Search
Total
502 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-31528 | 1 Bonn Activity Maps Annotation Tool Project | 1 Bonn Activity Maps Annotation Tool | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The bonn-activity-maps/bam_annotation_tool repository through 2021-08-31 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31527 | 1 Flask-file-server Project | 1 Flask-file-server | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The Wildog/flask-file-server repository through 2020-02-20 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-25046 | 1 Control-webpanel | 1 Webpanel | 2022-07-14 | 10.0 HIGH | 9.8 CRITICAL |
| A path traversal vulnerability in loader.php of CWP v0.9.8.1122 allows attackers to execute arbitrary code via a crafted POST request. | |||||
| CVE-2022-31836 | 1 Beego | 1 Beego | 2022-07-14 | 7.5 HIGH | 9.8 CRITICAL |
| The leafInfo.match() function in Beego v2.0.3 and below uses path.join() to deal with wildcardvalues which can lead to cross directory risk. | |||||
| CVE-2020-19305 | 1 Metinfo | 1 Metinfo | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| An issue in /app/system/column/admin/index.class.php of Metinfo v7.0.0 causes the indeximg parameter to be deleted when the column is deleted, allowing attackers to escalate privileges. | |||||
| CVE-2021-23427 | 1 Elfinder.netcore Project | 1 Elfinder.netcore | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| This affects all versions of package elFinder.NetCore. The ExtractAsync function within the FileSystem is vulnerable to arbitrary extraction due to insufficient validation. | |||||
| CVE-2020-20907 | 2 Metinfo, Microsoft | 2 Metinfo, Windows | 2022-07-12 | 6.4 MEDIUM | 9.1 CRITICAL |
| MetInfo 7.0 beta is affected by a file modification vulnerability. Attackers can delete and modify ini files in app/system/language/admin/language_general.class.php and app/system/include/function/file.func.php. | |||||
| CVE-2021-35958 | 1 Google | 1 Tensorflow | 2022-07-12 | 6.4 MEDIUM | 9.1 CRITICAL |
| ** DISPUTED ** TensorFlow through 2.5.0 allows attackers to overwrite arbitrary files via a crafted archive when tf.keras.utils.get_file is used with extract=True. NOTE: the vendor's position is that tf.keras.utils.get_file is not intended for untrusted archives. | |||||
| CVE-2020-20944 | 1 Qibosoft | 1 Qibosoft | 2022-07-12 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue in /admin/index.php?lfj=mysql&action=del of Qibosoft v7 allows attackers to arbitrarily delete files. | |||||
| CVE-2021-45015 | 1 Taogogo | 1 Taocms | 2022-07-12 | 6.4 MEDIUM | 9.1 CRITICAL |
| taocms 3.0.2 is vulnerable to arbitrary file deletion via taocms\include\Model\file.php from line 60 to line 72. | |||||
| CVE-2021-20034 | 1 Sonicwall | 9 Sma 200, Sma 200 Firmware, Sma 210 and 6 more | 2022-07-08 | 6.4 MEDIUM | 9.1 CRITICAL |
| An improper access control vulnerability in SMA100 allows a remote unauthenticated attacker to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings. | |||||
| CVE-2022-1953 | 1 Product Configurator For Woocommerce Project | 1 Product Configurator For Woocommerce | 2022-07-06 | 6.4 MEDIUM | 9.1 CRITICAL |
| The Product Configurator for WooCommerce WordPress plugin before 1.2.32 suffers from an arbitrary file deletion vulnerability via an AJAX action, accessible to unauthenticated users, which accepts user input that is being used in a path and passed to unlink() without validation first | |||||
| CVE-2022-30117 | 1 Concretecms | 1 Concrete Cms | 2022-07-05 | 6.4 MEDIUM | 9.1 CRITICAL |
| Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 allow traversal in /index.php/ccm/system/file/upload which could result in an Arbitrary File Delete exploit. This was remediated by sanitizing /index.php/ccm/system/file/upload to ensure Concrete doesn’t allow traversal and by changing isFullChunkFilePresent to have an early false return when input doesn't match expectations.Concrete CMS Security team ranked this 5.8 with CVSS v3.1 vector AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H. Credit to Siebene for reporting. | |||||
| CVE-2022-2120 | 1 Offis | 1 Dcmtk | 2022-07-05 | 7.5 HIGH | 9.8 CRITICAL |
| OFFIS DCMTK's (All versions prior to 3.6.7) service class user (SCU) is vulnerable to relative path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled names. This could allow remote code execution. | |||||
| CVE-2022-2119 | 1 Offis | 1 Dcmtk | 2022-07-05 | 7.5 HIGH | 9.8 CRITICAL |
| OFFIS DCMTK's (All versions prior to 3.6.7) service class provider (SCP) is vulnerable to path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled names. This could allow remote code execution. | |||||
| CVE-2022-1518 | 1 Illumina | 8 Iseq 100, Local Run Manager, Miniseq and 5 more | 2022-07-01 | 7.5 HIGH | 9.8 CRITICAL |
| LRM contains a directory traversal vulnerability that can allow a malicious actor to upload outside the intended directory structure. | |||||
| CVE-2022-29774 | 1 Ispyconnect | 1 Ispy | 2022-07-01 | 7.5 HIGH | 9.8 CRITICAL |
| iSpy v7.2.2.0 is vulnerable to remote command execution via path traversal. | |||||
| CVE-2022-26960 | 1 Std42 | 1 Elfinder | 2022-06-30 | 5.8 MEDIUM | 9.1 CRITICAL |
| connector.minimal.php in std42 elFinder through 2.1.60 is affected by path traversal. This allows unauthenticated remote attackers to read, write, and browse files outside the configured document root. This is due to improper handling of absolute file paths. | |||||
| CVE-2019-9948 | 6 Canonical, Debian, Fedoraproject and 3 more | 11 Ubuntu Linux, Debian Linux, Fedora and 8 more | 2022-06-30 | 6.4 MEDIUM | 9.1 CRITICAL |
| urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call. | |||||
| CVE-2014-4650 | 2 Python, Redhat | 3 Python, Enterprise Linux, Software Collections | 2022-06-27 | 7.5 HIGH | 9.8 CRITICAL |
| The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demonstrated by a %2f separator. | |||||
| CVE-2021-3907 | 2 Cloudflare, Debian | 2 Octorpki, Debian Linux | 2022-06-23 | 7.5 HIGH | 9.8 CRITICAL |
| OctoRPKI does not escape a URI with a filename containing "..", this allows a repository to create a file, (ex. rsync://example.org/repo/../../etc/cron.daily/evil.roa), which would then be written to disk outside the base cache folder. This could allow for remote code execution on the host machine OctoRPKI is running on. | |||||
| CVE-2022-24278 | 1 Convert-svg Project | 1 Convert-svg | 2022-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| The package convert-svg-core before 0.6.4 are vulnerable to Directory Traversal due to improper sanitization of SVG tags. Exploiting this vulnerability is possible by using a specially crafted SVG file. | |||||
| CVE-2022-24840 | 1 Django-s3file Project | 1 Django-s3file | 2022-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| django-s3file is a lightweight file upload input for Django and Amazon S3 . In versions prior to 5.5.1 it was possible to traverse the entire AWS S3 bucket and in most cases to access or delete files. If the `AWS_LOCATION` setting was set, traversal was limited to that location only. The issue was discovered by the maintainer. There were no reports of the vulnerability being known to or exploited by a third party, prior to the release of the patch. The vulnerability has been fixed in version 5.5.1 and above. There is no feasible workaround. We must urge all users to immediately updated to a patched version. | |||||
| CVE-2022-1992 | 2 Gogs, Microsoft | 2 Gogs, Windows | 2022-06-15 | 6.4 MEDIUM | 9.1 CRITICAL |
| Path Traversal in GitHub repository gogs/gogs prior to 0.12.9. | |||||
| CVE-2020-27304 | 2 Civetweb Project, Siemens | 2 Civetweb, Sinec Infrastructure Network Services | 2022-06-14 | 7.5 HIGH | 9.8 CRITICAL |
| The CivetWeb web library does not validate uploaded filepaths when running on an OS other than Windows, when using the built-in HTTP form-based file upload mechanism, via the mg_handle_form_request API. Web applications that use the file upload form handler, and use parts of the user-controlled filename in the output path, are susceptible to directory traversal | |||||
| CVE-2022-28945 | 1 Webbank | 1 Webcube | 2022-06-13 | 7.5 HIGH | 9.8 CRITICAL |
| An issue in Webbank WeCube v3.2.2 allows attackers to execute a directory traversal via a crafted ZIP file. | |||||
| CVE-2022-32270 | 1 Realnetworks | 1 Realplayer | 2022-06-12 | 7.5 HIGH | 9.8 CRITICAL |
| In Real Player 20.0.7.309 and 20.0.8.310, external::Import() allows download of arbitrary file types and Directory Traversal, leading to Remote Code Execution. This occurs because it is possible to plant executables in the startup folder (DLL planting could also occur). | |||||
| CVE-2021-42013 | 4 Apache, Fedoraproject, Netapp and 1 more | 5 Http Server, Fedora, Cloud Backup and 2 more | 2022-06-09 | 7.5 HIGH | 9.8 CRITICAL |
| It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue only affects Apache 2.4.49 and Apache 2.4.50 and not earlier versions. | |||||
| CVE-2022-1664 | 1 Debian | 2 Debian Linux, Dpkg | 2022-06-07 | 7.5 HIGH | 9.8 CRITICAL |
| Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs. | |||||
| CVE-2020-6142 | 1 Os4ed | 1 Opensis | 2022-05-31 | 7.5 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability exists in the Modules.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can cause local file inclusion. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2022-24830 | 1 Openclinica | 1 Openclinica | 2022-05-24 | 7.5 HIGH | 9.8 CRITICAL |
| OpenClinica is an open source software for Electronic Data Capture (EDC) and Clinical Data Management (CDM). OpenClinica prior to version 3.16 is vulnerable to path traversal in multiple endpoints, leading to arbitrary file read/write, and potential remote code execution. There are no known workarounds. This issue has been patched and users are recommended to upgrade. | |||||
| CVE-2022-23166 | 1 Sysaid | 1 Sysaid | 2022-05-23 | 10.0 HIGH | 9.8 CRITICAL |
| Sysaid – Sysaid Local File Inclusion (LFI) – An unauthenticated attacker can access to the system by accessing to "/lib/tinymce/examples/index.html" path. in the "Insert/Edit Embedded Media" window Choose Type : iFrame and File/URL : [here is the LFI] Solution: Update to 22.2.20 cloud version, or to 22.1.64 on premise version. | |||||
| CVE-2022-25591 | 1 Blogengine | 1 Blogengine.net | 2022-05-23 | 6.4 MEDIUM | 9.1 CRITICAL |
| BlogEngine.NET v3.3.8.0 was discovered to contain an arbitrary file deletion vulnerability which allows attackers to delete files within the web server root directory via a crafted HTTP request. | |||||
| CVE-2022-29596 | 1 Microstrategy | 1 Enterprise Manager | 2022-05-20 | 7.5 HIGH | 9.8 CRITICAL |
| MicroStrategy Enterprise Manager 2022 allows authentication bypass by triggering a login failure and then entering the Uid=/../../../../../../../../../../../windows/win.ini%00.jpg&Pwd=_any_password_&ConnMode=1&3054=Login substring for directory traversal. | |||||
| CVE-2021-40358 | 1 Siemens | 2 Simatic Pcs 7, Simatic Wincc | 2022-05-20 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3 UC04), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1), SIMATIC WinCC V15 and earlier (All versions < V15 SP1 Update 7), SIMATIC WinCC V16 (All versions < V16 Update 5), SIMATIC WinCC V17 (All versions < V17 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 19), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 5). Legitimate file operations on the web server of the affected systems do not properly neutralize special elements within the pathname. An attacker could then cause the pathname to resolve to a location outside of the restricted directory on the server and read, write or delete unexpected critical files. | |||||
| CVE-2018-20525 | 1 Roxyfileman | 1 Roxy Fileman | 2022-05-13 | 6.4 MEDIUM | 9.1 CRITICAL |
| Roxy Fileman 1.4.5 allows Directory Traversal in copydir.php, copyfile.php, and fileslist.php. | |||||
| CVE-2020-6109 | 1 Zoom | 1 Zoom | 2022-05-12 | 7.5 HIGH | 9.8 CRITICAL |
| An exploitable path traversal vulnerability exists in the Zoom client, version 4.6.10 processes messages including animated GIFs. A specially crafted chat message can cause an arbitrary file write, which could potentially be abused to achieve arbitrary code execution. An attacker needs to send a specially crafted message to a target user or a group to exploit this vulnerability. | |||||
| CVE-2022-25842 | 1 Alibabagroup | 1 One-java-agent | 2022-05-11 | 7.5 HIGH | 9.8 CRITICAL |
| All versions of package com.alibaba.oneagent:one-java-agent-plugin are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) using a specially crafted archive that holds directory traversal filenames (e.g. ../../evil.exe). The attacker can overwrite executable files and either invoke them remotely or wait for the system or user to call them, thus achieving remote command execution on the victim’s machine. | |||||
| CVE-2022-29806 | 1 Zoneminder | 1 Zoneminder | 2022-05-06 | 7.5 HIGH | 9.8 CRITICAL |
| ZoneMinder before 1.36.13 allows remote code execution via an invalid language. Ability to create a debug log file at an arbitrary pathname contributes to exploitability. | |||||
| CVE-2022-1391 | 1 Kanev | 1 Cab Fare Calculator | 2022-05-05 | 7.5 HIGH | 9.8 CRITICAL |
| The Cab fare calculator WordPress plugin through 1.0.3 does not validate the controller parameter before using it in require statements, which could lead to Local File Inclusion issues. | |||||
| CVE-2022-1390 | 1 Admin Word Count Column Project | 1 Admin Word Count Column | 2022-05-04 | 7.5 HIGH | 9.8 CRITICAL |
| The Admin Word Count Column WordPress plugin through 2.2 does not validate the path parameter given to readfile(), which could allow unauthenticated attackers to read arbitrary files on server running old version of PHP susceptible to the null byte technique. This could also lead to RCE by using a Phar Deserialization technique | |||||
| CVE-2021-42767 | 1 Neo4j | 1 Awesome Procedures | 2022-05-01 | 6.4 MEDIUM | 9.1 CRITICAL |
| A directory traversal vulnerability in the apoc plugins in Neo4J Graph database before 4.4.0.1 allows attackers to read local files, and sometimes create local files. This is fixed in 3.5.17, 4.2.10, 4.3.0.4, and 4.4.0.1. | |||||
| CVE-2021-21894 | 1 Lantronix | 2 Premierwave 2050, Premierwave 2050 Firmware | 2022-04-28 | 6.5 MEDIUM | 9.1 CRITICAL |
| A directory traversal vulnerability exists in the Web Manager FsTFtp functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to arbitrary file overwrite FsTFtp file disclosure. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2021-43290 | 1 Thoughtworks | 1 Gocd | 2022-04-26 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker who has compromised a GoCD agent can upload a malicious file into a directory of a GoCD server. They can control the filename but the directory is placed inside of a directory that they can't control. | |||||
| CVE-2021-20090 | 1 Buffalo | 4 Wsr-2533dhp3-bk, Wsr-2533dhp3-bk Firmware, Wsr-2533dhpl2-bk and 1 more | 2022-04-26 | 7.5 HIGH | 9.8 CRITICAL |
| A path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 could allow unauthenticated remote attackers to bypass authentication. | |||||
| CVE-2021-26619 | 2 Bigfile, Microsoft | 2 Bigfileagent, Windows | 2022-02-28 | 6.4 MEDIUM | 9.1 CRITICAL |
| An path traversal vulnerability leading to delete arbitrary files was discovered in BigFileAgent. Remote attackers can use this vulnerability to delete arbitrary files of unspecified number of users. | |||||
| CVE-2022-24977 | 1 Impresscms | 1 Impresscms | 2022-02-24 | 7.5 HIGH | 9.8 CRITICAL |
| ImpressCMS before 1.4.2 allows unauthenticated remote code execution via ...../// directory traversal in origName or imageName, leading to unsafe interaction with the CKEditor processImage.php script. The payload may be placed in PHP_SESSION_UPLOAD_PROGRESS when the PHP installation supports upload_progress. | |||||
| CVE-2020-14523 | 1 Mitsubishielectric | 25 Cw Configurator, Fr Configurator2, Gx Works2 and 22 more | 2022-02-19 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple Mitsubishi Electric Factory Automation products have a vulnerability that allows an attacker to execute arbitrary code. | |||||
| CVE-2022-24312 | 1 Schneider-electric | 1 Interactive Graphical Scada System Data Server | 2022-02-17 | 7.5 HIGH | 9.8 CRITICAL |
| A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause modification of an existing file by adding at end of file or create a new file in the context of the Data Server potentially leading to remote code execution when an attacker sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior) | |||||
| CVE-2022-24311 | 1 Schneider-electric | 1 Interactive Graphical Scada System Data Server | 2022-02-17 | 7.5 HIGH | 9.8 CRITICAL |
| A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause modification of an existing file by inserting at beginning of file or create a new file in the context of the Data Server potentially leading to remote code execution when an attacker sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior) | |||||