6 matches found
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal due to insufficient sanitization of directory names ending with a "." in the upload process. An attacker can write files outside the intended datastore directory by crafting directory names that end with "%2E". This ...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal due to insufficient sanitization of directory names ending with a "." in the upload process. An attacker can write files outside the intended datastore directory by crafting directory names that end with "%2E". This ...
CVE-2025-14728
Rapid7 Velociraptor versions before 0.75.6 contain a directory traversal issue on Linux servers that allows a rogue client to upload a file which is written outside the datastore directory. Velociraptor is normally only allowed to write in the datastore directory. The issue occurs due to...
CVE-2025-14728
CVE-2025-14728 affects Rapid7 Velociraptor prior to 0.75.6. A directory traversal vulnerability arises on Linux where a rogue client can upload a file written outside the datastore directory due to insufficient sanitization of directory names that end with a dot, encoded as %2E. Although files ma...
CVE-2021-31932
Nokia BTS TRS web console FTMW20FP22019.08.160010 allows Authentication Bypass. A malicious unauthenticated user can get access to all the functionalities exposed via the web panel, circumventing the authentication process, by using URL encoding for the . dot character...
CVE-2021-31932
Nokia BTS TRS web console FTMW20FP22019.08.160010 allows Authentication Bypass. A malicious unauthenticated user can get access to all the functionalities exposed via the web panel, circumventing the authentication process, by using URL encoding for the . dot character...