A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user’s system anywhere that the user has permissions.
CWE-22
CVE-2020-10634
SAE IT-systems FW-50 Remote Telemetry Unit (RTU). A specially crafted request could allow an attacker to view the file structure of the affected device and access files that should be inaccessible.
CVE-2020-10619
An attacker could use a specially crafted URL to delete files outside the WebAccess/NMS’s (versions prior to 3.0.2) control.
CVE-2020-10631
An attacker could use a specially crafted URL to delete or read files outside the WebAccess/NMS’s (versions prior to 3.0.2) control.
CVE-2020-10564
An issue was discovered in the File Upload plugin before 4.13.0 for WordPress. A directory traversal can lead to remote code execution by uploading a crafted txt file into the lib directory, because of a wfu_include_lib call.
CVE-2020-10579
A directory traversal on the /admin/sysmon.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote attackers to list the content of arbitrary server directories accessible to the user running the application.