Path Traversal Vulnerabilities

Accipiter DirectServer

This path traversal flaw could be exploited by placing URL-encoded dot-dot-slash sequences into a request. For more information about this flaw, see www.securityfocus.com/bid/9389 .

Alibaba

This path traversal flaw could be exploited by placing simple dot-dot-slash sequences into a request. For more information about this flaw, see www.securityfocus.com/bid/270 .

Cisco ACS Acme.server

This path traversal flaw could be exploited by adding slashes after the host-name in a URL. This caused the web server to retrieve files from the root of the server file system. For more information about this flaw, see www.ciac.org/ciac/bulletins/m-097.shtml .

McAfee EPolicy Orcestrator

This product used a POST request to upload user-supplied data and write this to a user-supplied location. An arbitrary file anywhere on the file system could simply be specified in the request. For more information about this flaw, see www.securityfocus.com/bid/18979 .