779 matches found
Directory Traversal in scott-blanch-weather-app
Affected versions of scott-blanch-weather-app resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable...
Directory Traversal in serverzyy
Affected versions of serverzyy resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system. Example...
GHSA-M362-87JC-F39V Directory Traversal in uv-tj-demo
Affected versions of uv-tj-demo resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system. Example...
GHSA-CCW5-7VFH-P5HM Directory Traversal in dmmcquay.lab6
Affected versions of dmmcquay.lab6 resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system...
Directory Traversal in wind-mvc
Affected versions of wind-mvc resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system. Example...
Directory Traversal in dylmomo
Affected versions of dylmomo resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system. Example...
Directory Traversal in weather.swlyons
Affected versions of weather.swlyons resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system...
GHSA-XPQW-FQPW-35FC Directory Traversal in wangguojing123
Affected versions of wangguojing123 resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system...
GHSA-G87G-4X3W-F8JP Directory Traversal in serverwzl
Affected versions of serverwzl resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system. Example...
Directory Traversal in tiny-http
Affected versions of tiny-http resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system. Example...
CVE-2020-15640
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole 5.5.0.64. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getFileUploadBytes method of the FlashValidatorServiceImpl...
Updated ark packages fix security vulnerability
A maliciously crafted archive with "../" in the file paths would install files anywhere in the user's home directory upon extraction CVE-2020-16116...
Directory Traversal
apache hyracks-control is vulnerable to directory traversal. Lack of validation of file paths within an archive allows an attacker to write files outside of the UDF deployment folder...
CVE-2020-12027
All versions of FactoryTalk View SE disclose the hostnames and file paths for certain files within the system. A remote, authenticated attacker may be able to leverage this information for reconnaissance efforts. Rockwell Automation recommends enabling built in security features found within...
Design/Logic Flaw
All versions of FactoryTalk View SE disclose the hostnames and file paths for certain files within the system. A remote, authenticated attacker may be able to leverage this information for reconnaissance efforts. Rockwell Automation recommends enabling built in security features found within...
CVE-2020-7667
In package github.com/sassoftware/go-rpmutils/cpio before version 0.1.0, the CPIO extraction functionality doesn't sanitize the paths of the archived files for leading and non-leading ".." which leads in file extraction outside of the current directory. Note: the fixing commit was applied to all...
CVE-2020-7664
In all versions of the package github.com/unknwon/cae/zip, the ExtractTo function doesn't securely escape file paths in zip archives which include leading or non-leading "..". This allows an attacker to add or replace files system-wide...
Code injection
In all versions of the package github.com/unknwon/cae/tz, the ExtractTo function doesn't securely escape file paths in zip archives which include leading or non-leading "..". This allows an attacker to add or replace files system-wide...
Code injection
In all versions of the package github.com/unknwon/cae/zip, the ExtractTo function doesn't securely escape file paths in zip archives which include leading or non-leading "..". This allows an attacker to add or replace files system-wide...
GOG Galaxy Privilege Permission and Access Control Issues Vulnerability (CNVD-2021-25692)
GOG Galaxy is a game client program from the Polish company GOG. The program is used to install, launch and update games. A vulnerability exists in GOG Galaxy version 1.2.x prior to 1.2.62 and version 2.0.x prior to 2.0.12 in the context of privilege permission and access control issues. An...