Multiple directory traversal vulnerabilities in TerraMaster TOS <= 4.2.06 allow remote authenticated attackers to read, edit or delete any file within the filesystem via the (1) filename parameter to /tos/index.php?editor/fileGet, Event parameter to /include/ajax/logtable.php, or opt parameter to /include/core/index.php.
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA) AgentDaServlet has directory traversal vulnerabilities at the "/api/appInternals/1.0/agent/da/pcf" API. The affected endpoint does not have any validation of the user's input that allows a malicious payload to be injected.
Directory traversal vulnerability in index.php in Shop-Script 2.0 and possibly other versions allows remote attackers to read arbitrary files via a .. (dot dot) in the aux_page parameter.
Vulnerability in Easy2map-photos WordPress Plugin v1.09 MapPinImageUpload.php and MapPinIconSave.php allows path traversal when specifying file names creating files outside of the upload directory.
HwPCAssistant has a Improper Input Validation vulnerability.Successful exploitation of this vulnerability may create any file with the system app permission.
Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to path traversal which allows copying of files from one directory to another.
The unzip function in ZipUtil.java in Hutool before 4.1.12 allows remote attackers to overwrite arbitrary files via directory traversal sequences in a filename within a ZIP archive.
Directory traversal vulnerability in PostNuke 0.723 and earlier allows remote attackers to include arbitrary files named theme.php via the theme parameter to index.php.
An issue was discovered in zzcms 8.3. It allows remote attackers to delete arbitrary files via directory traversal sequences in the flv parameter. This can be leveraged for database access by deleting install.lock.
An issue was discovered in SeaCMS through 6.61. adm1n/admin_database.php allows remote attackers to delete arbitrary files via directory traversal sequences in the bakfiles parameter. This can allow the product to be reinstalled by deleting install_lock.txt.
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system contains an Arbitrary File Deletion vulnerability that possibly allows to delete an arbitrary file or directory under a user controlled path.
Dino before 0.1.2 and 0.2.x before 0.2.1 allows Directory Traversal (only for creation of new files) via URI-encoded path separators.
SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Starting version 1.3.0 and prior to version 1.3.3, a check was added if the destination file is under destination directory. However, it is not enforced that `destDir` ends with slash. If the `destDir` is not slash terminated like `/home/user/dir` it is possible to create a file with a name thats begins with the destination directory, i.e. `/home/user/dir.sh`. Because of the file name and destination directory constraints, the arbitrary file creation impact is limited and depends on the use case. Version 1.3.3 contains a patch for this vulnerability.
S3Scanner before 2.0.2 allows Directory Traversal via a crafted bucket, as demonstrated by a <Key>../ substring in a ListBucketResult element.
MapServer before 7.0.8, 7.1.x and 7.2.x before 7.2.3, 7.3.x and 7.4.x before 7.4.5, and 7.5.x and 7.6.x before 7.6.3 does not properly enforce the MS_MAP_NO_PATH and MS_MAP_PATTERN restrictions that are intended to control the locations from which a mapfile may be loaded (with MapServer CGI).
Directory traversal vulnerability in KeyFocus web server 1.0.8 allows remote attackers to read arbitrary files for recognized MIME type files via "...", "....", ".....", and other multiple dot sequences.
SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Starting version 1.0.0 and prior to version 1.3.3, a check was added if the destination file is under a destination directory. However, it is not enforced that `_baseDirectory` ends with slash. If the _baseDirectory is not slash terminated like `/home/user/dir` it is possible to create a file with a name thats begins as the destination directory one level up from the directory, i.e. `/home/user/dir.sh`. Because of the file name and destination directory constraints, the arbitrary file creation impact is limited and depends on the use case. Version 1.3.3 fixed this vulnerability.
In Django 2.2 before 2.2.18, 3.0 before 3.0.12, and 3.1 before 3.1.6, the django.utils.archive.extract method (used by "startapp --template" and "startproject --template") allows directory traversal via an archive with absolute paths or relative paths with dot segments.
An attacker could utilize a function in MDT AutoSave versions prior to v6.02.06 that permits changing a designated path to another path and traversing the directory, allowing the replacement of an existing file with a malicious file.
Directory traversal vulnerability in pWins Webserver 0.2.5 and earlier allows remote attackers to read arbitrary files via Unicode characters.
Directory traversal vulnerability in Sapio Design Ltd. WebReflex 1.53 allows remote attackers to read arbitrary files via a .. in an HTTP request.
Directory traversal in the Drobo Pix web application on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to upload files to arbitrary locations.
Directory traversal vulnerability in the Kunani ODBC FTP Server 1.0.10 allows remote attackers to read arbitrary files via a "..\" (dot dot backslash) in a GET request.
The ODE process deployment web service was sensible to deployment messages with forged names. Using a path for the name was allowing directory traversal, resulting in the potential writing of files under unwanted locations, the overwriting of existing files or their deletion. This issue was addressed in Apache ODE 1.3.3 which was released in 2009, however the incorrect name CVE-2008-2370 was used on the advisory by mistake.
Directory traversal vulnerability in includes/MapPinImageSave.php in the Easy2Map plugin before 1.2.5 for WordPress allows remote attackers to create arbitrary files via a .. (dot dot) in the map_id parameter.
CMS Made Simple (CMSMS) through 2.2.7 contains an arbitrary file deletion vulnerability in the admin dashboard via directory traversal sequences in the val parameter within a cmd=del request, because code under modules\FilePicker does not restrict the val parameter.
Square Retrofit version versions from (including) 2.0 and 2.5.0 (excluding) contains a Directory Traversal vulnerability in RequestBuilder class, method addPathParameter that can result in By manipulating the URL an attacker could add or delete resources otherwise unavailable to her.. This attack appear to be exploitable via An attacker should have access to an encoded path parameter on POST, PUT or DELETE request.. This vulnerability appears to have been fixed in 2.5.0 and later.
MODX Revolution version <=2.6.4 contains a Directory Traversal vulnerability in /core/model/modx/modmanagerrequest.class.php that can result in remove files. This attack appear to be exploitable via web request via security/login processor. This vulnerability appears to have been fixed in pull 13980.
Directory traversal issues in the D-Mod extractor in DFArc and DFArc2 (as well as in RTsoft's Dink Smallwood HD / ProtonSDK version) before 3.14 allow an attacker to overwrite arbitrary files on the user's system.
Directory traversal vulnerability in the AJAX function of Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote attackers to read arbitrary files via unspecified vectors.
Directory traversal vulnerability in WebProxy version 1.7.8 allows an attacker to read arbitrary files via unspecified vectors.
Directory traversal vulnerability in Cybozu Mailwise 5.0.0 to 5.4.5 allows remote attackers to delete arbitrary files via unspecified vectors.
perl-archive-zip is vulnerable to a directory traversal in Archive::Zip. It was found that the Archive::Zip module did not properly sanitize paths while extracting zip files. An attacker able to provide a specially crafted archive for processing could use this flaw to write or overwrite arbitrary files in the context of the perl interpreter.
Directory traversal vulnerability in FileZen V3.0.0 to V4.2.1 allows remote attackers to upload an arbitrary file in the specific directory in FileZen via unspecified vectors.
Directory traversal vulnerability in the fileserver upload/download functionality for blob messages in Apache ActiveMQ 5.x before 5.11.2 for Windows allows remote attackers to create JSP files in arbitrary directories via unspecified vectors.
The File Repository Server (FRS) CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to write to arbitrary files via a full pathname, aka SAP Note 2018681.
cabextract before 1.6 does not properly check for leading slashes when extracting files, which allows remote attackers to conduct absolute directory traversal attacks via a malformed UTF-8 character that is changed to a UTF-8 encoded slash.
Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 allows remote attackers to delete arbitrary files via HTTP requests.
Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 allows remote attackers to delete arbitrary files via Keitai Screen.
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to write arbitrary files via unspecified vectors.
A relative path traversal vulnerability has been reported to affect QNAP NAS running QTS and QuTS hero. If exploited, this vulnerability allows attackers to modify files that impact system integrity. QNAP have already fixed this vulnerability in the following versions: QTS 4.5.2.1630 Build 20210406 and later QTS 4.3.6.1663 Build 20210504 and later QTS 4.3.3.1624 Build 20210416 and later QuTS hero h4.5.2.1638 Build 20210414 and later QNAP NAS running QTS 4.5.3 are not affected.
In Ruby through 3.0 on Windows, a remote attacker can submit a crafted path when a Web application handles a parameter with TmpDir.
Multiple directory traversal vulnerabilities in pax 1:20140703 allow remote attackers to write to arbitrary files via a (1) full pathname or (2) .. (dot dot) in an archive.
Multiple directory traversal vulnerabilities in pigz 2.3.1 allow remote attackers to write to arbitrary files via a (1) full pathname or (2) .. (dot dot) in an archive.
Directory traversal vulnerability in pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress allows remote attackers to write to arbitrary files via a .. (dot dot) in the q parameter.
Absolute path traversal vulnerability in kgb 1.0b4 allows remote attackers to write to arbitrary files via a full pathname in a crafted archive.
Directory traversal vulnerability in the Speed Root Explorer application before 3.2 for Android and the Speed Explorer application before 2.2 for Android allows remote attackers to write to arbitrary files via a crafted filename.
Fiyo CMS v2.0.7 has an arbitrary file delete vulnerability in dapur/apps/app_config/controller/backuper.php via directory traversal in the file parameter during an act=db action.
Directory traversal vulnerability in uupdate in devscripts 2.14.1 allows remote attackers to modify arbitrary files via a crafted .orig.tar file, related to a symlink.
This affects all versions of package github.com/u-root/u-root/pkg/tarutil. It is vulnerable to both leading and non-leading relative path traversal attacks in tar file extraction.