PT-2026-45440

Name of the Vulnerable Software and Affected Versions Gravity Forms versions prior to 2.10.0.2 Description An improper limitation of a pathname to a restricted directory, known as Path Traversal, exists in Gravity Forms. This allows an attacker to access files and directories outside of the...

CVE-2026-32147

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP ssh sshsftpd module allows an authenticated SFTP user to modify file attributes outside the configured chroot directory. The SFTP daemon sshsftpd stores the raw, user-supplied path in file...

Convert 安全漏洞

Convert is an online file format conversion tool developed by p2r3 individuals. Convert has a security vulnerability, which stems from improper handling of parameters pathname in the component API functions of the buildCache.js file. This could lead to path traversal attacks...

EUVD-2019-9514

Malware in sbrugna...

EUVD-2013-0906

Malware in sbrugna...

EUVD-2013-2839

Malware in sbrugna...

Gitblit 安全漏洞

Gitblit is an open source, pure Java Git solution from Gitblit for managing, viewing, and provisioning Git repositories. A security vulnerability exists in Gitblit v1.7.1, which stems from improper repository pathname handling and could lead to a reflective cross-site scripting attack...

Sharp MFP Security Vulnerability

Sharp MFP is a series of multifunction printers from Sharp Japan. A security vulnerability exists in Sharp MFP that stems from a failure to properly neutralize a special element in a pathname that could cause the pathname to resolve to a location outside of a restricted directory, making it...

Werkzeug's improper usage of a pathname and improper CSRF protection results in the remote command execution

...

PrestaShop Path Traversal Vulnerability

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides multiple payment methods, SMS alerts, and product image zoom and other features. A security vulnerability exists in PrestaShop Product Catalog CSV, Excel, XML Export PRO 4.1.1 and...

PT-2021-22877 · Siemens · Openpcs 7 +5

Name of the Vulnerable Software and Affected Versions: OpenPCS 7 versions 7.0 through 9.1 SIMATIC BATCH versions 8.2 through 9.1 SIMATIC NET PC Software versions 14 through 17 SIMATIC PCS 7 versions 8.2 through 9.1 SIMATIC Route Control versions 8.2 through 9.1 SIMATIC WinCC versions 7.4 through ...

Debian DSA-4918-1 : ruby-rack-cors - security update

Improper pathname handling in ruby-rack-cors, a middleware that makes Rack-based apps CORS compatible, may result in access to private resources. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisor...

[SECURITY] [DSA 4918-1] ruby-rack-cors security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4918-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 18, 2021 https://www.debian.org/security/faq -...

EulerOS 2.0 SP8 : sqlite (EulerOS-SA-2020-1180)

According to the versions of the sqlite packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite calls...

Ubuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-2333-1)

A bug was discovered in the handling of pathname components when used with an autofs direct mount. A local user could exploit this flaw to cause a denial of service system crash via an open system call. CVE-2014-0203 Toralf Forster reported an error in the Linux kernels syscall auditing on 32 bit...

CVE-2013-0895

Google Chrome/Crome-derived browser on Linux and macOS has CVE-2013-0895 (and related 2013-08x family) due to Incorrect path handling in file copying. OpenSUSE openSUSE-SU-2013:0454-1 documents this CVE as a High-severity issue and notes a fix in the Chromium update path, with the 27.x line addre...

SUSE-SA:2005:036: sudo

The remote host is missing the patch for the advisory SUSE-SA:2005:036 sudo. Sudo8 allows the execution of commands as another user and gives the administrator more flexibility than su1. A race condition in the pathname handling of sudo may allow a local user to execute arbitrary commands. To...

sudo -- local race condition vulnerability

Todd C. Miller reports: A race condition in Sudo's command pathname handling prior to Sudo version 1.6.8p9 that could allow a user with Sudo privileges to run arbitrary commands. Exploitation of the bug requires that the user be allowed to run one or more commands via Sudo and be able to create...

HP-UX ftpd glob() Expansion STAT Buffer Overflow

The remote HPUX 11 FTP server is affected by a buffer overflow vulnerability. The overflow occurs when the STAT command is issued with an argument that expands into an oversized string after being processed by the 'glob' function. TRUSTED...