BIT-PYTHON-2007-4559

Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in filenames in a TAR archive, a related issue to CVE-2001-1267...

OESA-2024-2304 python3 security update

Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...

Delta Electronics DIAEnergie 路径遍历漏洞

Delta Electronics DIAEnergie is an industrial energy management system from Delta Electronics, Taiwan, China. A path traversal vulnerability exists in Delta Electronics DIAEnergie, which can be exploited by an attacker to write an arbitrary file on the system by sending a specially crafted URL...

Adobe RoboHelp 安全漏洞

Adobe RoboHelp Server is a server-based application for FrameMaker and RoboHelp enterprise users. A path traversal vulnerability exists in Adobe RoboHelp Server, which can be exploited by an attacker to execute arbitrary code on the system by sending a specially crafted URL request that contains...

NCH Axon PBX 路径遍历漏洞

NCH Axon PBX is a set of virtual telephone switch software used in commercial environments. The NCH Axon PBX has a security vulnerability that could be exploited to send a constructed URL request to the logdelete function, which contains the "dot-dot" sequence in the file parameter /... /. to vie...

CVE-2021-20511

CVE-2021-20511 affects IBM Security Verify Access Docker 10.0.0. A path traversal flaw allows a remote attacker to view arbitrary files by sending a crafted URL containing ../ sequences, effectively exposing system files. The IBM security bulletin confirms the vulnerability and provides a remedia...

The vulnerability of the Zyxel VMG1312-B10D router’s microprogramming software arises from deficiencies in the checking of path names for access-limited directories. This vulnerability allows attackers to gain access to protected information.

The vulnerability of Zyxel VMG1312-B10D router microprogramming software is related to deficiencies in the checking of path names to restricted access directories. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to protected information by using a specially...

GHSA-89GC-6CW6-4VCH Spark allows remote attackers to read arbitrary files via a .. (dot dot) in the URI

Directory traversal vulnerability in Spark 2.5 allows remote attackers to read arbitrary files via a .. dot dot in the URI...

lab6.brit95 Path Traversal Vulnerability

lab6.brit95 is a file server. A path traversal vulnerability exists in lab6.brit95. An attacker can exploit this vulnerability to gain access to the file system by placing a '... /' sequence in a URL to gain access to the file system...

tomcat directory traversal

Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules modproxy, modrewrite, modjk, allows remote attackers to read arbitrary files via a .. dot dot sequence with combinations of 1 "/" slash, 2 "" backslash, and...

PT-2007-1918 · Apache +2 · Apache Tomcat +3

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server and Tomcat versions prior to 5.5.22 and 6.0.10 Tomcat versions prior to 5.5.22 and 6.0.10 Description: The issue allows remote attackers to read arbitrary files via a .. dot dot sequence with combinations of 1 "/" slash, 2 ...

CVE-2006-6284

Directory traversal vulnerability in admin.php in Vikingboard 0.1.2 allows remote authenticated administrators to include arbitrary files via a .. dot dot sequence in the act parameter...

CVE-2006-5205

Vulnerability CVE-2006-5205 affects Invision Gallery 2.0.7. A directory traversal flaw allows remote attackers to read arbitrary files via a .. sequence in the dir parameter when using the viewimage command in the gallery module (index.php and forum/index.php). Public exploit references exist (Ex...

DEBIAN-CVE-2006-2658

Directory traversal vulnerability in the xsp component in modmono in Mono/C web server, as used in SUSE Open-Enterprise-Server 1 and SUSE Linux 9.2 through 10.0, allows remote attackers to read arbitrary files via a .. dot dot sequence in an HTTP request...

DEBIAN-CVE-2005-2874

The ispathabsolute function in scheduler/client.c for the daemon in CUPS before 1.1.23 allows remote attackers to cause a denial of service CPU consumption by tight loop via a "...." URL in an HTTP request...

DEBIAN-CVE-2002-1425

Directory traversal vulnerability in munpack in mpack 1.5 and earlier allows remote attackers to create new files in the parent directory via a ../ dot-dot sequence in the filename to be extracted...