CVE-2025-30343

A directory traversal issue was discovered in OpenSlides before 4.2.5. Files can be uploaded to OpenSlides meetings and organized in folders. The interface allows users to download a ZIP archive that contains all files in a folder and its subfolders. If an attacker specifies the title of a file o...

CVE-2025-30343

A directory traversal issue was discovered in OpenSlides before 4.2.5. Files can be uploaded to OpenSlides meetings and organized in folders. The interface allows users to download a ZIP archive that contains all files in a folder and its subfolders. If an attacker specifies the title of a file o...

CVE-2025-30343

A directory traversal issue was discovered in OpenSlides before 4.2.5. Files can be uploaded to OpenSlides meetings and organized in folders. The interface allows users to download a ZIP archive that contains all files in a folder and its subfolders. If an attacker specifies the title of a file o...

CVE-2025-30343

Summary: CVE-2025-30343 affects OpenSlides prior to version 4.2.5. Vulnerability: A directory traversal issue in the file upload and ZIP-download feature allows a crafted file/folder title (e.g., ../../../etc/passwd) to be treated as a path during ZIP generation, which may lead to overwriting fil...

UBUNTU-CVE-2024-55459

An issue in keras 3.7.0 allows attackers to write arbitrary files to the user's machine via downloading a crafted tar file through the getfile function...

Cauldron Development cbang 路径遍历漏洞

Cauldron Development cbang is a C++ utility library from Cauldron Development. A security vulnerability exists in Cauldron Development cbang bastet-v8.1.17 and earlier, which stems from the presence of directory traversal. An attacker can exploit this vulnerability to create or write files outsid...

CVE-2023-31483

tar/TarFileReader.cpp in Cauldron cbang before bastet-v8.1.17 has a directory traversal during extraction that allows the attacker to create or write to files outside the current directory via a crafted tar archive...

Google TensorFlow Arbitrary File Overwrite Vulnerability

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. Google TensorFlow suffers from an arbitrary file overwrite vulnerability, which originates from an issue caused when tf.keras.utils.getfile is used with extract=True, and can be exploited by an...

Joomla 路径遍历漏洞

Joomla! is a globally recognized content management system developed using the PHP language coupled with a MySQL database that can be implemented on various platforms such as Linux, Windows, MacOSX, and many others. A path traversal vulnerability exists in Joomla! 3.0.0 - 3.9.24. An attacker can...

Debian DLA-596-1 : extplorer security update

It was discovered that there was an archive traversal exploit in eXtplorer, a web-based file manager. The unzip/extract feature allowed for path traversal as decompressed files can be placed outside of the intended target directory if the archive content contained '../' characters. For Debian 7...

CVE-2016-6289

Integer overflow in the virtualfileex function in TSRM/tsrmvirtualcwd.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service stack-based buffer overflow or possibly have unspecified other impact via a crafted extract operation on a Z...

CVE-2016-2554

Stack-based buffer overflow in ext/phar/tar.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted TAR archive...

[Full-disclosure] [vuln.sg] DynaZip DZIP32.DLL/DZIPS32.DLL Buffer Overflow Vulnerabilities

vuln.sg Vulnerability Research Advisory DynaZip DZIP32.DLL/DZIPS32.DLL Buffer Overflow Vulnerabilities by Tan Chew Keong Release Date: 2006-07-25 Summary ------- Some vulnerabilities have been found in DynaZip DZIP32.DLL/DZIPS32.DLL. When exploited, the vulnerabilities allow execution of arbitrar...