20 matches found
CVE-2026-41082
In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach a parent directory...
SFTPGo 路径遍历漏洞
SFTPGo is a fully functional and highly configurable SFTP server developed by the Italian developer Nicola Murino. Versions of SFTPGo prior to 2.7.1 contained a path traversal vulnerability, which was caused by improper validation of dynamic group paths. This vulnerability could lead to path...
CVE-2025-22873
It was possible to improperly access the parent directory of an os.Root by opening a filename ending in "../". For example, Root.Open"../" would open the parent directory of the Root. This escape only permits opening the parent directory itself, not ancestors of the parent or files contained with...
UBUNTU-CVE-2025-22873
It was possible to improperly access the parent directory of an os.Root by opening a filename ending in "../". For example, Root.Open"../" would open the parent directory of the Root. This escape only permits opening the parent directory itself, not ancestors of the parent or files contained with...
CVE-2025-22873 Improper access to parent directory of root in os
It was possible to improperly access the parent directory of an os.Root by opening a filename ending in "../". For example, Root.Open"../" would open the parent directory of the Root. This escape only permits opening the parent directory itself, not ancestors of the parent or files contained with...
CVE-2025-22873
It was possible to improperly access the parent directory of an os.Root by opening a filename ending in "../". For example, Root.Open"../" would open the parent directory of the Root. This escape only permits opening the parent directory itself, not ancestors of the parent or files contained with...
CVE-2025-22873
CVE-2025-22873 involves a directory traversal in Go’s os package. Versions prior to Go 1.24.3 allow opening the parent directory of an os.Root by a filename ending with “.. /”, via Root.Open("../"). The escape permits only the immediate parent directory, not ancestors or files inside it. Affected...
GO-2026-4403 Improper access to parent directory of root in os
It was possible to improperly access the parent directory of an os.Root by opening a filename ending in "../". For example, Root.Open"../" would open the parent directory of the Root. This escape only permits opening the parent directory itself, not ancestors of the parent or files contained with...
CVE-2025-42937 Directory Traversal vulnerability in SAP Print Service
SAP Print Service SAPSprint performs insufficient validation of path information provided by users. An unauthenticated attacker could traverse to the parent directory and over-write system files causing high impact on confidentiality integrity and availability of the application...
SUSE CVE-2021-29425
In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above thus "limited" path traversal,...
apache-commons-io: Limited path traversal in Apache Commons IO 2.2 to 2.6
In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above thus "limited" path traversal,...
apache-commons-io: Limited path traversal in Apache Commons IO 2.2 to 2.6
In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above thus "limited" path traversal,...
Path traversal
In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above thus "limited" path traversal,...
CVE-2021-29425
In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above thus "limited" path traversal,...
CVE-2021-29425
In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above thus "limited" path...
Unspecified Vulnerability in HashBrown CMS
HashBrown CMS is an open source headless content management system CMS. A security vulnerability exists in the Server/Entity/Resource/Connection.js file in HashBrown CMS versions prior to 1.3.2. The vulnerability can be exploited by an attacker to access the parent directory with the help of a...
Code injection
An issue was discovered in HashBrown CMS before 1.3.2. Server/Entity/Resource/Connection.js allows an attacker to reach a parent directory via a crafted name or ID field...
CVE-2019-9064
PHP Scripts Mall Cab Booking Script 1.0.3 allows Directory Traversal into the parent directory of a jpg or png file...
Miniwebsvr web server directory traversal
It's possible to retrieve parent directory listing with /..00 request...
Mandrake Linux Security Advisory : unzip (MDKSA-2003:073-1)
A vulnerability was discovered in unzip 5.50 and earlier that allows attackers to overwrite arbitrary files during archive extraction by placing non-printable characters between two '.' characters. These invalid characters are filtered which results in a '..' sequence. The patch applied to these...