CWE-22

A Directory Traversal vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 via the page GET parameter in index.php.

Directory Traversal vulnerability in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634 allows remote attackers to write arbitrary files via improper sanitation on the target for COPY and MOVE operations.

A path traversal vulnerability exists in Nagios XI below version 5.8.5 AutoDiscovery component and could lead to post authenticated RCE under security context of the user running Nagios.

Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because getprofile.sh does not validate the directory name it receives as an argument.

A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions = V10.3.3.3 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used). The COMOS Web component of COMOS unpacks specially crafted archive files to relative paths. This vulnerability could allow an attacker to store files in any folder accessible by the COMOS Web webservice.

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP1). An attacker with access to the webserver of an affected system could download arbitrary files from the underlying filesystem by sending a specially crafted HTTP request.