Lucene search
K

24 matches found

Snyk
Snyk
added 2026/06/10 11:12 p.m.7 views

Directory Traversal

Overview Magick.NET-Q8-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

6.8CVSS6.2AI score0.00128EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/29 1:3 p.m.14 views

EUVD-2026-33305

WWBN AVideo is an open source video platform. In 29.0 and earlier, an unauthenticated remote attacker can read arbitrary image files anywhere on disk that the PHP user can open — including private user-profile photos that the application's normal serving wrappers gate behind ACLs, admin-uploaded...

6.9CVSS6AI score0.00455EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/27 12:25 p.m.42 views

CVE-2026-3366 InfoSphere Optim Test Data Fabrication is affected by Arbitrary File Read

IBM InfoSphere Optim Test Data Fabrication 1.0.0, 1.0.0.1, 1.0.0.2, 1.0.2, 1.0.2.2, 1.0.2.3, 1.0.2.4, 1.0.2.5, 1.0.2.6, 1.0.2.7 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view...

7.5CVSS0.00596EPSS
Exploits0References1
CVE
CVE
added 2026/04/21 8:50 p.m.15 views

CVE-2026-40923

CVE-2026-40923 affects Tekton Pipelines. Before v1.11.1, a validation bypass in the VolumeMount path restriction lets mounting volumes under restricted /tekton/ paths by exploiting .. path traversal components. The check relies on strings.HasPrefix instead of filepath.Clean, allowing inputs like ...

5.4CVSS5.8AI score0.0022EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.10 views

PT-2026-25856

Name of the Vulnerable Software and Affected Versions File Browser versions 2.61.2 and below Description File Browser, a file managing interface, has an issue where an authenticated user with Create or Rename permissions can bypass administrator-configured deny rules. This is due to the order in...

6.5CVSS5.8AI score0.00387EPSS
Exploits0References8
Snyk
Snyk
added 2026/03/03 6:54 p.m.3 views

Directory Traversal

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Directory Traversal via the gateway plugin authentication. An attacker can gain unauthorized access to protected API channel routes by sending requests with encoded dot-segment traversal ...

9.3CVSS6.2AI score0.00433EPSS
Exploits0References3
OSV
OSV
added 2025/05/28 4:15 p.m.7 views

CVE-2024-51453

IBM Sterling Secure Proxy 6.2.0.0 through 6.2.0.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...

7.5CVSS5.9AI score0.0043EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/06/21 12:0 a.m.7 views

PT-2024-10551 · Unknown · Tftp Server +1

Name of the Vulnerable Software and Affected Versions: Distinct Intranet Servers versions 3.10 and earlier Description: The issue allows remote attackers to read or write arbitrary files via a .. dot dot in the 1 get or 2 put commands. This is due to multiple directory traversal vulnerabilities i...

9.1CVSS7.6AI score0.29539EPSS
Exploits2References6
RedHat Linux
RedHat Linux
added 2023/08/29 9:23 a.m.4 views

librsvg: Arbitrary file read when xinclude href has special characters

A directory traversal vulnerability was discovered in the URL decoder of Librsvg. This issue occurs when xinclude href has special characters; demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element, which can allow an attacker to send a specially crafted URL...

5.5CVSS5.9AI score0.02132EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/08/17 12:0 a.m.5 views

Rockwell Automation ThinManager 路径遍历漏洞

Rockwell Automation ThinManager is a thin client management software from Rockwell Automation, Inc. It allows thin clients to be assigned to multiple remote desktop servers at the same time. An input validation error vulnerability exists in Rockwell Automation ThinManager ThinServer, which can be...

9.1CVSS7.4AI score0.78093EPSS
Exploits1References3
OSV
OSV
added 2023/03/01 10:15 p.m.5 views

CVE-2020-5001

IBM Financial Transaction Manager 3.2.0 through 3.2.7 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system. IBM X-Force ID: 192953...

7.5CVSS5.9AI score0.01019EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 5:55 a.m.5 views

SUSE CVE-2010-4651

Directory traversal vulnerability in util.c in GNU patch 2.6.1 and earlier allows user-assisted remote attackers to create or overwrite arbitrary files via a filename that is specified with a .. dot dot or full pathname, a related issue to CVE-2010-1679...

5.8CVSS7.1AI score0.04834EPSS
Exploits0References6
VulnCheck KEV
VulnCheck KEV
added 2022/01/12 12:0 a.m.4 views

VulnCheck KEV: CVE-2015-7254

Directory traversal vulnerability on Huawei HG532e, HG532n, and HG532s devices allows remote attackers to read arbitrary files via a .. dot dot in an icon/ URI...

5CVSS5.9AI score0.27528EPSS
Exploits2References1
OSV
OSV
added 2021/08/10 11:15 p.m.7 views

DEBIAN-CVE-2021-38511

An issue was discovered in the tar crate before 0.4.36 for Rust. When symlinks are present in a TAR archive, extraction can create arbitrary directories via .. traversal...

7.5CVSS7.5AI score0.01392EPSS
Exploits1References1
OSV
OSV
added 2019/09/30 4:15 p.m.3 views

CVE-2019-4423

IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system. IBM X-Force ID: 162769...

5.3CVSS6.2AI score0.02675EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2019/08/20 12:0 a.m.4 views

PT-2019-17093 · Ibm · Ibm Api Connect

Name of the Vulnerable Software and Affected Versions: IBM API Connect versions 5.0.0.0 through 5.0.8.6 Description: The issue allows a remote attacker to traverse directories on the system by sending a specially-crafted URL request containing "dot dot" sequences /../ to view arbitrary files on t...

7.5CVSS5AI score0.02569EPSS
Exploits0References4
OSV
OSV
added 2018/04/03 12:0 a.m.4 views

UBUNTU-CVE-2018-6914

Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 might allow attackers to create arbitrary directories or files via a .. dot dot in the prefix argument...

7.5CVSS6.8AI score0.10552EPSS
Exploits0References5
OSV
OSV
added 2017/01/30 4:59 a.m.5 views

CVE-2016-10183

An issue was discovered on the D-Link DWR-932B router. qmiweb allows directory listing with ../ traversal...

7.5CVSS5.8AI score0.05596EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2009/12/03 12:0 a.m.4 views

PT-2009-6358 · Golden Ftp Server · Golden Ftp Server

Name of the Vulnerable Software and Affected Versions: Golden FTP Server versions 4.30 through 4.50 Description: The issue allows remote authenticated users to delete arbitrary files via a .. dot dot in the DELE command. This is a directory traversal vulnerability. Recommendations: For Golden FTP...

8.1CVSS7.8AI score0.03444EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2009/11/16 3:44 p.m.3 views

OpenJDK ICC_Profile file existence detection information leak (6631533)

Directory traversal vulnerability in the ICCProfile.getInstance method in Java Runtime Environment JRE in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local International Color Consortium ICC profile files via a .. dot...

5CVSS5.9AI score0.03751EPSS
Exploits1References4
Rows per page
Query Builder