Search
Total
1401 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-20769 | 1 Xerox | 58 Workcentre 3655, Workcentre 3655 Firmware, Workcentre 3655i and 55 more | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. There is a Local File Inclusion vulnerability. | |||||
| CVE-2020-9708 | 1 Adobe | 1 Git-server | 2020-08-21 | 5.0 MEDIUM | 7.5 HIGH |
| The resolveRepositoryPath function doesn't properly validate user input and a malicious user may traverse to any valid Git repository outside the repoRoot. This issue may lead to unauthorized access of private Git repositories as long as the malicious user knows or brute-forces the location of the repository. | |||||
| CVE-2020-8209 | 1 Citrix | 1 Xenmobile Server | 2020-08-20 | 5.0 MEDIUM | 7.5 HIGH |
| Improper access control in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5 and leads to the ability to read arbitrary files. | |||||
| CVE-2015-1429 | 1 Cybelesoft | 1 Thinfinity Remote Desktop Workstation | 2020-08-19 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in Cybele Software Thinfinity Remote Desktop Workstation 3.0.0.3 32-bit and 64-bit allows remote attackers to download arbitrary files via a .. (dot dot) in an unspecified parameter. | |||||
| CVE-2019-8320 | 1 Rubygems | 1 Rubygems | 2020-08-16 | 8.8 HIGH | 7.4 HIGH |
| A Directory Traversal issue was discovered in RubyGems 2.7.6 and later through 3.0.2. Before making new directories or touching files (which now include path-checking code for symlinks), it would delete the target destination. If that destination was hidden behind a symlink, a malicious gem could delete arbitrary files on the user's machine, presuming the attacker could guess at paths. Given how frequently gem is run as sudo, and how predictable paths are on modern systems (/tmp, /usr, etc.), this could likely lead to data loss or an unusable system. | |||||
| CVE-2020-12499 | 1 Phoenixcontact | 1 Plcnext Engineer | 2020-08-05 | 4.4 MEDIUM | 7.3 HIGH |
| In PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and earlier an improper path sanitation vulnerability exists on import of project files. | |||||
| CVE-2017-7442 | 1 Gonitro | 1 Nitro Pro | 2020-08-04 | 6.8 MEDIUM | 8.8 HIGH |
| Nitro Pro 11.0.3.173 allows remote attackers to execute arbitrary code via saveAs and launchURL calls with directory traversal sequences. | |||||
| CVE-2020-15592 | 2 Microsoft, Riverbed | 2 Windows, Steelcentral Aternity Agent | 2020-07-30 | 5.0 MEDIUM | 7.5 HIGH |
| SteelCentral Aternity Agent before 11.0.0.120 on Windows allows Privilege Escalation via a crafted file. It uses an executable running as a high privileged Windows service to perform administrative tasks and collect data from other processes. It distributes functionality among different processes and uses IPC (Inter-Process Communication) primitives to enable the processes to cooperate. The remotely callable methods from remotable objects available through interprocess communication allow loading of arbitrary plugins (i.e., C# assemblies) from the "%PROGRAMFILES(X86)%/Aternity Information Systems/Assistant/plugins” directory, where the name of the plugin is passed as part of an XML-serialized object. However, because the name of the DLL is concatenated with the “.\plugins” string, a directory traversal vulnerability exists in the way plugins are resolved. | |||||
| CVE-2020-14490 | 1 Openclinic Ga Project | 1 Openclinic Ga | 2020-07-30 | 6.5 MEDIUM | 8.8 HIGH |
| OpenClinic GA 5.09.02 and 5.89.05b includes arbitrary local files specified within its parameter and executes some files, which may allow disclosure of sensitive files or the execution of malicious uploaded files. | |||||
| CVE-2020-15050 | 1 Supremainc | 1 Biostar 2 | 2020-07-27 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the Video Extension in Suprema BioStar 2 before 2.8.2. Remote attackers can read arbitrary files from the server via Directory Traversal. | |||||
| CVE-2020-15908 | 1 Cauldrondevelopment | 1 C\! | 2020-07-27 | 5.0 MEDIUM | 7.5 HIGH |
| tar/TarFileReader.cpp in Cauldron cbang (aka C-Bang or C!) before 1.6.0 allows Directory Traversal during extraction from a TAR archive. | |||||
| CVE-2020-15923 | 1 Midasolutions | 1 Eframework | 2020-07-27 | 7.8 HIGH | 7.5 HIGH |
| Mida eFramework through 2.9.0 allows unauthenticated ../ directory traversal. | |||||
| CVE-2020-7682 | 1 Marked-tree Project | 1 Marked-tree | 2020-07-27 | 5.0 MEDIUM | 7.5 HIGH |
| This affects all versions of package marked-tree. There is no path sanitization in the path provided at fs.readFile in index.js. | |||||
| CVE-2020-7683 | 1 Rollup-plugin-server Project | 1 Rollup-plugin-server | 2020-07-27 | 5.0 MEDIUM | 7.5 HIGH |
| This affects all versions of package rollup-plugin-server. There is no path sanitization in readFile operation performed inside the readFileFromContentBase function. | |||||
| CVE-2020-7686 | 1 Rollup-plugin-dev-server Project | 1 Rollup-plugin-dev-server | 2020-07-27 | 5.0 MEDIUM | 7.5 HIGH |
| This affects all versions of package rollup-plugin-dev-server. There is no path sanitization in readFile operation inside the readFileFromContentBase function. | |||||
| CVE-2020-7687 | 1 Fast-http Project | 1 Fast-http | 2020-07-27 | 5.0 MEDIUM | 7.5 HIGH |
| This affects all versions of package fast-http. There is no path sanitization in the path provided at fs.readFile in index.js. | |||||
| CVE-2020-7681 | 1 Indo-mars | 1 Marscode | 2020-07-27 | 5.0 MEDIUM | 7.5 HIGH |
| This affects all versions of package marscode. There is no path sanitization in the path provided at fs.readFile in index.js. | |||||
| CVE-2020-3381 | 1 Cisco | 5 Isr1100-4g, Isr1100-4gltegb, Isr1100-4gltena and 2 more | 2020-07-23 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability in the web management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct directory traversal attacks and obtain read and write access to sensitive files on a targeted system. The vulnerability is due to a lack of proper validation of files that are uploaded to an affected device. An attacker could exploit this vulnerability by uploading a crafted file to an affected system. An exploit could allow the attacker to view or modify arbitrary files on the targeted system. | |||||
| CVE-2020-8214 | 1 Servey Project | 1 Servey | 2020-07-22 | 5.0 MEDIUM | 7.5 HIGH |
| A path traversal vulnerability in servey version < 3 allows an attacker to read content of any arbitrary file. | |||||
| CVE-2020-15779 | 1 Socket.io-file Project | 1 Socket.io-file | 2020-07-22 | 5.0 MEDIUM | 7.5 HIGH |
| A Path Traversal issue was discovered in the socket.io-file package through 2.0.31 for Node.js. The socket.io-file::createFile message uses path.join with ../ in the name option, and the uploadDir and rename options determine the path. | |||||
| CVE-2020-5764 | 1 Mxplayer | 1 Mx Player | 2020-07-17 | 5.8 MEDIUM | 8.8 HIGH |
| MX Player Android App versions prior to v1.24.5, are vulnerable to a directory traversal vulnerability when user is using the MX Transfer feature in "Receive" mode. An attacker can exploit this by connecting to the MX Transfer session as a "sender" and sending a MessageType of "FILE_LIST" with a "name" field containing directory traversal characters (../). This will result in the file being transferred to the victim's phone, but being saved outside of the intended "/sdcard/MXshare" directory. In some instances, an attacker can achieve remote code execution by writing ".odex" and ".vdex" files in the "oat" directory of the MX Player application. | |||||
| CVE-2020-14461 | 1 Zyxel | 2 Wap6806, Wap6806 Firmware | 2020-07-15 | 5.0 MEDIUM | 8.6 HIGH |
| Zyxel Armor X1 WAP6806 1.00(ABAL.6)C0 devices allow Directory Traversal via the images/eaZy/ URI. | |||||
| CVE-2020-13383 | 1 Os4ed | 1 Opensis | 2020-07-06 | 5.0 MEDIUM | 7.5 HIGH |
| openSIS through 7.4 allows Directory Traversal. | |||||
| CVE-2020-13158 | 1 Articatech | 1 Artica Proxy | 2020-07-01 | 5.0 MEDIUM | 7.5 HIGH |
| Artica Proxy before 4.30.000000 Community Edition allows Directory Traversal via the fw.progrss.details.php popup parameter. | |||||
| CVE-2019-10720 | 1 Blogengine | 1 Blogengine.net | 2020-06-29 | 6.5 MEDIUM | 8.8 HIGH |
| BlogEngine.NET 3.3.7.0 and earlier allows Directory Traversal and Remote Code Execution via the theme cookie to the File Manager. NOTE: this issue exists because of an incomplete fix for CVE-2019-6714. | |||||
| CVE-2018-1000857 | 1 Open-systems | 1 Log-user-session | 2020-06-24 | 9.0 HIGH | 8.8 HIGH |
| log-user-session version 0.7 and earlier contains a Directory Traversal vulnerability in Main SUID-binary /usr/local/bin/log-user-session that can result in User to root privilege escalation. This attack appear to be exploitable via Malicious unprivileged user executes the vulnerable binary/(remote) environment variable manipulation similar shell-shock also possible. | |||||
| CVE-2020-5590 | 1 Ec-cube | 1 Ec-cube | 2020-06-24 | 5.5 MEDIUM | 8.1 HIGH |
| Directory traversal vulnerability in EC-CUBE 3.0.0 to 3.0.18 and 4.0.0 to 4.0.3 allows remote authenticated attackers to delete arbitrary files and/or directories on the server via unspecified vectors. | |||||
| CVE-2020-12003 | 1 Rockwellautomation | 2 Factorytalk Linx, Rslinx Classic | 2020-06-24 | 5.0 MEDIUM | 7.5 HIGH |
| FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable. An exposed API call allows users to provide files to be processed without sanitation. This may allow an attacker to use specially crafted requests to traverse the file system and expose sensitive data on the local hard drive. | |||||
| CVE-2020-12827 | 1 Mjml | 1 Mjml | 2020-06-23 | 6.4 MEDIUM | 7.2 HIGH |
| MJML prior to 4.6.3 contains a path traversal vulnerability when processing the mj-include directive within an MJML document. | |||||
| CVE-2020-7494 | 1 Schneider-electric | 1 Ecostruxure Operator Terminal Expert | 2020-06-19 | 6.8 MEDIUM | 7.8 HIGH |
| A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD) which could cause malicious code execution when opening the project file. | |||||
| CVE-2020-1737 | 1 Redhat | 2 Ansible Engine, Ansible Tower | 2020-06-13 | 4.6 MEDIUM | 7.8 HIGH |
| A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by crafting an archive anywhere in the file system, using a path traversal. This issue is fixed in 2.10. | |||||
| CVE-2017-9846 | 1 Magicwinmail | 1 Winmail Server | 2020-06-11 | 6.5 MEDIUM | 8.8 HIGH |
| Winmail Server 6.1 allows remote code execution by authenticated users who leverage directory traversal in a netdisk.php move_folder_file call to move a .php file from the FTP folder into a web folder. | |||||
| CVE-2020-13836 | 1 Google | 1 Android | 2020-06-07 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. HWRResProvider allows path traversal for data exposure. The Samsung ID is SVE-2020-16954 (June 2020). | |||||
| CVE-2020-5410 | 1 Vmware | 1 Spring Cloud Config | 2020-06-04 | 5.0 MEDIUM | 7.5 HIGH |
| Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead to a directory traversal attack. | |||||
| CVE-2019-0207 | 1 Apache | 1 Tapestry | 2020-05-31 | 5.0 MEDIUM | 7.5 HIGH |
| Tapestry processes assets `/assets/ctx` using classes chain `StaticFilesFilter -> AssetDispatcher -> ContextResource`, which doesn't filter the character `\`, so attacker can perform a path traversal attack to read any files on Windows platform. | |||||
| CVE-2018-14363 | 2 Debian, Neomutt | 2 Debian Linux, Neomutt | 2020-05-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in NeoMutt before 2018-07-16. newsrc.c does not properly restrict '/' characters that may have unsafe interaction with cache pathnames. | |||||
| CVE-2020-12102 | 1 Tiny File Manager Project | 1 Tiny File Manager | 2020-05-18 | 6.8 MEDIUM | 7.7 HIGH |
| In Tiny File Manager 2.4.1, there is a Path Traversal vulnerability in the ajax recursive directory listing functionality. This allows authenticated users to enumerate directories and files on the filesystem (outside of the application scope). | |||||
| CVE-2020-12103 | 1 Tiny File Manager Project | 1 Tiny File Manager | 2020-05-18 | 4.0 MEDIUM | 7.7 HIGH |
| In Tiny File Manager 2.4.1 there is a vulnerability in the ajax file backup copy functionality which allows authenticated users to create backup copies of files (with .bak extension) outside the scope in the same directory in which they are stored. | |||||
| CVE-2020-11531 | 1 Zohocorp | 2 Manageengine Adaudit Plus, Manageengine Datasecurity Plus | 2020-05-18 | 6.5 MEDIUM | 8.8 HIGH |
| The DataEngine Xnode Server application in Zoho ManageEngine DataSecurity Plus prior to 6.0.1 does not validate the database schema name when handling a DR-SCHEMA-SYNC request. This allows an authenticated attacker to execute code in the context of the product by writing a JSP file to the webroot directory via directory traversal. | |||||
| CVE-2020-8982 | 1 Citrix | 1 Sharefile Storagezones Controller | 2020-05-15 | 5.0 MEDIUM | 7.5 HIGH |
| An unauthenticated arbitrary file read issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020. RCE and file access is granted to everything hosted by ShareFile, be it on-premise or inside Citrix Cloud itself (both are internet facing). NOTE: unlike most CVEs, exploitability depends on the product version that was in use when a particular setup step was performed, NOT the product version that is in use during a current assessment of a CVE consumer's product inventory. Specifically, the vulnerability can be exploited if a storage zone was created by one of these product versions: 5.9.0, 5.8.0, 5.7.0, 5.6.0, 5.5.0, or earlier. This CVE differs from CVE-2020-7473 and CVE-2020-8983. | |||||
| CVE-2020-8983 | 1 Citrix | 1 Sharefile Storagezones Controller | 2020-05-15 | 5.0 MEDIUM | 7.5 HIGH |
| An arbitrary file write issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020, which allows remote code execution. RCE and file access is granted to everything hosted by ShareFile, be it on-premise or inside Citrix Cloud itself (both are internet facing). NOTE: unlike most CVEs, exploitability depends on the product version that was in use when a particular setup step was performed, NOT the product version that is in use during a current assessment of a CVE consumer's product inventory. Specifically, the vulnerability can be exploited if a storage zone was created by one of these product versions: 5.9.0, 5.8.0, 5.7.0, 5.6.0, 5.5.0, or earlier. This CVE differs from CVE-2020-7473 and CVE-2020-8982. | |||||
| CVE-2020-7473 | 1 Citrix | 1 Sharefile Storagezones Controller | 2020-05-12 | 5.0 MEDIUM | 7.5 HIGH |
| In certain situations, all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020, allow unauthenticated attackers to access the documents and folders of ShareFile users. NOTE: unlike most CVEs, exploitability depends on the product version that was in use when a particular setup step was performed, NOT the product version that is in use during a current assessment of a CVE consumer's product inventory. Specifically, the vulnerability can be exploited if a storage zone was created by one of these product versions: 5.9.0, 5.8.0, 5.7.0, 5.6.0, 5.5.0, or earlier. This CVE differs from CVE-2020-8982 and CVE-2020-8983 but has essentially the same risk. | |||||
| CVE-2019-18871 | 1 Blaauwproducts | 1 Remote Kiln Control | 2020-05-12 | 6.5 MEDIUM | 8.8 HIGH |
| A path traversal in debug.php accessed via default.php in Blaauw Remote Kiln Control through v3.00r4 allows an authenticated attacker to upload arbitrary files, leading to arbitrary remote code execution. | |||||
| CVE-2018-20058 | 1 Evernote | 1 Evernote | 2020-05-11 | 5.0 MEDIUM | 7.5 HIGH |
| In Evernote before 7.6 on macOS, there is a local file path traversal issue in attachment previewing, aka MACOSNOTE-28634. | |||||
| CVE-2019-10038 | 1 Evernote | 1 Evernote | 2020-05-11 | 4.4 MEDIUM | 7.8 HIGH |
| Evernote 7.9 on macOS allows attackers to execute arbitrary programs by embedding a reference to a local executable file such as the /Applications/Calculator.app/Contents/MacOS/Calculator file. | |||||
| CVE-2020-12447 | 1 Onkyo | 2 Tx-nr585, Tx-nr585 Firmware | 2020-05-11 | 5.0 MEDIUM | 7.5 HIGH |
| A Local File Inclusion (LFI) issue on Onkyo TX-NR585 1000-0000-000-0008-0000 devices allows remote unauthenticated users on the network to read sensitive files via %2e%2e%2f directory traversal, as demonstrated by reading /etc/shadow. | |||||
| CVE-2019-19102 | 1 Br-automation | 1 Automation Studio | 2020-05-08 | 5.0 MEDIUM | 7.5 HIGH |
| A directory traversal vulnerability in SharpZipLib used in the upgrade service in B&R Automation Studio versions 4.0.x, 4.1.x and 4.2.x allow unauthenticated users to write to certain local directories. The vulnerability is also known as zip slip. | |||||
| CVE-2020-12649 | 1 Gurbalib Project | 1 Gurbalib | 2020-05-07 | 5.0 MEDIUM | 7.5 HIGH |
| Gurbalib through 2020-04-30 allows lib/cmds/player/help.c directory traversal for reading administrative paths. | |||||
| CVE-2018-11235 | 5 Canonical, Debian, Git-scm and 2 more | 9 Ubuntu Linux, Debian Linux, Git and 6 more | 2020-05-02 | 6.8 MEDIUM | 7.8 HIGH |
| In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because submodule "names" are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with "../" in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server. | |||||
| CVE-2020-12479 | 1 Teampass | 1 Teampass | 2020-05-01 | 6.5 MEDIUM | 8.8 HIGH |
| TeamPass 2.1.27.36 allows any authenticated TeamPass user to trigger a PHP file include vulnerability via a crafted HTTP request with sources/users.queries.php newValue directory traversal. | |||||