UBUNTU-CVE-2026-40491

gdown is a Google Drive public file/folder downloader. Versions prior to 5.2.2 are vulnerable to a Path Traversal attack within the extractall functionality. When extracting a maliciously crafted ZIP or TAR archive, the library fails to sanitize or validate the filenames of the archive members...

CVE-2023-5504

The BackWPup plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.0.1 via the Log File Folder. This allows authenticated attackers to store backups in arbitrary folders on the server provided they can be written to by the server. Additionally, default...

CVE-2024-8746

The File Manager Pro plugin for WordPress is vulnerable to arbitrary backup file downloads and uploads due to missing file type validation via the 'mkfilefoldermanagershortcode' ajax action in all versions up to, and including, 8.3.9. This makes it possible for unauthenticated attackers, if grant...

CVE-2023-5504

Summary (CVE-2023-5504) The BackWPup WordPress backup plugin is affected by a directory traversal vulnerability in versions up to and including 4.0.1, exploitable via the Log File Folder. The underlying issue allows an authenticated attacker with plugin access to store backups in arbitrary server...

BackWPup < 4.0.2 - Authenticated (Administrator+) Directory Traversal

Description The BackWPup plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.0.1 via the Log File Folder. This allows authenticated attackers to store backups in arbitrary folders on the server provided they can be written to by the server. Additionally,...

PostmagThemes Demo < 1.0.8 - Admin+ Arbitrary File Upload

The plugin does not validate the imported file, allowing high-privilege users such as admin to upload arbitrary files such as PHP leading to RCE. 1. Go to Appearance » Import Demo Data » Manual demo files upload » Run "Choose a JSON file for customizer import" and import a PHP file. 2. Click Impo...

Download Manager < 3.2.55 - Admin+ Arbitrary File/Folder Access via Path Traversal

The plugin does not validate one of its settings, which could allow high privilege users such as admin to list and read arbitrary files and folders outside of the blog directory 1. Navigate to settings page /wp-admin/edit.php?posttype=wpdmpro&page=settings 2. In the “File Browser Root:” setting,...

file-folder-ren.sourceforge.net Cross Site Scripting vulnerability OBB-2132121

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Design/Logic Flaw

GdkPixBuf aka gdk-pixbuf, possibly 2.32.2, as used by GNOME Nautilus 3.14.3 on Ubuntu 16.04, allows attackers to cause a denial of service stack corruption or possibly have unspecified other impact via a crafted file folder...

CVE-2017-12447

GdkPixBuf aka gdk-pixbuf, possibly 2.32.2, as used by GNOME Nautilus 3.14.3 on Ubuntu 16.04, allows attackers to cause a denial of service stack corruption or possibly have unspecified other impact via a crafted file folder...

CVE-2017-12447

GdkPixBuf aka gdk-pixbuf, possibly 2.32.2, as used by GNOME Nautilus 3.14.3 on Ubuntu 16.04, allows attackers to cause a denial of service stack corruption or possibly have unspecified other impact via a crafted file folder...

CVE-2018-16480

A XSS vulnerability was found in module public 0.1.4 that allows malicious Javascript code to run in the browser, due to the absence of sanitization of the file/folder names before rendering...

January 8, 2019—KB4480978 (OS Build 16299.904)

January 8, 2019—KB4480978 OS Build 16299.904 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addresses an issue that affects PowerShell remoting loop back using non-administrator accounts...

CVE-2018-15590

An issue was discovered in Ivanti Workspace Control before 10.3.0.0 and RES One Workspace, when file and folder security are configured. A local authenticated user can bypass file and folder security restriction by leveraging an unspecified attack vector...

IIS short file bug fixes-vulnerability warning-the black bar safety net

Recent site system is to scan the vulnerability: IIS short file/folder vulnerability Vulnerability level: medium risk vulnerability Vulnerability address: full website Vulnerability description: IIS short file name disclosure vulnerability in IIS on the realization on the existence of the file...

CVE-2014-8398

Multiple untrusted search path vulnerabilities in Corel FastFlick allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse 1 igfxcmrt32.dll, 2 ipl.dll, 3 MSPStyleLib.dll, 4 uFioUtil.dll, 5 uhDSPlay.dll, 6 uipl.dll, 7 uvipl.dll, 8 VC1DecDll.dll, or 9...