CWE-22

A directory traversal vulnerability exists in Kyocera Printer d-COPIA253MF plus. Successful exploitation of this vulnerability could allow an attacker to retrieve or view arbitrary files from the affected server.

Local file inclusion in Pyrescom Termod4 time management devices before 10.04k allows authenticated remote attackers to traverse directories and read sensitive files via the Maintenance > Logs menu and manipulating the file-path in the URL.

A vulnerability in all versions of Kuba allows attackers to overwrite arbitrary files in arbitrary directories with crafted Zip files due to improper validation of file paths in .zip archives.

Dropouts Technologies LLP Super Backup v2.0.5 was discovered to contain an issue in the path parameter of the `list` and `download` module which allows attackers to perform a directory traversal via a change to the path variable to request the local list command.

Path Traversal vulneraility exists in webTareas 2.0 via the extpath parameter in general_serv.php, which could let a malicious user read arbitrary files.

Jenkins Persona Plugin 2.4 and earlier allows users with Overall/Read permission to read arbitrary files on the Jenkins controller.