CWE-22

There is a Directory Traversal vulnerability in Artica Proxy (4.30.000000 SP206 through SP255, and VMware appliance 4.30.000000 through SP273) via the filename parameter to /cgi-bin/main.cgi.

Apache James ManagedSieve implementation alongside with the file storage for sieve scripts is vulnerable to path traversal, allowing reading and writing any file. This vulnerability had been patched in Apache James 3.6.1 and higher. We recommend the upgrade. Distributed and Cassandra based products are also not impacted.

Microsoft MSHTML Remote Code Execution Vulnerability

Gridpro Request Management for Windows Azure Pack before 2.0.7912 allows Directory Traversal for remote code execution, as demonstrated by ..\ in a scriptName JSON value to ServiceManagerTenant/GetVisibilityMap.

htmly v2.8.1 was discovered to contain an arbitrary file deletion vulnerability via the component viewsbackup.html.php.

e7d Speed Test (aka speedtest) 0.5.3 allows a path-traversal attack that results in information disclosure via the “GET /..” substring.