CVE-2026-33195

Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, Active Storage's DiskServicepathfor does not validate that the resolved filesystem path remains within the storage root directory. If a blob key containing path...

CVE-2023-50764

Jenkins Scriptler Plugin 342.v6a89fd40f466 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing attackers with Scriptler/Configure permission to delete arbitrary files on the Jenkins controller file system...

Relative Path Traversal

Overview Affected versions of this package are vulnerable to Relative Path Traversal due to unsafe path handling. An attacker can access, overwrite, or delete files outside the intended directories by supplying specially crafted names or archive entries containing path traversal sequences...

CVE-2024-46916

Diebold Nixdorf Vynamic Security Suite through 4.3.0 SR06 contains functionality that allows the removal of critical system files before the filesystem is properly mounted e.g., leveraging a delete call in /etc/rc.d/init.d/mountfs to remove the /etc/fstab file. This can allow code execution and, ...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the ResetUserAvatar function in the API component when processing the filename argument. An attacker can overwrite or delete arbitrary files on the server by supplying crafted path values. Details A Directory...

CVE-2024-23756

The HTTP PUT and DELETE methods are enabled in the Plone official Docker version 5.2.13 5221, allowing unauthenticated attackers to execute dangerous actions such as uploading files to the server or deleting them...

CVE-2023-49797

PyInstaller bundles a Python application and all its dependencies into a single package. A PyInstaller built application, elevated as a privileged process, may be tricked by an unprivileged attacker into deleting files the unprivileged user does not otherwise have access to. A user is affected if...

SUSE SLES15: libnss_slurm2_22_05 / libpmi0_22_05 / libslurm38 / perl-slurm_22_05 / etc (SUSE-SU-2023:4581-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2023:4581-1 advisory. - CVE-2023-41914: Fixed a filesystem handling race condition that could have led to an attacker taking control of an arbitrary file, or removing entire...

CVE-2023-41914

SchedMD Slurm 23.02.x before 23.02.6 and 22.05.x before 22.05.10 allows filesystem race conditions for gaining ownership of a file, overwriting a file, or deleting files...

Design/Logic Flaw

The NEX-Forms. plugin for WordPress is vulnerable to unauthorized disclosure and modification of data in versions up to, and including 7.7.1 due to missing capability checks on several AJAX actions. This makes it possible for authenticated attackers with subscriber level permissions and above to...

GHSA-CF55-RQ8X-HM6F Path Traversal in Dutchcoders transfer.sh

Dutchcoders transfer.sh before 1.2.4 allows Directory Traversal for deleting files...

Red Hat Certification 访问控制错误漏洞

Red Hat Certification is a software package from Red Hat USA. An access control error vulnerability exists in Redhat redhat-certification 7 that stems from the component not restricting access to files in the update results page. An attacker could exploit this vulnerability to delete any file...

CVE-2021-33497

Dutchcoders transfer.sh before 1.2.4 allows Directory Traversal for deleting files...

CVE-2021-33497

Dutchcoders transfer.sh before 1.2.4 allows Directory Traversal for deleting files...

CVE-2021-33497

CVE-2021-33497 affects Dutchcoders transfer.sh up to version 1.2.3, where a directory-traversal vulnerability in file handling allows deletion of arbitrary files. The issue stems from unvalidated/un-sanitized input and leads to potential unauthorized file removal. A fixed release, transfer.sh 1.2...

CVE-2021-33497

Dutchcoders transfer.sh before 1.2.4 allows Directory Traversal for deleting files...

PT-2021-20159 · Dutchcoders · Transfer.Sh

Name of the Vulnerable Software and Affected Versions: Dutchcoders transfer.sh versions prior to 1.2.4 Description: The issue allows Directory Traversal, which can be used for deleting files. This can potentially lead to unauthorized access and modification of sensitive data. Recommendations: For...

CVE-2020-7281 Privilege Escalation vulnerability in McAfee Total Protection (MTP)

Privilege Escalation vulnerability in McAfee Total Protection MTP prior to 16.0.R26 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious...

CVE-2020-11701

ProVide (formerly zFTPServer) up to version 13.1 contains a CSRF vulnerability in the User Web Interface that allows an attacker to grant filesystem access to the public for uploading and deleting files and directories. The issue is described across multiple sources (NVD entry CVE-2020-11701 and ...

CVE-2020-11701

An issue was discovered in ProVide formerly zFTPServer through 13.1. CSRF exists in the User Web Interface, as demonstrated by granting filesystem access to the public for uploading and deleting files and directories...