101 matches found
CVE-2025-8357
The Media Library Assistant plugin for WordPress is vulnerable to arbitrary file deletion in the /wp-content/uploads directory due to insufficient file path validation and user capability checking in the processmladownloadfile function in all versions up to, and including, 3.27. This makes it...
The vulnerability of the distributed version control system Git used by Microsoft Visual Studio allows a perpetrator to execute arbitrary code.
The vulnerability of the distributed version control system Git used by Microsoft Visual Studio is related to the use of an unreliable path for checking orthography of cloned repositories. Exploiting this vulnerability allows a perpetrator to execute arbitrary code during the cloning of unreliabl...
The vulnerability of the WinRAR file archiver, related to incorrect restrictions on the path name of the restricted directory, allows a hacker to execute arbitrary code.
The vulnerability of the WinRAR file archiver is related to incorrect restrictions on the path name of the restricted directory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code upon opening a specially crafted file...
UNIX Symbolic Link (Symlink) Following
Overview Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink Following via improper checks of a path's existence under the .git directory. An attacker can execute arbitrary commands with the privileges of the configured account in RUNUSER. By exploiting this flaw, an...
Cursor 路径遍历漏洞
Cursor is an AI code editor from the Cursor open source. A path traversal vulnerability exists in Cursor versions 0.45.0 through 0.48.6, which stems from not properly restricting file path modification permissions, which could lead to a specially crafted context-triggered write to a file outside...
The vulnerability of the `-safe-links` configuration in the rsyncd daemon’s utility for transferring and synchronizing files allows a hacker to write arbitrary files.
The vulnerability of the -safe-links configuration in the rsyncd daemon’s utility for transferring and synchronizing files involves bypassing the directory path check, resulting in the absence of symbolic link checks. Exploiting this vulnerability allows a remote attacker to write arbitrary files...
The vulnerability in the getSyslogFile function of the mainfunction.cgi web interface of the DrayTek Vigor router software allows a malicious individual to gain unauthorized access to confidential system files.
The vulnerability of the getSyslogFile function in the mainfunction.cgi web interface of the DrayTek Vigor router software is related to an incorrect restriction on the path name to the restricted directory. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain...
WordPress plugin EduAdmin Booking 路径遍历漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...
The vulnerability of the fs.mkdtemp() and fs.mkdtempSync() methods in the Node.js software platform allows a hacker to create arbitrary directories.
The vulnerability of the fs.mkdtemp and fs.mkdtempSync methods in the Node.js software platform is related to incorrect path name restrictions for restricted-access directories. Exploiting this vulnerability could allow an attacker to create arbitrary directories remotely...
python-django: Potential directory-traversal in django.core.files.storage.Storage.save()
A vulnerability was found in Python-Django in the Derived classes of the django.core.files.storage.Storage base class that overrides the generatefilename without replicating the file path validations existing in the parent class. This flaw allows potential directory traversal via certain inputs...
jenkins-2-plugins: Improper input sanitization in HTML Publisher Plugin
A flaw was found in jenkins-2-plugins. In the HTML Publisher Plugin 1.16 through 1.32, fallback for reports created in HTML Publisher Plugin 1.15 and earlier does not properly sanitize input. This can allow attackers with Item/Configure permissions to implement stored cross-site scripting XSS...
SUSE CVE-2024-39330
An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. Derived classes of the django.core.files.storage.Storage base class, when they override generatefilename without replicating the file-path validations from the parent class, potentially allow directory traversal via certain...
The vulnerability of the aiohttp HTTP client, related to incorrect path name restrictions for restricted access directories, allows attackers to gain unauthorized access to protected information.
The vulnerability of the aiohttp HTTP client is related to incorrect restrictions on the path name to the restricted directory. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...
Important: php73
Issue Overview: A flaw was discovered in the link function in PHP. When compiled on Windows, it does not correctly handle paths containing NULL bytes. An attacker could abuse this flaw to bypass application checks on file paths. CVE-2019-11044 In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.1...
GitLab 路径遍历漏洞
GitLab is an open source application developed using Ruby on Rails that implements a self-hosted Git project repository that can be accessed through a web interface for public and private projects.GitLab EE is the GitLab Enterprise Edition and GitLab CE is the GitLab Community Edition. GitLab CE/...
The vulnerability of the file loading function of the distributed file system sjqzhang go-fastdfs allows a attacker to write any files and execute any commands.
The vulnerability of the file loading function in the distributed file system sjqzhang go-fastdfs is related to deficiencies in path checking for restricted-access directories. Exploiting this vulnerability allows an attacker to write arbitrary files and execute arbitrary commands remotely...
PT-2023-21243 · Apache · Apache Linkis
Name of the Vulnerable Software and Affected Versions: Apache Linkis versions =1.3.1 Description: The PublicService module in Apache Linkis uploads files without restrictions on the path to the uploaded files and file types. Recommendations: For versions =1.3.1, upgrade to version 1.3.2. For...
The vulnerability of the distributed Git version control system, related to the improper restriction on the path name of the restricted access directory, allows a violator to re-record any files in the system.
The vulnerability of the distributed Git version control system relates to the input of processed input data—the path outside the working tree may be rewritten by a user who runs “git apply”. Exploiting this vulnerability allows an attacker to rewrite any files in the system at will...
USN-5947-1 php-twig, twig vulnerabilities
Fabien Potencier discovered that Twig was not properly enforcing sandbox policies when dealing with objects automatically cast to strings by PHP. An attacker could possibly use this issue to expose sensitive information. This issue was only fixed in Ubuntu 16.04 ESM and Ubuntu 18.04 ESM...
SUSE CVE-2005-0710
MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to bypass library path restrictions and execute arbitrary libraries by using INSERT INTO to modify the mysql.func table, which is processed by the udfinit function...