Search Results (9714 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-9234 1 D-link 2 Dcs-2103 Hd Cube Network Camera, Dcs-2103 Hd Cube Network Camera Firmware 2025-04-12 N/A
Directory traversal vulnerability in cgi-bin/sddownload.cgi in D-link IP camera DCS-2103 with firmware 1.0.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
CVE-2014-9238 1 D-link 2 Dcs-2103 Hd Cube Network Camera, Dcs-2103 Hd Cube Network Camera Firmware 2025-04-12 N/A
D-link IP camera DCS-2103 with firmware 1.0.0 allows remote attackers to obtain the installation path via the file parameter to cgi-bin/sddownload.cgi, as demonstrated by a / (forward slash) character.
CVE-2014-9261 1 Codologic 1 Codoforum 2025-04-12 N/A
The sanitize function in Codoforum 2.5.1 does not properly implement filtering for directory traversal sequences, which allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter to index.php.
CVE-2014-9282 1 Speed Software 2 Explorer, Root Explorer 2025-04-12 N/A
Directory traversal vulnerability in the Speed Root Explorer application before 3.2 for Android and the Speed Explorer application before 2.2 for Android allows remote attackers to write to arbitrary files via a crafted filename.
CVE-2015-0779 1 Novell 1 Zenworks Configuration Management 2025-04-12 N/A
Directory traversal vulnerability in UploadServlet in Novell ZENworks Configuration Management (ZCM) 10 and 11 before 11.3.2 allows remote attackers to execute arbitrary code via a crafted directory name in the uid parameter, in conjunction with a WAR filename in the filename parameter and WAR content in the POST data, a different vulnerability than CVE-2010-5323 and CVE-2010-5324.
CVE-2015-0867 1 Synck Graphica 1 Download Log Cgi 2025-04-12 N/A
Directory traversal vulnerability in SYNCK GRAPHICA Download Log CGI 3.0 and earlier allows remote attackers to read arbitrary files via a crafted filename.
CVE-2019-25073 1 Goa.design 1 Goa 2025-04-11 7.5 High
Improper path sanitization in github.com/goadesign/goa before v3.0.9, v2.0.10, or v1.4.3 allow remote attackers to read files outside of the intended directory.
CVE-2018-25046 1 Cloudfoundry 1 Archiver 2025-04-11 9.1 Critical
Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory.
CVE-2024-57549 1 Cmsimple 1 Cmsimple 2025-04-11 7.5 High
CMSimple 5.16 allows the user to read cms source code through manipulation of the file name in the file parameter of a GET request.
CVE-2022-44564 1 Huawei 2 Aslan-al10, Aslan-al10 Firmware 2025-04-11 7.8 High
Huawei Aslan Children's Watch has a path traversal vulnerability. Successful exploitation may allow attackers to access or modify protected system resources.
CVE-2020-36566 1 Tar-utils Project 1 Tar-utils 2025-04-11 9.1 Critical
Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory.
CVE-2020-36561 1 Unzip Project 1 Unzip 2025-04-11 9.1 Critical
Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory.
CVE-2020-36560 1 Go-unzip Project 1 Go-unzip 2025-04-11 9.1 Critical
Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory.
CVE-2020-36559 1 Aahframework 1 Aah 2025-04-11 7.5 High
Due to improper sanitization of user input, HTTPEngine.Handle allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read.
CVE-2024-37231 1 Salonbookingsystem 1 Salon Booking System 2025-04-11 8.6 High
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Salon Booking System Salon booking system allows File Manipulation.This issue affects Salon booking system: from n/a through 9.9.
CVE-2023-35947 1 Gradle 1 Gradle 2025-04-11 6.9 Medium
Gradle is a build tool with a focus on build automation and support for multi-language development. In affected versions when unpacking Tar archives, Gradle did not check that files could be written outside of the unpack location. This could lead to important files being overwritten anywhere the Gradle process has write permissions. For a build reading Tar entries from a Tar archive, this issue could allow Gradle to disclose information from sensitive files through an arbitrary file read. To exploit this behavior, an attacker needs to either control the source of an archive already used by the build or modify the build to interact with a malicious archive. It is unlikely that this would go unnoticed. A fix has been released in Gradle 7.6.2 and 8.2 to protect against this vulnerability. Starting from these versions, Gradle will refuse to handle Tar archives which contain path traversal elements in a Tar entry name. Users are advised to upgrade. There are no known workarounds for this vulnerability. ### Impact This is a path traversal vulnerability when Gradle deals with Tar archives, often referenced as TarSlip, a variant of ZipSlip. * When unpacking Tar archives, Gradle did not check that files could be written outside of the unpack location. This could lead to important files being overwritten anywhere the Gradle process has write permissions. * For a build reading Tar entries from a Tar archive, this issue could allow Gradle to disclose information from sensitive files through an arbitrary file read. To exploit this behavior, an attacker needs to either control the source of an archive already used by the build or modify the build to interact with a malicious archive. It is unlikely that this would go unnoticed. Gradle uses Tar archives for its [Build Cache](https://docs.gradle.org/current/userguide/build_cache.html). These archives are safe when created by Gradle. But if an attacker had control of a remote build cache server, they could inject malicious build cache entries that leverage this vulnerability. This attack vector could also be exploited if a man-in-the-middle can be performed between the remote cache and the build. ### Patches A fix has been released in Gradle 7.6.2 and 8.2 to protect against this vulnerability. Starting from these versions, Gradle will refuse to handle Tar archives which contain path traversal elements in a Tar entry name. It is recommended that users upgrade to a patched version. ### Workarounds There is no workaround. * If your build deals with Tar archives that you do not fully trust, you need to inspect them to confirm they do not attempt to leverage this vulnerability. * If you use the Gradle remote build cache, make sure only trusted parties have write access to it and that connections to the remote cache are properly secured. ### References * [CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')](https://cwe.mitre.org/data/definitions/22.html) * [Gradle Build Cache](https://docs.gradle.org/current/userguide/build_cache.html) * [ZipSlip](https://security.snyk.io/research/zip-slip-vulnerability)
CVE-2010-1173 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Enterprise Mrg 2025-04-11 N/A
The sctp_process_unk_param function in net/sctp/sm_make_chunk.c in the Linux kernel 2.6.33.3 and earlier, when SCTP is enabled, allows remote attackers to cause a denial of service (system crash) via an SCTPChunkInit packet containing multiple invalid parameters that require a large amount of error data.
CVE-2011-1688 1 Bestpractical 1 Rt 2025-04-11 N/A
Directory traversal vulnerability in Best Practical Solutions RT 3.2.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allows remote attackers to read arbitrary files via a crafted HTTP request.
CVE-2012-4957 1 Novell 1 File Reporter 2025-04-11 N/A
Absolute path traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to read arbitrary files via a /FSF/CMD request with a full pathname in a PATH element of an SRS record.
CVE-2009-2693 2 Apache, Redhat 5 Tomcat, Certificate System, Enterprise Linux and 2 more 2025-04-11 N/A
Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.