Path Traversal | writeups.xyz

Title	Vulnerabilities	Programs	Authors
Losing control over Schneider's EcoStruxure Control Expert	RCE Path Traversal Security Code Review	Schneider Electric	Ruben Santamarta (@Reversemode)
Parallels Desktop Toolgate Vulnerability	Path Traversal Arbitrary File Write Security Code Review Thick Client	Parallels	Alexandre Adamski (@NeatMonster_)
Directory Traversal and LFI worth $400	Path Traversal	Undisclosed	Hritik Thapa
How I Earned $$$ for Excessive Data Exposure Through Directory Traversal Leads to Product Price Manipulation	Path Traversal Information Disclosure Payment Bypass	Undisclosed	Mohamed Shibil
Escaping well-configured VSCode extensions (for profit)	Electron Webview Path Traversal	Microsoft	Vasco Franco
Escaping misconfigured VSCode extensions	Path Traversal DNS Rebinding XSS HTML Injection Webview CSP Bypass	Microsoft (SARIF Viewer & Live Preview)	Vasco Franco
Multiple vulnerabilities in Nokia BTS Airscale ASIKA	Base Transceiver Station Path Traversal Hardcoded Private Key Local Privilege Escalation Security Misconfiguration	Nokia	Geoffrey Bertoli (@YofBalibump) Lena David (@_Lemeda)
What the Vuln: Zimbra	Zip Slip Attack Path Traversal	Undisclosed	Carlos Yanez
Unauthenticated Configuration Export in Multiple WAGO Products	Path Traversal Security Code Review	WAGO	ONEKEY (@Onekey_sec)
Remote Command Execution in binwalk	RCE Path Traversal Security Code Review	ReFirm Labs (Binwalk) Ubi_reader Jefferson Yaffshiv	Quentin Kaiser (@QKaiser)
Using 0days to Protect the United Nations	RCE Authentication Bypass Path Traversal	United Nations	Florian Hauser (@Frycos)
PandoraFMS - Pre-Auth Remote Code Execution	RCE Path Traversal Arbitrary File Upload LFI Security Code Review	PandoraFMS	Esj4y (@Esj4y)
How I found multiple critical bugs in Red Bull	Authentication Bypass HTTP Response Manipulation Path Traversal LFI XSS SQL Injection RCE Unrestricted File Upload RFI Security Code Review	Red Bull	Bartłomiej Bergier (@_Bergee_)
The OWASSRF + TabShell exploit chain	SSRF Path Traversal Sandbox Escape	Microsoft	Rskvp93 (@Rskvp93) Q5Ca (@_Q5ca) Nxhoang99 (@Nxhoang99)
Directory Traversal Vulnerability in Huawei HG255s Products	Path Traversal	Huawei	Ismail Tasdelen
CVE-2021-43444 to 43449: Exploiting ONLYOFFICE Web Sockets for Unauthenticated Remote Code Execution	Websockets RCE Arbitrary File Write Path Traversal	OnlyOffice	Iain Wallace (@Strawp)
Drupal H5P Module <= 2.0.0 (isValidPackage) Zip Slip Vulnerability	Zip Slip Attack Path Traversal Source Code Disclosure	Drupal	Egidio Romano / EgiX
Path Traversal Vulnerability in Payara Platform	Path Traversal	Payara	Michael Baer
Unit 42 Finds Three Vulnerabilities in OpenLiteSpeed Web Server	RCE OS Command Injection Path Traversal Local Privilege Escalation	LiteSpeed	Artur Avetisyan (@3v1LMonk3y)
Directory traversal in PDF viewing application. Leading to full database takeover	Path Traversal	Undisclosed	Tom Wrinn
Practical Client Side Path Traversal Attacks	Path Traversal Client-Side Path Traversal Open Redirect CSS Injection	Acronis	Medi (@Medi_0ne)
CVE-2022-22241: Juniper SSLVPN / JunOS RCE and Multiple Vulnerabilities	RCE Phar Deserialization Reflected XSS XPATH Injection Path Traversal LFI	Juniper	Paulos Yibelo (@PaulosYibelo)
Remote Code Execution in Melis Platform	RCE Path Traversal Insecure Deserialization Security Code Review	Melis Platform	Karim El Ouerghemmi Thomas Chauchefoin (@Swapgs)
Toner Deaf – Printing your next persistence (Hexacon 2022)	Path Traversal Arbitrary File Write RCE Printer Hacking	Lexmark	Alex Plaskett (@Alexjplaskett) Cedric Halbronn (@Saidelike)
It’s the Little Things : Breaking an AI	Path Traversal	Undisclosed	Debangshu Kundu (@Debangshu_kundu) Rajesh (@_Rajesh_ranjan_)

Page 3 of 6