2020

CVE-2020-12764 (v3: 5.3) 9 May 2020
Gnuteca 3.8 allows file.php?folder=/&file= Directory Traversal.

2019

2018

2017

2016

CVE-2016-6321 (v3: 7.5) 9 Dec 2016
Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER.

2015

CVE-2015-1396 (v3: 7.5) 25 Nov 2019
A Directory Traversal vulnerability exists in the GNU patch before 2.7.4. A remote attacker can write to arbitrary files via a symlink attack in a patch file. NOTE: this issue exists because of an incomplete fix for CVE-2015-1196.

2014

CVE-2014-4877 (v2: 9.3) 29 Oct 2014
Absolute path traversal vulnerability in GNU Wget before 1.16, when recursion is enabled, allows remote FTP servers to write to arbitrary files, and consequently execute arbitrary code, via a LIST response that references the same filename within two entries, one of which indicates that the filename is for a symlink.
CVE-2014-0475 (v2: 6.8) 29 Jul 2014
Multiple directory traversal vulnerabilities in GNU C Library (aka glibc or libc6) before 2.20 allow context-dependent attackers to bypass ForceCommand restrictions and possibly have other unspecified impact via a .. (dot dot) in a (1) LC_*, (2) LANG, or other locale environment variable.

2013

2012

2011