Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via unsanitized input in the prefix, postfix, or dir parameters during path construction. An attacker can create files outside the intended temporary directory, potentially overwriting or placing files in sensitive...

PT-2026-42664

Summary The fileID field from Manifest.db a SQLite database inside iOS backups, generated by the device is used directly in filesystem path construction without validation. This affects two commands through a shared code path: - mvt-ios decrypt-backup decrypt.py: file id is used to construct both...

CVE-2026-34794

Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logsids.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open call, which allows command injection due to an incomplete...

PT-2026-29754

Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logs ids.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open call, which allows command injection due to an incomplete...

OpenSift 路径遍历漏洞

OpenSift is an open-source artificial intelligence learning assistant developed by OpenSift. Versions of OpenSift prior to 1.6.3-alpha contained a path traversal vulnerability. This vulnerability stemmed from the lack of uniform enforcement of the base directory inclusion in the path construction...

CVE-2026-22212 TinyOS <= 2.1.2 Stack-Based Buffer Overflow in mcp2200gpio

TinyOS versions up to and including 2.1.2 contain a stack-based buffer overflow vulnerability in the mcp2200gpio utility. The vulnerability is caused by unsafe use of strcpy and strcat functions when constructing device paths during automatic device discovery. A local attacker can exploit this by...

CVE-2026-22212

CVE-2026-22212 concerns TinyOS up to 2.1.2, where the mcp2200gpio utility is vulnerable to a stack-based buffer overflow. The root cause is unsafe use of strcpy() and strcat() when constructing device paths during automatic device discovery, allowing a local attacker to craft filenames under /dev...

EUVD-2005-3747

Malware in sbrugna...

Remote Code Execution (RCE)

pyloadng is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe path construction in the addcrypted endpoint via the package parameter, which allows unauthenticated attackers to write arbitrary files outside the designated directory, enabling privilege escalation and remot...

CVE-2025-22242 CVE-2025-22242 salt advisory

Worker process denial of service through file read operation. .A vulnerability exists in the Master's “pubret” method which is exposed to all minions. The un-sanitized input value “jid” is used to construct a path which is then opened for reading. An attacker could exploit this vulnerabilities by...

CVE-2005-3752

Unspecified vulnerability in ldapdiff before 1.1.1 has unknown impact and attack vectors, related to "ldapdiff.conf path construction"...

CVE-2024-7957 Arbitrary File Overwrite in danswer-ai/danswer

An arbitrary file overwrite vulnerability exists in the ZulipConnector of danswer-ai/danswer, affecting the latest version. The vulnerability arises from the loadcredentials method, where user-controlled input for realmname and zuliprccontent is used to construct file paths and write file content...

CVE-2024-7957 Arbitrary File Overwrite in danswer-ai/danswer

An arbitrary file overwrite vulnerability exists in the ZulipConnector of danswer-ai/danswer, affecting the latest version. The vulnerability arises from the loadcredentials method, where user-controlled input for realmname and zuliprccontent is used to construct file paths and write file content...

changedetection.io Vulnerable to Improper Input Validation Leading to LFR/Path Traversal

Summary Improper input validation in the application can allow attackers to perform local file read LFR or path traversal attacks. These vulnerabilities occur when user input is used to construct file paths without adequate sanitization or validation. For example, using file:../../../etc/passwd o...

CVE-2023-41973

ZSATray passes the previousInstallerName as a config parameter to TrayManager, and TrayManager constructs the path and appends previousInstallerName to get the full path of the exe. Fixed Version: Win ZApp 4.3.0.121 and later...

PrestaShop Path Traversal Vulnerability

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides multiple payment methods, SMS alerts and product image scaling. A security vulnerability exists in PrestaShop Common-Services version 2.5.9 and prior versions, which stems from a lac...

PT-2022-19784 · Delta Industrial Automation · Dialink

Name of the Vulnerable Software and Affected Versions: Delta Industrial Automation DIALink versions prior to v1.5.0.0 Beta 4 Description: The issue arises from the software's failure to properly neutralize special elements within a pathname constructed from external input. This pathname is intend...

GSA Bounty: Limited LFI

Summary: Due to improper parameter sensitization local file inclusion is possible. LFI is limited as we were not able to truncate the end of string. Description: Application root is located at /var/www/dashboard/new/public Due to URL Manipulation we are able to raed file from...

Directory traversal

Directory traversal vulnerability in the session handling class GallerySession.class in Gallery 2 up to 2.0.2 allows remote attackers to access and delete files by specifying the session in a cookie, which is used in constructing file paths before the session value is sanitized...

CVE-2005-3752

Unspecified vulnerability in ldapdiff before 1.1.1 has unknown impact and attack vectors, related to "ldapdiff.conf path construction"...