13 matches found
Improper Directory Validation
@anthropic-ai/claude-code is vulnerable to improper directory validation. The vulnerability is due to insufficient validation of directory changes when using the cd command with write operations, which allows an attacker to navigate into protected folders e.g., .claude and create or modify files...
CVE-2026-25722
Claude Code is an agentic coding tool. Prior to version 2.0.57, Claude Code failed to properly validate directory changes when combined with write operations to protected folders. By using the cd command to navigate into sensitive directories like .claude, it was possible to bypass write protecti...
PT-2026-6853
Claude Code failed to properly validate directory changes when combined with write operations to protected folders. By using the cd command to navigate into sensitive directories like .claude, it was possible to bypass write protection and create or modify files without user confirmation. Reliabl...
CVE-2020-14149
In uftpd before 2.12, handleCWD in ftpcmd.c mishandled the path provided by the user, causing a NULL pointer dereference and denial of service, as demonstrated by a CWD /.. command...
CVE-2025-4844
A vulnerability classified as critical was found in FreeFloat FTP Server 1.0. Affected by this vulnerability is an unknown functionality of the component CD Command Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the publi...
CVE-2025-3726
A vulnerability was found in PCMan FTP Server 2.0.7. It has been rated as critical. Affected by this issue is some unknown functionality of the component CD Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the publi...
PCMan FTP Server 安全漏洞
PCMan FTP Server is a lightweight FTP server software that provides basic file transfer functionality. PCMan FTP Server suffers from a buffer overflow vulnerability that stems from the CD Command Handler component failing to properly validate input data when processing a specific request. An...
PCMan FTP Server 安全漏洞
PCMan FTP Server is PCMan open source set of FTP server software. PCMan FTP Server suffers from a buffer overflow vulnerability that stems from the CDUP Command Handler not checking the input for valid length when processing CDUP commands, no details of the vulnerability are provided at this time...
Sak1To-Shell - Multi-threaded C2 Server And Reverse Shell Client Written In Pure C
Multi-threaded c2 server and reverse TCP shell client written in pure C Windows. Command list: list: list available connections. interact id: interact with client. download filename: download a file from client. upload filename: upload a file to client. background: background client. exit:...
UBUNTU-CVE-2019-11503
snap-confine as included in snapd before 2.39 did not guard against symlink races when performing the chdir to the current working directory of the calling user, aka a "cwd restore permission bypass."...
capsh: does not chdir after chroot
The capsh program in libcap before 2.22 does not change the current working directory when the --chroot option is specified, which allows local users to bypass the chroot restrictions via unspecified vectors...
vsftpd: memory leak when deny_file option is set
Memory leak in a certain Red Hat patch, applied to vsftpd 2.0.5 on Red Hat Enterprise Linux RHEL 5 and Fedora 6 through 8, and on Foresight Linux and rPath appliances, allows remote attackers to cause a denial of service memory consumption via a large number of CWD commands, as demonstrated by an...
Webalizer Cross Site Scripting Vulnerability
Webalizer have a cross-site scripting vulnerability, that could allow malicious HTML tags to be injected in the reports generated by the Webalizer. OpenVAS Vulnerability Test $Id: webalizer.nasl 8023 2017-12-07 08:36:26Z teissa $ Description: Webalizer Cross Site Scripting Vulnerability Authors:...