Directory Traversal

lollms repository is vulnerable to Directory Traversal. The vulnerability is due to improper path sanitization in the lollmsfilesystem.py file, allowing attackers to perform vectorize operations on .sqlite files in any directory, potentially leading to package installation and crashes...

CVE-2024-32491

Znuny and Znuny LTS are affected by CVE-2024-32491 due to a path-traversal flaw that lets an authenticated user upload a file to an arbitrary writable location via a manipulated AJAX request. If the location is publicly accessible via the web server, arbitrary code execution is possible. Affected...

BIT-NODE-2023-32004

A vulnerability has been discovered in Node.js version 20, specifically within the experimental permission model. This flaw relates to improper handling of Buffers in file system APIs causing a traversal path to bypass when verifying file permissions. This vulnerability affects all users using th...

CVE-2023-41790 Traversal Path on PHP file

Uncontrolled Search Path Element vulnerability in Pandora FMS on all allows Leveraging/Manipulating Configuration File Search Paths. This vulnerability allows to access the server configuration file and to compromise the database. This issue affects Pandora FMS: from 700 through 773...

CVE-2023-32004

A vulnerability has been discovered in Node.js version 20, specifically within the experimental permission model. This flaw relates to improper handling of Buffers in file system APIs causing a traversal path to bypass when verifying file permissions. This vulnerability affects all users using th...

CVE-2023-32004

A vulnerability has been discovered in Node.js version 20, specifically within the experimental permission model. This flaw relates to improper handling of Buffers in file system APIs causing a traversal path to bypass when verifying file permissions. This vulnerability affects all users using th...

CVE-2023-32004

A vulnerability has been discovered in Node.js version 20, specifically within the experimental permission model. This flaw relates to improper handling of Buffers in file system APIs causing a traversal path to bypass when verifying file permissions. This vulnerability affects all users using th...

CVE-2023-32004

A vulnerability has been discovered in Node.js version 20, specifically within the experimental permission model. This flaw relates to improper handling of Buffers in file system APIs causing a traversal path to bypass when verifying file permissions. This vulnerability affects all users using th...

CVE-2023-32004

A vulnerability was found in NodeJS. This security issue occurs as improper handling of buffers in file system APIs, causing a traversal path to bypass when verifying file permissions. Mitigation Mitigation for this issue is either not available or the currently available options don't meet the R...

GHSA-M9R4-3FG7-PQM2 PrestaShop path traversal

Impact In the back office, files can be compromised using path traversal by replaying the import file deletion query with a specified file path, using traversal path. Patches 8.1.1 Found by Aleksey Solovev Positive Technologies Workarounds none References none...

CVE-2023-2273 Rapid7 Insight Agent Directory Traversal

Rapid7 Insight Agent token handler versions 3.2.6 and below, suffer from a Directory Traversal vulnerability whereby unsanitized input from a CLI argument flows into io.ioutil.WriteFile, where it is used as a path. This can result in a Path Traversal vulnerability and allow an attacker to write...

CVE-2022-32275

A flaw was found in grafana. This vulnerability occurs when the traversal path is explored, and the authentication system redirects to an internal system page that authenticated users should only access...

CVE-2021-23797

All versions of package http-server-node are vulnerable to Directory Traversal via use of --path-as-is...

SUSE SLED15 / SLES15 Security Update : file-roller (SUSE-SU-2020:1557-1)

This update for file-roller fixes the following issues : CVE-2020-11736: Fixed a directory traversal vulnerability due to improper checking whether a file's parent is an external symlink bsc1169428. CVE-2019-16680: Fixed a path traversal vulnerability which could have allowed an overwriting of a...

SUSE-SU-2020:1557-1 Security update for file-roller

This update for file-roller fixes the following issues: - CVE-2020-11736: Fixed a directory traversal vulnerability due to improper checking whether a file's parent is an external symlink bsc1169428. - CVE-2019-16680: Fixed a path traversal vulnerability which could have allowed an overwriting of...

CVE-2018-14036

Directory Traversal with ../ sequences occurs in AccountsService before 0.6.50 because of an insufficient path check in userchangeiconfileauthorizedcb in user.c...

Joomla! Component joomlacontenteditor 2.0.10 - Multiple Vulnerabilities

Joomla! Component joomlacontenteditor 2.0.10 - Multiple Vulnerabilities www.BugReport.ir AmnPardaz Security Research Team Title: JCE Joomla Extension =2.0.10 Multiple Vulnerabilities Vendor: www.joomlacontenteditor.net Exploit: Available Vulnerable Version: 2.0.10 Image Manager 1.5.7.13, Media...

ewebeditor traversal path vulnerability-vulnerability warning-the black bar safety net

eWebEditor Description: eWebEditor is a WYSIWYG online editor. As the name suggests, is on the network using the WYSIWYG edit mode for editing illustrated articles, news, discussions stickers, circulars, notes and other word processing applications. ewebeditor/adminuploadfile. asp The filter is n...