6 matches found
GHSA-WXQ4-CC2Q-338Q WsgiDAV encoded dot segments can escape filesystem share roots
Impact WsgiDAV 4.3.3 can allow a WebDAV request path containing an encoded parent-directory segment to escape the configured filesystem share root in a specific path layout. Patches The issue is fixed with version 4.3.4. Preconditions The practical impact depends on the deployment. The deployment...
WsgiDAV encoded dot segments can escape filesystem share roots
Impact WsgiDAV 4.3.3 can allow a WebDAV request path containing an encoded parent-directory segment to escape the configured filesystem share root in a specific path layout. Patches The issue is fixed with version 4.3.4. Preconditions The practical impact depends on the deployment. The deployment...
CVAT.ai CVAT 路径遍历漏洞
CVAT.ai CVAT is an open source data processing tool from CVAT.ai. A path traversal vulnerability exists in CVAT.ai CVAT versions 2.4.0 through 2.48.1, which originates from a malicious user being able to create or overwrite files in the root directory of a mounted file share, potentially leading ...
Ubuntu 19.04 : samba vulnerability (USN-4121-1)
Stefan Metzmacher discovered that the Samba SMB server did not properly prevent clients from escaping outside the share root directory in some situations. An attacker could use this to gain access to files outside of the Samba share, where allowed by the permissions of the underlying filesystem...
CVE-2010-0533
Directory traversal vulnerability in AFP Server in Apple Mac OS X before 10.6.3 allows remote attackers to list a share root's parent directory, and read and modify files in that directory, via unspecified vectors...
Directory traversal
Directory traversal vulnerability in AFP Server in Apple Mac OS X before 10.6.3 allows remote attackers to list a share root's parent directory, and read and modify files in that directory, via unspecified vectors...