Vulnerability My PHP Indexer "d" and "f" Parameters File Download Vulnerability Yerba SACphp "mod" Parameter Local File Inclusion Vulnerability MetaGauge HTTP Request Remote Directory Traversal Vulnerability ArabCMS "rss" Parameter Handling Local File Inclusion Vulnerability OpenElec "obj" Parameter Handling Local File Inclusion Vulnerability Unreal Tournament 3 WebAdmin Directory Traversal Vulnerability TWiki Remote File Disclosure and Command Execution Vulnerability TalkBack "language" Parameter Local File Inclusion Vulnerability Sports Clubs Web Panel "p" Parameter Local File Inclusion Vulnerability Apache Tomcat Cross Site Scripting and Security Bypass Vulnerabilities CMScout "bit" Parameter Handling Local File Inclusion Vulnerability TalkBack "language" Parameter Local File Inclusion Vulnerability Dokeos "include" Parameter Local File Inclusion Vulnerability PixelPost "language_full" Parameter Local File Inclusion Vulnerability Interact "help.php" Script Multiple Local File Inclusion Vulnerabilities CodeDB "lang" Parameter Handling Local File Inclusion Vulnerability Pluck Multiple Parameter Handling Local File Inclusion Vulnerabilities Zen Cart "loader_file" and "language" Local File Inclusion Vulnerabilities phpDatingClub "page" Parameter Local File Inclusion Vulnerability fuzzylime CMS "file" Parameter Local File Inclusion Vulnerability Pivot "t" Parameter Handling Remote Directory Traversal Vulnerability mUnky "zone" Parameter Handling Local File Inclusion Vulnerability Otomigen.X "lang" Parameter Handling Local File Inclusion Vulnerability OneCMS "load" Parameter Handling Local File Inclusion Vulnerability Xomol CMS SQL Injection and Local File Inclusion Vulnerabilities WR-Meeting "msnum" Parameter Remote File Disclosure Vulnerability Smeego "lang" Parameter Handling Local File Inclusion Vulnerability GNU/Gallery "show" Parameter Local File Inclusion Vulnerability Kubelance "i" Parameter Handling Local File Inclusion Vulnerability KwsPHP "action" Parameter Handling Local File Inclusion Vulnerability cpCommerce Local File Inclusion and Cross Site Scripting Vulnerabilities Mole "dirn" and "fname" Parameters Remote File Disclosure Vulnerability ChartDirector "file" Parameter Arbitrary File Disclosure Vulnerability LinPHA "maps_type" Parameter Local File Inclusion Vulnerability phpSpamManager "filename" Arbitrary File Disclosure Vulnerability PowerPHPBoard Multiple Parameter Local File Inclusion Vulnerabilities HIS WebShop "t" Parameter Arbitrary File Disclosure Vulnerability MTS Remote Directory Traversal and Cross Site Scripting Vulnerabilities Exero CMS "theme" Parameter Local File Inclusion Vulnerabilities Horde Products "theme" Parameter Handling Local File Inclusion Issue Ruby WEBrick Library Multiple Remote Directory Traversal Vulnerabilities LightBlog "username" Parameter Local File Inclusion Vulnerability SCI Photo Chat Server Remote Directory Traversal Vulnerability freePHPgallery "lang" Parameter Handling Local File Inclusion Issues XPWeb "url" Parameter Handling Arbitrary File Disclosure Vulnerability Philips VOIP841 Directory Traversal and Cross Site Scripting Issues SafeNet Sentinel Web Interface Remote Directory Traversal Vulnerability phpCMS "file" Parameter Handling Arbitrary File Disclosure Vulnerability phpMyClub "page_courante" Parameter Local File Inclusion Vulnerability Bubbling Library "page" and "uri" Local File Inclusion Vulnerabilities Seagull PHP Framework "files" Parameter File Disclosure Vulnerability Aconon Mail "template" Parameter Directory Traversal Vulnerability Liquid-Silver CMS "update" Parameter Local File Inclusion Vulnerability SLAED CMS "newlang" Parameter Local File Inclusion Vulnerability Gentoo Security Update Fixes TikiWiki Multiple Remote Vulnerabilities IDMOS "fileName" Parameter Arbitrary File Download Vulnerability OZJournals "id" Parameter Processing File Contents Disclosure Issue Agares PhpAutoVideo File Inclusion and Cross Site Scripting Issues Frimousse "name" Parameter Handling Arbitrary Data Disclosure Issue BitDefender Update Server Remote Directory Traversal Vulnerability MiniWeb HTTP Server Buffer Overflow and Directory Traversal Issues AGENCY4NET WEBFTP "download2.php" File Disclosure and Deletion Agares phpAutoVideo Remote and Local File Inclusion Vulnerabilities TorrentTrader Cross Site Scripting and Local File Inclusion Vulnerabilities

Last 100 CVE		CVE-2020-29600 CVE-2018-1047 CVE-2017-5595 CVE-2017-5182 CVE-2017-2595 CVE-2017-1000501 CVE-2016-9878 CVE-2016-7041 CVE-2016-6517 CVE-2016-6038 CVE-2016-4988 CVE-2016-4987 CVE-2016-4986 CVE-2016-1232 CVE-2016-1231 CVE-2015-8565 CVE-2015-8564 CVE-2015-8563 CVE-2015-8562 CVE-2015-8105 CVE-2015-7816 CVE-2015-7815 CVE-2015-7683 CVE-2015-7682 CVE-2015-7670 CVE-2015-7669 CVE-2015-7668 CVE-2015-7667 CVE-2015-7666 CVE-2015-7377 CVE-2015-7357 CVE-2015-7319 CVE-2015-6535 CVE-2015-6238 CVE-2015-5638 CVE-2015-5531 CVE-2015-5472 CVE-2015-5471 CVE-2015-5469 CVE-2015-5461 CVE-2015-5174 CVE-2015-4616 CVE-2015-4614 CVE-2015-4527 CVE-2015-4289 CVE-2015-4109 CVE-2015-4075 CVE-2015-4074 CVE-2015-4073 CVE-2015-4072 CVE-2015-4071 CVE-2015-4040 CVE-2015-3337 CVE-2015-3173 CVE-2015-2121 CVE-2015-1977 CVE-2015-1830 CVE-2015-1493 CVE-2015-0779 CVE-2015-0666 CVE-2014-9707 CVE-2014-9389 CVE-2014-9304 CVE-2014-9181 CVE-2014-9155 CVE-2014-8799 CVE-2014-8019 CVE-2014-6182 CVE-2014-5370 CVE-2014-5368 CVE-2014-4844 CVE-2014-3777 CVE-2014-2324 CVE-2014-1619 CVE-2014-0754 CVE-2013-7448 CVE-2013-7240 CVE-2013-7174 CVE-2013-7139 CVE-2013-7138 CVE-2013-6987 CVE-2013-6226 CVE-2013-5528 CVE-2013-3515 CVE-2013-2117 CVE-2013-1084 CVE-2013-1082 CVE-2013-1081 CVE-2012-6665 CVE-2012-5972 CVE-2012-5700 CVE-2012-5687 CVE-2012-4920 CVE-2012-4867 CVE-2012-4680 CVE-2012-4506 CVE-2012-3588 CVE-2012-3448 CVE-2012-2209 CVE-2012-2208

Action

Block

Alarm level

Major