24 matches found
Directory Traversal
Overview Magick.NET-Q8-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
EUVD-2026-33305
WWBN AVideo is an open source video platform. In 29.0 and earlier, an unauthenticated remote attacker can read arbitrary image files anywhere on disk that the PHP user can open — including private user-profile photos that the application's normal serving wrappers gate behind ACLs, admin-uploaded...
CVE-2026-3366 InfoSphere Optim Test Data Fabrication is affected by Arbitrary File Read
IBM InfoSphere Optim Test Data Fabrication 1.0.0, 1.0.0.1, 1.0.0.2, 1.0.2, 1.0.2.2, 1.0.2.3, 1.0.2.4, 1.0.2.5, 1.0.2.6, 1.0.2.7 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view...
CVE-2026-40923
CVE-2026-40923 affects Tekton Pipelines. Before v1.11.1, a validation bypass in the VolumeMount path restriction lets mounting volumes under restricted /tekton/ paths by exploiting .. path traversal components. The check relies on strings.HasPrefix instead of filepath.Clean, allowing inputs like ...
PT-2026-25856
Name of the Vulnerable Software and Affected Versions File Browser versions 2.61.2 and below Description File Browser, a file managing interface, has an issue where an authenticated user with Create or Rename permissions can bypass administrator-configured deny rules. This is due to the order in...
Directory Traversal
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Directory Traversal via the gateway plugin authentication. An attacker can gain unauthorized access to protected API channel routes by sending requests with encoded dot-segment traversal ...
CVE-2024-51453
IBM Sterling Secure Proxy 6.2.0.0 through 6.2.0.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...
PT-2024-10551 · Unknown · Tftp Server +1
Name of the Vulnerable Software and Affected Versions: Distinct Intranet Servers versions 3.10 and earlier Description: The issue allows remote attackers to read or write arbitrary files via a .. dot dot in the 1 get or 2 put commands. This is due to multiple directory traversal vulnerabilities i...
librsvg: Arbitrary file read when xinclude href has special characters
A directory traversal vulnerability was discovered in the URL decoder of Librsvg. This issue occurs when xinclude href has special characters; demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element, which can allow an attacker to send a specially crafted URL...
Rockwell Automation ThinManager 路径遍历漏洞
Rockwell Automation ThinManager is a thin client management software from Rockwell Automation, Inc. It allows thin clients to be assigned to multiple remote desktop servers at the same time. An input validation error vulnerability exists in Rockwell Automation ThinManager ThinServer, which can be...
CVE-2020-5001
IBM Financial Transaction Manager 3.2.0 through 3.2.7 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system. IBM X-Force ID: 192953...
SUSE CVE-2010-4651
Directory traversal vulnerability in util.c in GNU patch 2.6.1 and earlier allows user-assisted remote attackers to create or overwrite arbitrary files via a filename that is specified with a .. dot dot or full pathname, a related issue to CVE-2010-1679...
VulnCheck KEV: CVE-2015-7254
Directory traversal vulnerability on Huawei HG532e, HG532n, and HG532s devices allows remote attackers to read arbitrary files via a .. dot dot in an icon/ URI...
DEBIAN-CVE-2021-38511
An issue was discovered in the tar crate before 0.4.36 for Rust. When symlinks are present in a TAR archive, extraction can create arbitrary directories via .. traversal...
CVE-2019-4423
IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system. IBM X-Force ID: 162769...
PT-2019-17093 · Ibm · Ibm Api Connect
Name of the Vulnerable Software and Affected Versions: IBM API Connect versions 5.0.0.0 through 5.0.8.6 Description: The issue allows a remote attacker to traverse directories on the system by sending a specially-crafted URL request containing "dot dot" sequences /../ to view arbitrary files on t...
UBUNTU-CVE-2018-6914
Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 might allow attackers to create arbitrary directories or files via a .. dot dot in the prefix argument...
CVE-2016-10183
An issue was discovered on the D-Link DWR-932B router. qmiweb allows directory listing with ../ traversal...
PT-2009-6358 · Golden Ftp Server · Golden Ftp Server
Name of the Vulnerable Software and Affected Versions: Golden FTP Server versions 4.30 through 4.50 Description: The issue allows remote authenticated users to delete arbitrary files via a .. dot dot in the DELE command. This is a directory traversal vulnerability. Recommendations: For Golden FTP...
OpenJDK ICC_Profile file existence detection information leak (6631533)
Directory traversal vulnerability in the ICCProfile.getInstance method in Java Runtime Environment JRE in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local International Color Consortium ICC profile files via a .. dot...