CWE-22

In doSendObjectInfo of MtpServer.cpp, there is a possible path traversal attack due to insufficient input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is required for exploitation.Product: AndroidVersions: Android-10Android ID: A-130656917

An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. Directory Traversal allows read access to arbitrary files.

urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen(‘local_file:///etc/passwd’) call.

The downloadZip function in application/controllers/admin/export.php in LimeSurvey through 3.16.1+190225 allows a relative path.

Any URLs with download_attachment.php under templates or home folders can allow arbitrary files downloaded without login in BroadLearning eClass before version ip.2.5.10.2.1.

In Vanilla before 2.6.4, a flaw exists within the getSingleIndex function of the AddonManager class. The issue results in a require call using a crafted type value, leading to Directory Traversal with File Inclusion. An attacker can leverage this vulnerability to execute code under the context of the web server.