CVE-2020-9922

A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra. Processing a maliciously crafted email may lead to writing arbitrary files...

CVE-2020-21526

An Arbitrary file writing vulnerability in halo v1.1.3. In an interface to write files in the background, a directory traversal check is performed on the input path parameter, but the startsWith function can be used to bypass it...

CVE-2020-18439

An issue was discoverered in in function editsavef in framework/admin/tplcontrol.php in qinggan phpok 5.1, allows attackers to write arbitrary files or get a shell...

CVE-2020-16629

PhpOK 5.4.137 contains a SQL injection vulnerability that can inject an attachment data through SQL, and then call the attachment replacement function through api.php to write a PHP file to the target path...

CVE-2018-1002207

mholt/archiver golang package before e4ef56d48eb029648b0e895bb0b6a393ef0829c3 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ dot dot slash in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'...

CVE-2018-1002203

unzipper npm library before 0.8.13 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ dot dot slash in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'...

CVE-2019-10665

An issue was discovered in LibreNMS through 1.47. The scripts that handle the graphing options html/includes/graphs/common.inc.php and html/includes/graphs/graphs.inc.php do not sufficiently validate or encode several fields of user supplied input. Some parameters are filtered with...

CVE-2019-19459

An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. An attacker can write arbitrary content to arbitrary files, as demonstrated by CVE-2019-19458 files under the web root, or .bat files that will be used with auto start. This allows an attacker to execute arbitrary commands on the server...

CVE-2019-14411

cPanel before 78.0.2 does not properly restrict demo accounts from writing to files via the DCV UAPI SEC-473...

CVE-2018-12036

OWASP Dependency-Check before 3.2.0 allows attackers to write to arbitrary files via a crafted archive that holds directory traversal filenames...

CVE-2010-3102

Directory traversal vulnerability in SiteDesigner Technologies, Inc. 3D-FTP Client 9.0 build 2, and probably earlier versions, allows remote FTP servers to write arbitrary files via a ".." dot dot backslash in a filename...

CVE-2010-3103

Directory traversal vulnerability in FTPGetter Team FTPGetter 3.51.0.05, and probably earlier versions, allows remote FTP servers to write arbitrary files via a ".." dot dot backslash in a filename...

CVE-2010-3104

Directory traversal vulnerability in DeskShare AutoFTP Manager 4.31, and probably earlier versions, allows remote FTP servers to write arbitrary files via a ".." dot dot backslash in a filename...

CVE-2011-5291

The SaveData method in the Cygnicon.ViewControl.1 ActiveX control in CyViewer.ocx in Ashampoo 3D CAD Professional 3.x before 3.0.2 allows remote attackers to write to arbitrary files via a pathname in the first argument...

Samsung MagicINFO 9 Server Path Traversal Vulnerability

Samsung MagicINFO 9 Server contains a path traversal vulnerability that allows an attacker to write arbitrary file as system authority...

CVE-2025-1712

Argument injection in special agent configuration in Checkmk 2.4.0p1, 2.3.0p32, 2.2.0p42 and 2.1.0 allows authenticated attackers to write arbitrary files...

CVE-2025-47273

A flaw was found in the setuptools Python package, specifically within its PackageIndex component. This flaw allows for path traversal, enabling an attacker to write files to arbitrary locations on the filesystem. Successful exploitation could lead to data integrity compromise or system compromis...

PT-2025-21795

Name of the Vulnerable Software and Affected Versions setuptools versions prior to 78.1.1 Description A path traversal vulnerability in PackageIndex was found in setuptools. An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process...

CVE-2025-4632

Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1052 allows attackers to write arbitrary file as system authority...

CVE-2025-4632

Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1052 allows attackers to write arbitrary file as system authority...