- Directory traversal vulnerability in Adobe ColdFusion 9.0.1 and earlier allows attackers to obtain sensitive information. The vulnerability is a variation of a classic directory traversal vulnerability, also referred to as 'arbitrary file retrieval'. The attack involves tricking a server-side script to provide the contents of a file that it was not originally supposed to be made available. By 'moving up' a few directory levels, the attacker is able to obtain the contents of files outside the application server's webroot via special strings such as '../'.
- Apply the fix provided by Adobe. Check Web References.
- WordPress Plugin Custom Background 'uploadify.php' Arbitrary File Upload (1.01)
- WordPress 4.0.x Multiple Vulnerabilities (4.0 - 4.0.12)
- WordPress Plugin WP Fastest Cache Unspecified Vulnerability (0.8.9.0)
- Drupal Core 8.5.x Remote Code Execution (8.5.0 - 8.5.2)
- NSS Library SSL v.2.0 remote command execution