PT-2026-40616

WordPress Plugin ultimate-member 2.1.3 contains a local file inclusion vulnerability that allows authenticated attackers to include arbitrary files by manipulating the pack parameter in class-admin-upgrade.php. Attackers can send POST requests with malicious pack values to include unintended PHP...

CVE-2020-12265

The decompress package before 4.2.1 for Node.js is vulnerable to Arbitrary File Write via ../ in an archive member, when a symlink is used, because of Directory Traversal...

openSUSE: Security Advisory for salt (SUSE-SU-2024:0509-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Using the directory back payload (“/../”) in a package name allows placement of package in other folders.

Impact Backoffice users with permissions to create packages can use path traversal and thereby write outside of the expected location. Explanation of the vulnerability The “Package” section in Umbraco Backoffice allows a logged in user to write folders outside of the default package directory...

GHSA-6324-52PR-H4P5 Using the directory back payload (“/../”) in a package name allows placement of package in other folders.

Impact Backoffice users with permissions to create packages can use path traversal and thereby write outside of the expected location. Explanation of the vulnerability The “Package” section in Umbraco Backoffice allows a logged in user to write folders outside of the default package directory...

CVE-2022-25882

Versions of the package onnx before 1.13.0 are vulnerable to Directory Traversal as the externaldata field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory, for example "../../../etc/passwd"...

[SECURITY] Fedora 36 Update: golang-github-gobuffalo-here-0.6.2-6.fc36

Here will get you accurate Go information about the directory of package requested...

[SECURITY] Fedora 36 Update: golang-github-gobuffalo-here-0.6.2-5.fc36

Here will get you accurate Go information about the directory of package requested...

Downloads Resources over HTTP

Overview Affected versions of closure-util insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution...

CVE-2016-4526

ABB DataManagerPro 1.x before 1.7.1 allows local users to gain privileges by replacing a DLL file in the package directory...

CVE-2014-3864

Directory traversal vulnerability in dpkg-source in dpkg-dev 1.3.0 allows remote attackers to modify files outside of the intended directories via a crafted source package that lacks a --- header line...