Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization due to missing authorization checks in state-changing routes. An attacker can upload or delete files, create directories, and remove access control policies by sending unauthenticated requests to endpoints such as...

EUVD-2025-200288

EverShop 2.0.1 allows an unauthenticated user to upload files and create directories within the /api/images endpoint...

CVE-2025-65844

EverShop 2.0.1 allows a remote unauthenticated attacker to upload arbitrary files and create directories via the /api/images endpoint. The endpoint is accessible without authentication by default, and server-side validation of uploaded files is insufficient. This can be abused to upload arbitrary...

EUVD-2002-1075

Malware in sbrugna...

Incorrect Permission Assignment for Critical Resource

Overview Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource due to using os.MkdirAll function which does not perform any permission checks when a given directory path already exists. An attacker can gain unauthorized access or modify files by...

CVE-1999-0960

IRIX cdplayer allows local users to create directories in arbitrary locations via a command line option...

SUSE CVE-2010-3867

Multiple directory traversal vulnerabilities in the modsitemisc module in ProFTPD before 1.3.3c allow remote authenticated users to create directories, delete directories, create symlinks, and modify file timestamps via directory traversal sequences in a 1 SITE MKDIR, 2 SITE RMDIR, 3 SITE SYMLINK...

PT-2021-17743 · Netflix · Netflix Oss Hollow

Name of the Vulnerable Software and Affected Versions: Netflix OSS Hollow affected versions not specified Description: The issue allows an attacker to pre-create directories with wide permissions since the Files.existsparent check is performed before creating the directories. Furthermore, the use...

FTP Voyager Scheduler Cross-Site Request Forgery Vulnerability

FTP Voyager Scheduler is a program that starts or stops the scheduler when a user creates a directory or uploads or downloads a file by creating a task or command. A cross-site request forgery vulnerability exists in FTP Voyager Scheduler that stems from a failure to properly validate HTTP...

CVE-2016-8565

Siemens Automation License Manager ALM before 5.3 SP3 allows remote attackers to write to files, rename files, create directories, or delete directories via crafted packets...

CVE-2010-3867

Multiple directory traversal vulnerabilities in the modsitemisc module in ProFTPD before 1.3.3c allow remote authenticated users to create directories, delete directories, create symlinks, and modify file timestamps via directory traversal sequences in a 1 SITE MKDIR, 2 SITE RMDIR, 3 SITE SYMLINK...

CVE-2007-6317

Multiple directory traversal vulnerabilities in BarracudaDrive Web Server before 3.8 allow 1 remote attackers to read arbitrary files via certain ..\ dot dot backslash sequences in the URL path, or 2 remote authenticated users to delete arbitrary files or create arbitrary directories via a ..\ do...

Directory traversal

Multiple directory traversal vulnerabilities in the IMAP service in Macallan Mail Solution before 4.8.05.004 allow remote authenticated users to read e-mails of other users or create, modify, or delete directories via a .. dot dot in the argument to the 1 CREATE, 2 SELECT, 3 DELETE, or 4 RENAME...

CVE-2002-1083

Directory traversal vulnerabilities in ezContents 1.41 and earlier allow remote attackers to cause ezContents to 1 create directories using the Maintain Images:Add New:Create Subdirectory item, or 2 list directories using the Maintain Images file listing, via .. dot dot sequences...

CVE-2002-1083

CVE-2002-1083 (ezContents) : A directory traversal vulnerability affects ezContents 1.41 and earlier. The issue allows remote attackers to trigger filesystem access through directory traversal sequences (".."), enabling (1) creation of subdirectories via the Maintain Images:Add New:Create Subdire...