37 matches found
Path Traversal
React Router is vulnerable to Path Traversal. The vulnerability is due to the use of createFileSessionStorage with an unsigned cookie, which allows an attacker to manipulate session identifiers to attempt read/write operations outside the intended session file directory, potentially accessing...
CVE-2025-61686
React Router is a router for React. In @react-router/node versions 7.0.0 through 7.9.3, @remix-run/deno prior to version 2.17.2, and @remix-run/node prior to version 2.17.2, if createFileSessionStorage is being used from @react-router/node or @remix-run/node/@remix-run/deno in Remix v2 with an...
CVE-2025-61686 React Router has Path Traversal in File Session Storage
React Router is a router for React. In @react-router/node versions 7.0.0 through 7.9.3, @remix-run/deno prior to version 2.17.2, and @remix-run/node prior to version 2.17.2, if createFileSessionStorage is being used from @react-router/node or @remix-run/node/@remix-run/deno in Remix v2 with an...
CVE-2025-61686 React Router has Path Traversal in File Session Storage
React Router is a router for React. In @react-router/node versions 7.0.0 through 7.9.3, @remix-run/deno prior to version 2.17.2, and @remix-run/node prior to version 2.17.2, if createFileSessionStorage is being used from @react-router/node or @remix-run/node/@remix-run/deno in Remix v2 with an...
react-router 路径遍历漏洞
react-router is an open source declarative routing for React by Remix. A path traversal vulnerability exists in react-router that stems from the fact that when using an unsigned cookie, a session may attempt to read from or write to a location outside of the specified session file directory...
Directory Traversal
Overview @remix-run/node is a Node.js platform abstractions for Remix Affected versions of this package are vulnerable to Directory Traversal via the createFileSessionStorage function. An attacker can access or modify files outside the intended session file directory by crafting a malicious sessi...
GHSA-9583-H5HC-X8CW React Router has Path Traversal in File Session Storage
If applications use createFileSessionStorage from @react-router/node or @remix-run/node/@remix-run/deno in Remix v2 with an unsigned cookie, it is possible for an attacker to cause the session to try to read/write from a location outside the specified session file directory. The success of the...
React Router has Path Traversal in File Session Storage
If applications use createFileSessionStorage from @react-router/node or @remix-run/node/@remix-run/deno in Remix v2 with an unsigned cookie, it is possible for an attacker to cause the session to try to read/write from a location outside the specified session file directory. The success of the...
Exploit for Deserialization of Untrusted Data in Apache Tomcat
CVE-2025-24813 – Apache Tomcat RCE Exploit Descrição ---------...
CVE-2024-45416
The HTTPD binary in multiple ZTE routers has a local file inclusion vulnerability in sessioninit function. The session -LUA- files are stored in the directory /var/luasession, the function iterates on all files in this directory and executes them using the function dofile without any validation i...
CVE-2023-49788 Improper handling of browser-side provided input in richdocuments path handling
Collabora Online is a collaborative online office suite based on LibreOffice technology. Unlike a standalone dedicated Collabora Online server, the Built-in CODE Server richdocumentscode is run without chroot sandboxing. Vulnerable versions of the richdocumentscode app can be susceptible to attac...
SUSE CVE-2011-2472
Directory traversal vulnerability in utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to overwrite arbitrary files via a .. dot dot in the --save argument, related to the --session-dir argument, a different vulnerability than CVE-2011-1760...
SUSE CVE-2011-2473
The dodumpdata function in utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to create or overwrite arbitrary files via a crafted --session-dir argument in conjunction with a symlink attack on the opdpipe file, a different vulnerability than CVE-2011-1760...
GHSA-76X8-GG39-5JJG CherryPy Malicious cookies allow access to files outside the session directory
Directory traversal vulnerability in the getfilepath function in 1 lib/sessions.py in CherryPy 3.0.x up to 3.0.2, 2 filter/sessionfilter.py in CherryPy 2.1, and 3 filter/sessionfilter.py in CherryPy 2.x allows remote attackers to create or delete arbitrary files, and possibly read and write...
openSUSE Security Update : lightdm (openSUSE-SU-2012:0354-1)
update to version 1.0.9 - stop file descriptors leaking into the session processes bnc745339, lp927060, CVE-2012-1111 - fix compilation against gthread - change session directory once user permissions are set so it works on NFS filesystems that don't allow root to access files - fix object...
elgg <= 1.5 (/_css/js.php) Local File Inclusion Vulnerability
Exploit for unknown platform in category web applications ============================================================= elgg dbname,$mysqldblink 48: if $simplecacheenabled || $override 49: $filename = $dataroot . 'viewssimplecache/' . md5$viewtype . $view; 51: $contents = filegetcontents$filename...
Uebimiau Session Directory Disclosure
Uebimiau in default installation create one temporary folder to store SPDX-FileCopyrightText: 2005 Noam Rathaus Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...