CVE-2020-26074

A vulnerability in system file transfer functions of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to gain escalated privileges on the underlying operating system. The vulnerability is due to improper validation of path input to the system file transfer functions. An...

CVE-2020-26074

A vulnerability in system file transfer functions of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to gain escalated privileges on the underlying operating system. The vulnerability is due to improper validation of path input to the system file transfer functions. An...

CVE-2020-26074 Cisco SD-WAN vManage Privilege Escalation Vulnerability

A vulnerability in system file transfer functions of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to gain escalated privileges on the underlying operating system. The vulnerability is due to improper validation of path input to the system file transfer functions. An...

Directory Traversal

Overview gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Directory Traversal due to the improper handling of file paths in the processingutils.asyncmovefilestocache function. An attacker can read arbitrary...

Directory Traversal

Overview lollms is a python library for AI personality definition Affected versions of this package are vulnerable to Directory Traversal through the lollmsfilesystem.py file. An attacker can manipulate file paths to access or modify files outside of the intended directories by supplying maliciou...

Exploit for CVE-2024-48589

phpAbook 9.0i - Cross-Site Scripting XSS Vulnerability CVE-...

BIT-NODE-2023-39332

Various node:fs functions allow specifying paths as either strings or Uint8Array objects. In Node.js environments, the Buffer class extends the Uint8Array class. Node.js prevents path traversal through strings see CVE-2023-30584 and Buffer objects see CVE-2023-32004, but not through non-Buffer...

CVE-2024-23678

In Splunk Enterprise for Windows versions below 9.0.8 and 9.1.3, Splunk Enterprise does not correctly sanitize path input data. This results in the unsafe deserialization of untrusted data from a separate disk partition on the machine. This vulnerability only affects Splunk Enterprise for Windows...

Splunk Enterprise 9.0.0 < 9.0.8, 9.1.0 < 9.1.3 (SVD-2024-0108)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2024-0108 advisory. - In Splunk Enterprise for Windows versions below 9.0.8 and 9.1.3, Splunk Enterprise does not correctly sanitize path input dat...

PT-2024-1283 · Splunk · Splunk Enterprise

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise for Windows versions below 9.0.8 and 9.1.3 Description: The issue is related to the incorrect sanitization of path input data, resulting in the unsafe deserialization of untrusted data from a separate disk partition on the...

PT-2023-32569 · WordPress · Quttera Web Malware Scanner

Name of the Vulnerable Software and Affected Versions: Quttera Web Malware Scanner WordPress plugin versions prior to 3.4.2.1 Description: The issue concerns a lack of validation for user input used in a path. This could potentially allow users with an admin role to perform path traversal attacks...

SUSE CVE-2022-35949

undici is an HTTP/1.1 client, written from scratch for Node.js.undici is vulnerable to SSRF Server-side Request Forgery when an application takes in user input into the path/pathname option of undici.request. If a user specifies a URL such as http://127.0.0.1 or //127.0.0.1 js const undici =...

USN-5251-1 gegl vulnerability

It was discovered that GEGL incorrectly filtered and escaped file path input data when using the C system function for execution of the ImageMagick convert command. An attacker could possibly use this to execute arbitrary code...

CVE-2022-1953

The Product Configurator for WooCommerce WordPress plugin before 1.2.32 suffers from an arbitrary file deletion vulnerability via an AJAX action, accessible to unauthenticated users, which accepts user input that is being used in a path and passed to unlink without validation first...

CVE-2022-30427

In ginadmin through 05-10-2022 the incoming path value is not filtered, resulting in directory traversal...

CVE-2022-30428

In ginadmin through 05-10-2022, the incoming path value is not filtered, resulting in arbitrary file reading...

CVE-2022-30427

In ginadmin through 05-10-2022 the incoming path value is not filtered, resulting in directory traversal...

ginadmin 路径遍历漏洞

ginadmin is a backend administration platform built on the Gin framework for individual GPER developers in China. A security vulnerability exists in ginadmin 05-10-2022 and earlier versions, which results in directory traversal due to an unfiltered incoming path value...

zend-diactoros Cross-site Scripting (XSS)

Zend/Diactoros/Uri::filterPath in zend-diactoros before 1.0.4 does not properly sanitize path input, which allows remote attackers to perform cross-site scripting XSS or open redirect attacks...

UBUNTU-CVE-2022-0391

A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator URL strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an...