779 matches found
CVE-2020-36560 Path traversal in github.com/artdarek/go-unzip
Due to improper path sanitization, archives containing relative file paths can cause files to be written or overwritten outside of the target directory...
CVE-2018-25046 Path traversal in code.cloudfoundry.org/archiver
Due to improper path sanitization, archives containing relative file paths can cause files to be written or overwritten outside of the target directory...
CVE-2018-25046 Path traversal in code.cloudfoundry.org/archiver
Due to improper path sanitization, archives containing relative file paths can cause files to be written or overwritten outside of the target directory...
GHSA-6MV3-WM7J-H4W5 Tauri Filesystem Scope Glob Pattern is too Permissive
Impact The filesystem glob pattern wildcards , ?, and ... match file path literals and leading dots by default, which unintentionally exposes sub folder content of allowed paths. Example: The fs scope $HOME/.key would also allow $HOME/.ssh/secret.key to be read even though it is in a sub director...
PT-2022-27935 · Roxio · Roxio Creator Ljb
Name of the Vulnerable Software and Affected Versions: Roxio Creator LJB version 12.2 build number 106B62B Roxio Creator LJB version 12.2 build number 106B63A Roxio Creator LJB version 12.2 build number 106B69A Roxio Creator LJB version 12.2 build number 106B71A Roxio Creator LJB version 12.2 bui...
CVE-2022-32833
An issue existed with the file paths used to store website data. The issue was resolved by improving how website data is stored. This issue is fixed in iOS 16. An unauthorized user may be able to access browsing history...
Code injection
An issue existed with the file paths used to store website data. The issue was resolved by improving how website data is stored. This issue is fixed in iOS 16. An unauthorized user may be able to access browsing history...
CVE-2022-32833
An issue existed with the file paths used to store website data. The issue was resolved by improving how website data is stored. This issue is fixed in iOS 16. An unauthorized user may be able to access browsing history...
CVE-2022-32833
CVE-2022-32833 describes an issue with the file paths used to store website data on Apple iOS. The root cause is an insecure handling of website data paths, which could allow an unauthenticated user to access browsing history. The vulnerability is mitigated by Apple’s fix in iOS 16. Connected sou...
File (Field) Paths - Moderately critical - Access bypass - SA-CONTRIB-2022-065
The File Field Paths module extends the default functionality of Drupal's core File module, by adding the ability to use entity-based tokens in destination paths and file names. The module's default configuration could temporarily expose private files to anonymous visitors. Important note: to fix...
ILIAS 安全漏洞
ILIAS is an open source learning management system. A security vulnerability exists in ILIAS eLearning platform versions prior to 7.16 that stems from allowing external control over file names or paths...
CVE-2022-41158
Remote code execution vulnerability can be achieved by using cookie values as paths to a file by this builder program. A remote attacker could exploit the vulnerability to execute or inject malicious code...
CVE-2022-41158 eyoom builder Remote Code Execution Vulnerability
Remote code execution vulnerability can be achieved by using cookie values as paths to a file by this builder program. A remote attacker could exploit the vulnerability to execute or inject malicious code...
PT-2022-25687 · Eyoom Co. +1 · Eyoom Builder
Name of the Vulnerable Software and Affected Versions: Builder program affected versions not specified Description: The issue allows for remote code execution by utilizing cookie values as paths to a file. This can be exploited by a remote attacker to execute or inject malicious code...
Arbitrary Code Execution
jupytercore is vulnerable to arbitrary code execution. The vulnerability exists in the configfilepaths function in application.py which executes untrusted files in the current working directory, allowing one user to run code as another...
Information disclosure
The Tasks.org Android app is an open-source app for to-do lists and reminders. The Tasks.org app uses the activity ShareLinkActivity.kt to handle "share" intents coming from other components in the same device and convert them to tasks. Those intents may contain arbitrary file paths as attachment...
PT-2022-21508 · Apple · Ios +1
Name of the Vulnerable Software and Affected Versions: iOS versions prior to 16 Description: An issue existed with the file paths used to store website data, potentially allowing an unauthorized user to access browsing history. The issue was resolved by improving how website data is stored and by...
Path Traversal
streamlit is vulnerable to path traversal. The vulnerability exists in get function in ComponentRequestHandler due to improper handling of component requests outside the root directory which allows an attacker to access and overwrite the files by sending a malicious URL with file paths...
CVE-2022-35918 Streamlit directory traversal vulnerability
Streamlit is a data oriented application development framework for python. Users hosting Streamlit apps that use custom components are vulnerable to a directory traversal attack that could leak data from their web server file-system such as: server logs, world readable files, and potentially othe...
CVE-2022-36890
Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the name of files in methods implementing form validation, allowing attackers with Item/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system...