5 matches found
CVE-2020-12265
The decompress package before 4.2.1 for Node.js is vulnerable to Arbitrary File Write via ../ in an archive member, when a symlink is used, because of Directory Traversal...
openSUSE: Security Advisory for salt (SUSE-SU-2024:0509-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Using the directory back payload (“/../”) in a package name allows placement of package in other folders.
Impact Backoffice users with permissions to create packages can use path traversal and thereby write outside of the expected location. Explanation of the vulnerability The “Package” section in Umbraco Backoffice allows a logged in user to write folders outside of the default package directory...
CVE-2022-25882
Versions of the package onnx before 1.13.0 are vulnerable to Directory Traversal as the externaldata field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory, for example "../../../etc/passwd"...
CVE-2014-3864
Directory traversal vulnerability in dpkg-source in dpkg-dev 1.3.0 allows remote attackers to modify files outside of the intended directories via a crafted source package that lacks a --- header line...