Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER.
Max CVSS
7.5
EPSS Score
0.49%
Published
2016-12-09
Updated
2023-02-13
Directory traversal vulnerability in GNU Mailman before 2.1.20, when not using a static alias, allows remote attackers to execute arbitrary files via a .. (dot dot) in a list name.
Max CVSS
7.6
EPSS Score
3.06%
Published
2015-04-13
Updated
2016-12-24
A Directory Traversal vulnerability exists in the GNU patch before 2.7.4. A remote attacker can write to arbitrary files via a symlink attack in a patch file. NOTE: this issue exists because of an incomplete fix for CVE-2015-1196.
Max CVSS
7.5
EPSS Score
2.83%
Published
2019-11-25
Updated
2020-02-17
Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. (dot dot) in a diff file name.
Max CVSS
7.8
EPSS Score
0.29%
Published
2017-08-25
Updated
2017-08-30

CVE-2014-4877

Public exploit
Absolute path traversal vulnerability in GNU Wget before 1.16, when recursion is enabled, allows remote FTP servers to write to arbitrary files, and consequently execute arbitrary code, via a LIST response that references the same filename within two entries, one of which indicates that the filename is for a symlink.
Max CVSS
9.3
EPSS Score
7.82%
Published
2014-10-29
Updated
2017-02-17
5 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!