CVE-2023-40216

OpenBSD 7.3 before errata 014 is missing an argument-count bounds check in console terminal emulation. This could cause incorrect memory access and a kernel crash after receiving crafted DCS or CSI terminal escape sequences...

CVE-2018-9850

In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\DataAction.class.php allows remote attackers to delete any file via directory traversal sequences in the id parameter of an Admin-Data-del request...

CVE-2018-18485

An issue was discovered in PHPSHE 1.7. admin.php?mod=db=del allows remote attackers to delete arbitrary files via directory traversal sequences in the dbname parameter. This can be leveraged to reload the product by deleting install.lock...

CVE-2009-4053

Multiple directory traversal vulnerabilities in Home FTP Server 1.10.1.139 allow remote authenticated users to 1 create arbitrary directories via directory traversal sequences in an MKD command or 2 create files with any contents in arbitrary directories via directory traversal sequences in a fil...

CVE-2009-4383

Directory traversal vulnerability in Pforum.php in Rocomotion P forum before 1.28 allows remote attackers to read arbitrary files via directory traversal sequences in unspecified vectors...

CVE-2009-4050

Directory traversal vulnerability in getfile.php in phpMyBackupPro 2.1 allows remote attackers to read arbitrary files via directory traversal sequences in the view parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2010-0002

The /etc/profile.d/60alias.sh script in the Mandriva bash package for Bash 2.05b, 3.0, 3.2, 3.2.48, and 4.0 enables the --show-control-chars option in LSOPTIONS, which allows local users to send escape sequences to terminal emulators, or hide the existence of a file, via a crafted filename...

CVE-2010-0801

Directory traversal vulnerability in the AutartiTarot comautartitarot component 1.0.3 for Joomla! allows remote authenticated users, with "Public Back-end" group permissions, to read arbitrary files via directory traversal sequences in the controller parameter in an edit task to...

CVE-2003-1582

Microsoft Internet Information Services IIS 6.0, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inver...

CVE-2022-31794

An issue was discovered on Fujitsu ETERNUS CentricStor CS8000 Control Center devices before 8.1A SP02 P04. The vulnerability resides in the requestTempFile function in hwview.php. An attacker is able to influence the unitName POST parameter and inject special characters such as semicolons,...

CVE-2023-43044

IBM License Metric Tool 9.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system. IBM X-Force ID: 266893...

CVE-2022-42472

A improper neutralization of crlf sequences in http headers 'http response splitting' in Fortinet FortiOS versions 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.11, 6.2.0 through 6.2.12, 6.0.0 through 6.0.16, FortiProxy 7.2.0 through 7.2.1, 7.0.0 through 7.0.7, 2.0.0 through 2.0.10,...

CVE-2025-23119

An Improper Neutralization of Escape Sequences vulnerability could allow an Authentication Bypass with a Remote Code Execution RCE by a malicious actor with access to UniFi Protect Cameras adjacent network...

CVE-2026-21857

REDAXO is a PHP-based content management system. Prior to version 5.20.2, authenticated users with backup permissions can read arbitrary files within the webroot via path traversal in the Backup addon's file export functionality. The Backup addon does not validate the EXPDIR POST parameter agains...

Directory Traversal

Overview @remix-run/deno is a Deno platform abstractions for Remix Affected versions of this package are vulnerable to Directory Traversal via the createFileSessionStorage function. An attacker can access or modify files outside the intended session file directory by crafting a malicious session...

Directory Traversal

Overview @remix-run/node is a Node.js platform abstractions for Remix Affected versions of this package are vulnerable to Directory Traversal via the createFileSessionStorage function. An attacker can access or modify files outside the intended session file directory by crafting a malicious sessi...

Directory Traversal

Overview @react-router/node is a Node.js platform abstractions for React Router Affected versions of this package are vulnerable to Directory Traversal via the createFileSessionStorage function. An attacker can access or modify files outside the intended session file directory by crafting a...

Security Bulletin: IBM Controller is vulnerable to a Path Traversal vulnerability

Summary IBM Controller has addressed a Path Traversal vulnerability present in Spring Framework MVC applications Vulnerability Details CVEID:CVE-2025-41242 DESCRIPTION: Spring Framework MVC applications can be vulnerable to a “Path Traversal Vulnerability” when deployed on a non-compliant Servlet...

Security Bulletin: Multiple Vulnerabilities in IBM Concert Software.

Summary Multiple vulnerabilities were addressed in IBM Concert Software version 2.2.0 Vulnerability Details CVEID:CVE-2018-16487 DESCRIPTION: A prototype pollution vulnerability was found in lodash 4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or...

CVE-2025-15382

A heap buffer over-read vulnerability exists in the wolfSSHCleanPath function in wolfSSH. An authenticated remote attacker can trigger the issue via crafted SCP path input containing '/./' sequences, resulting in a heap over read by 1 byte...