Search
Total
1401 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-34217 | 1 Moxa | 4 Tn-4900, Tn-4900 Firmware, Tn-5900 and 1 more | 2023-08-23 | N/A | 8.1 HIGH |
| TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-delete function, which could potentially allow malicious users to delete arbitrary files. | |||||
| CVE-2023-34216 | 1 Moxa | 4 Tn-4900, Tn-4900 Firmware, Tn-5900 and 1 more | 2023-08-23 | N/A | 8.1 HIGH |
| TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability derives from insufficient input validation in the key-delete function, which could potentially allow malicious users to delete arbitrary files. | |||||
| CVE-2023-40274 | 1 Getzola | 1 Zola | 2023-08-22 | N/A | 7.5 HIGH |
| An issue was discovered in zola 0.13.0 through 0.17.2. The custom implementation of a web server, available via the "zola serve" command, allows directory traversal. The handle_request function, used by the server to process HTTP requests, does not account for sequences of special path control characters (../) in the URL when serving a file, which allows one to escape the webroot of the server and read arbitrary files from the filesystem. | |||||
| CVE-2023-32004 | 2 Fedoraproject, Nodejs | 2 Fedora, Node.js | 2023-08-22 | N/A | 8.8 HIGH |
| A vulnerability has been discovered in Node.js version 20, specifically within the experimental permission model. This flaw relates to improper handling of Buffers in file system APIs causing a traversal path to bypass when verifying file permissions. This vulnerability affects all users using the experimental permission model in Node.js 20. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js. | |||||
| CVE-2022-30333 | 3 Linux, Opengroup, Rarlab | 3 Linux Kernel, Unix, Unrar | 2023-08-17 | 5.0 MEDIUM | 7.5 HIGH |
| RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. NOTE: WinRAR and Android RAR are unaffected. | |||||
| CVE-2021-25864 | 1 Dgtl | 1 Huemagic | 2023-08-16 | 5.0 MEDIUM | 7.5 HIGH |
| node-red-contrib-huemagic 3.0.0 is affected by hue/assets/..%2F Directory Traversal.in the res.sendFile API, used in file hue-magic.js, to fetch an arbitrary file. | |||||
| CVE-2021-26504 | 1 Dgtl | 1 Huemagic | 2023-08-16 | N/A | 7.5 HIGH |
| Directory Traversal vulnerability in Foddy node-red-contrib-huemagic version 3.0.0, allows remote attackers to gain sensitive information via crafted request in res.sendFile API in hue-magic.js. | |||||
| CVE-2023-39957 | 1 Nextcloud | 1 Talk | 2023-08-16 | N/A | 7.8 HIGH |
| Nextcloud Talk Android allows users to place video and audio calls through Nextcloud on Android. Prior to version 17.0.0, an unprotected intend allowed malicious third party apps to trick the Talk Android app into writing files outside of its intended cache directory. Nextcloud Talk Android version 17.0.0 has a patch for this issue. No known workarounds are available. | |||||
| CVE-2023-39964 | 1 1panel | 1 1panel | 2023-08-16 | N/A | 7.5 HIGH |
| 1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, arbitrary file reads allow an attacker to read arbitrary important configuration files on the server. In the `api/v1/file.go` file, there is a function called `LoadFromFile`, which directly reads the file by obtaining the requested path `parameter[path]`. The request parameters are not filtered, resulting in a background arbitrary file reading vulnerability. Version 1.5.0 has a patch for this issue. | |||||
| CVE-2020-3452 | 1 Cisco | 14 Adaptive Security Appliance Software, Asa 5505, Asa 5510 and 11 more | 2023-08-16 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and read sensitive files on a targeted system. The vulnerability is due to a lack of proper input validation of URLs in HTTP requests processed by an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences to an affected device. A successful exploit could allow the attacker to view arbitrary files within the web services file system on the targeted device. The web services file system is enabled when the affected device is configured with either WebVPN or AnyConnect features. This vulnerability cannot be used to obtain access to ASA or FTD system files or underlying operating system (OS) files. | |||||
| CVE-2018-0296 | 1 Cisco | 2 Adaptive Security Appliance Software, Firepower Threat Defense | 2023-08-15 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. It is also possible on certain software releases that the ASA will not reload, but an attacker could view sensitive system information without authentication by using directory traversal techniques. The vulnerability is due to lack of proper input validation of the HTTP URL. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. An exploit could allow the attacker to cause a DoS condition or unauthenticated disclosure of information. This vulnerability applies to IPv4 and IPv6 HTTP traffic. This vulnerability affects Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software that is running on the following Cisco products: 3000 Series Industrial Security Appliance (ISA), ASA 1000V Cloud Firewall, ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Adaptive Security Virtual Appliance (ASAv), Firepower 2100 Series Security Appliance, Firepower 4100 Series Security Appliance, Firepower 9300 ASA Security Module, FTD Virtual (FTDv). Cisco Bug IDs: CSCvi16029. | |||||
| CVE-2023-24698 | 1 Foswiki | 1 Foswiki | 2023-08-15 | N/A | 7.5 HIGH |
| Insufficient parameter validation in the Foswiki::Sandbox component of Foswiki v2.1.7 and below allows attackers to perform a directory traversal via supplying a crafted web request. | |||||
| CVE-2023-37646 | 1 Bitberry | 1 File Opener | 2023-08-14 | N/A | 7.8 HIGH |
| An issue in the CAB file extraction function of Bitberry File Opener v23.0 allows attackers to execute a directory traversal. | |||||
| CVE-2023-33756 | 1 Foswiki | 1 Foswiki | 2023-08-14 | N/A | 7.5 HIGH |
| An issue in the SpreadSheetPlugin component of Foswiki v2.1.7 and below allows attackers to execute a directory traversal. | |||||
| CVE-2022-36113 | 1 Rust-lang | 1 Cargo | 2023-08-14 | N/A | 8.1 HIGH |
| Cargo is a package manager for the rust programming language. After a package is downloaded, Cargo extracts its source code in the ~/.cargo folder on disk, making it available to the Rust projects it builds. To record when an extraction is successful, Cargo writes "ok" to the .cargo-ok file at the root of the extracted source code once it extracted all the files. It was discovered that Cargo allowed packages to contain a .cargo-ok symbolic link, which Cargo would extract. Then, when Cargo attempted to write "ok" into .cargo-ok, it would actually replace the first two bytes of the file the symlink pointed to with ok. This would allow an attacker to corrupt one file on the machine using Cargo to extract the package. Note that by design Cargo allows code execution at build time, due to build scripts and procedural macros. The vulnerabilities in this advisory allow performing a subset of the possible damage in a harder to track down way. Your dependencies must still be trusted if you want to be protected from attacks, as it's possible to perform the same attacks with build scripts and procedural macros. The vulnerability is present in all versions of Cargo. Rust 1.64, to be released on September 22nd, will include a fix for it. Since the vulnerability is just a more limited way to accomplish what a malicious build scripts or procedural macros can do, we decided not to publish Rust point releases backporting the security fix. Patch files are available for Rust 1.63.0 are available in the wg-security-response repository for people building their own toolchain. Mitigations We recommend users of alternate registries to exercise care in which package they download, by only including trusted dependencies in their projects. Please note that even with these vulnerabilities fixed, by design Cargo allows arbitrary code execution at build time thanks to build scripts and procedural macros: a malicious dependency will be able to cause damage regardless of these vulnerabilities. crates.io implemented server-side checks to reject these kinds of packages years ago, and there are no packages on crates.io exploiting these vulnerabilities. crates.io users still need to exercise care in choosing their dependencies though, as remote code execution is allowed by design there as well. | |||||
| CVE-2023-4172 | 1 Cdwanjiang | 1 Flash Flood Disaster Monitoring And Warning System | 2023-08-10 | N/A | 7.5 HIGH |
| A vulnerability, which was classified as problematic, has been found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. This issue affects some unknown processing of the file \Service\FileHandler.ashx. The manipulation of the argument FileDirectory leads to absolute path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-236207. | |||||
| CVE-2023-37896 | 1 Projectdiscovery | 1 Nuclei | 2023-08-10 | N/A | 7.5 HIGH |
| Nuclei is a vulnerability scanner. Prior to version 2.9.9, a security issue in the Nuclei project affected users utilizing Nuclei as Go code (SDK) running custom templates. This issue did not affect CLI users. The problem was related to sanitization issues with payload loading in sandbox mode. There was a potential risk with payloads loading in sandbox mode. The issue occurred due to relative paths not being converted to absolute paths before doing the check for `sandbox` flag allowing arbitrary files to be read on the filesystem in certain cases when using Nuclei from `Go` SDK implementation. This issue has been fixed in version 2.9.9. The maintainers have also enabled sandbox by default for filesystem loading. This can be optionally disabled if required. The `-sandbox` option has been deprecated and is now divided into two new options: `-lfa` (allow local file access) which is enabled by default and `-lna` (restrict local network access) which can be enabled by users optionally. The `-lfa` allows file (payload) access anywhere on the system (disabling sandbox effectively), and `-lna` blocks connections to the local/private network. | |||||
| CVE-2023-39528 | 1 Prestashop | 1 Prestashop | 2023-08-09 | N/A | 8.6 HIGH |
| PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, the `displayAjaxEmailHTML` method can be used to read any file on the server, potentially even outside of the project if the server is not correctly configured. Version 8.1.1 contains a patch for this issue. There are no known workarounds. | |||||
| CVE-2023-36220 | 1 Textpattern | 1 Textpattern | 2023-08-09 | N/A | 7.2 HIGH |
| Directory Traversal vulnerability in Textpattern CMS v4.8.8 allows a remote authenticated attacker to execute arbitrary code and gain access to sensitive information via the plugin Upload function. | |||||
| CVE-2023-38708 | 1 Pimcore | 1 Pimcore | 2023-08-09 | N/A | 8.8 HIGH |
| Pimcore is an Open Source Data & Experience Management Platform: PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce. A path traversal vulnerability exists in the `AssetController::importServerFilesAction`, which allows an attacker to overwrite or modify sensitive files by manipulating the pimcore_log parameter.This can lead to potential denial of service---key file overwrite. The impact of this vulnerability allows attackers to: overwrite or modify sensitive files, potentially leading to unauthorized access, privilege escalation, or disclosure of confidential information. This could also cause a denial of service (DoS) if critical system files are overwritten or deleted. | |||||
| CVE-2023-38702 | 1 Eng | 1 Knowage | 2023-08-09 | N/A | 8.8 HIGH |
| Knowage is an open source analytics and business intelligence suite. Starting in the 6.x.x branch and prior to version 8.1.8, the endpoint `/knowage/restful-services/dossier/importTemplateFile` allows authenticated users to upload `template file` on the server, but does not need any authorization to be reached. When the JSP file is uploaded, the attacker just needs to connect to `/knowageqbeengine/foo.jsp` to gain code execution on the server. By exploiting this vulnerability, an attacker with low privileges can upload a JSP file to the `knowageqbeengine` directory and gain code execution capability on the server. This issue has been patched in Knowage version 8.1.8. | |||||
| CVE-2023-33365 | 1 Supremainc | 1 Biostar 2 | 2023-08-09 | N/A | 7.5 HIGH |
| A path traversal vulnerability exists in Suprema BioStar 2 before 2.9.1, which allows unauthenticated attackers to fetch arbitrary files from the server's web server. | |||||
| CVE-2023-35081 | 1 Ivanti | 1 Endpoint Manager Mobile | 2023-08-08 | N/A | 7.2 HIGH |
| A path traversal vulnerability in Ivanti EPMM versions (11.10.x < 11.10.0.3, 11.9.x < 11.9.1.2 and 11.8.x < 11.8.1.2) allows an authenticated administrator to write arbitrary files onto the appliance. | |||||
| CVE-2023-0956 | 1 Tel-ster | 1 Telwin Scada Webinterface | 2023-08-08 | N/A | 7.5 HIGH |
| External input could be used on TEL-STER TelWin SCADA WebInterface to construct paths to files and directories without properly neutralizing special elements within the pathname, which could allow an unauthenticated attacker to read files on the system. | |||||
| CVE-2023-38950 | 1 Zkteco | 1 Biotime | 2023-08-08 | N/A | 7.5 HIGH |
| A path traversal vulnerability in the iclock API of ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read arbitrary files via supplying a crafted payload. | |||||
| CVE-2022-28741 | 1 Aenrich | 1 A\+hrd | 2023-08-08 | N/A | 8.1 HIGH |
| aEnrich a+HRD 5.x Learning Management Key Performance Indicator System has a local file inclusion (LFI) vulnerability that occurs due to missing input validation in v5.x | |||||
| CVE-2022-3060 | 1 Gitlab | 1 Gitlab | 2023-08-08 | N/A | 7.3 HIGH |
| Improper control of a resource identifier in Error Tracking in GitLab CE/EE affecting all versions from 12.7 allows an authenticated attacker to generate content which could cause a victim to make unintended arbitrary requests | |||||
| CVE-2022-29281 | 1 Notable | 1 Notable | 2023-08-08 | 6.8 MEDIUM | 8.8 HIGH |
| Notable before 1.9.0-beta.8 doesn't effectively prevent the opening of executable files when clicking on a link. There is improper validation of the file URI scheme. A hyperlink to an SMB share could lead to execution of an arbitrary program (or theft of NTLM credentials via an SMB relay attack, because the application resolves UNC paths). | |||||
| CVE-2022-21999 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-08-08 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Print Spooler Elevation of Privilege Vulnerability | |||||
| CVE-2022-42977 | 1 Atlassian | 1 Confluence Data Center | 2023-08-08 | N/A | 7.5 HIGH |
| The Netic User Export add-on before 1.3.5 for Atlassian Confluence has the functionality to generate a list of users in the application, and export it. During export, the HTTP request has a fileName parameter that accepts any file on the system (e.g., an SSH private key) to be downloaded. | |||||
| CVE-2022-20962 | 1 Cisco | 1 Identity Services Engine | 2023-08-08 | N/A | 8.8 HIGH |
| A vulnerability in the Localdisk Management feature of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to make unauthorized changes to the file system of an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted HTTP request with absolute path sequences. A successful exploit could allow the attacker to upload malicious files to arbitrary locations within the file system. Using this method, it is possible to access the underlying operating system and execute commands with system privileges. | |||||
| CVE-2022-38258 | 1 Dlink | 2 Dir-819, Dir-819 Firmware | 2023-08-08 | N/A | 8.1 HIGH |
| A local file inclusion (LFI) vulnerability in D-Link DIR 819 v1.06 allows attackers to cause a Denial of Service (DoS) or access sensitive server information via manipulation of the getpage parameter in a crafted web request. | |||||
| CVE-2022-26019 | 1 Netgate | 2 Pfsense, Pfsense Plus | 2023-08-08 | 8.5 HIGH | 8.8 HIGH |
| Improper access control vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01) allows a remote attacker with the privilege to change NTP GPS settings to rewrite existing files on the file system, which may result in arbitrary command execution. | |||||
| CVE-2021-38163 | 1 Sap | 1 Netweaver | 2023-08-08 | 9.0 HIGH | 8.8 HIGH |
| SAP NetWeaver (Visual Composer 7.0 RT) versions - 7.30, 7.31, 7.40, 7.50, without restriction, an attacker authenticated as a non-administrative user can upload a malicious file over a network and trigger its processing, which is capable of running operating system commands with the privilege of the Java Server process. These commands can be used to read or modify any information on the server or shut the server down making it unavailable. | |||||
| CVE-2022-30321 | 1 Hashicorp | 1 Go-getter | 2023-08-08 | 7.5 HIGH | 8.6 HIGH |
| go-getter up to 1.5.11 and 2.0.2 allowed arbitrary host access via go-getter path traversal, symlink processing, and command injection flaws. Fixed in 1.6.1 and 2.1.0. | |||||
| CVE-2022-25856 | 1 Argo Events Project | 1 Argo Events | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| The package github.com/argoproj/argo-events/sensors/artifacts before 1.7.1 are vulnerable to Directory Traversal in the (g *GitArtifactReader).Read() API in git.go. This could allow arbitrary file reads if the GitArtifactReader is provided a pathname containing a symbolic link or an implicit directory name such as ... | |||||
| CVE-2022-27925 | 1 Zimbra | 1 Collaboration | 2023-08-08 | 6.5 MEDIUM | 7.2 HIGH |
| Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. An authenticated user with administrator rights has the ability to upload arbitrary files to the system, leading to directory traversal. | |||||
| CVE-2023-38956 | 1 Zkteco | 1 Bioaccess Ivs | 2023-08-07 | N/A | 7.5 HIGH |
| A path traversal vulnerability in ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to read arbitrary files via supplying a crafted payload. | |||||
| CVE-2023-31427 | 1 Broadcom | 1 Fabric Operating System | 2023-08-07 | N/A | 7.8 HIGH |
| Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c, and v9.2.0 Could allow an authenticated, local user with knowledge of full path names inside Brocade Fabric OS to execute any command regardless of assigned privilege. Starting with Fabric OS v9.1.0, “root” account access is disabled. | |||||
| CVE-2022-46902 | 1 Vocera | 2 Report Server, Voice Server | 2023-08-04 | N/A | 7.5 HIGH |
| An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is a Path Traversal for an Unzip operation. The Vocera Report Console contains a websocket function that allows for the restoration of the database from a ZIP archive that expects a SQL import file. During the unzip operation, the code takes file paths from the ZIP archive and writes them to a Vocera temporary directory. Unfortunately, the code does not properly check if the file paths include directory traversal payloads that would escape the intended destination. | |||||
| CVE-2023-37218 | 1 Tadirantele | 1 Aeonix | 2023-08-04 | N/A | 7.5 HIGH |
| Tadiran Telecom Aeonix - CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | |||||
| CVE-2022-31457 | 1 Rtx Trap Project | 1 Rtx Trap | 2023-08-02 | N/A | 7.5 HIGH |
| RTX TRAP v1.0 allows attackers to perform a directory traversal via a crafted request sent to the endpoint /data/. | |||||
| CVE-2023-37474 | 1 Copyparty Project | 1 Copyparty | 2023-07-31 | N/A | 7.5 HIGH |
| Copyparty is a portable file server. Versions prior to 1.8.2 are subject to a path traversal vulnerability detected in the `.cpr` subfolder. The Path Traversal attack technique allows an attacker access to files, directories, and commands that reside outside the web document root directory. This issue has been addressed in commit `043e3c7d` which has been included in release 1.8.2. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-35069 | 1 Biges | 1 Bullwark Momentum Series | 2023-07-31 | N/A | 7.5 HIGH |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Bullwark allows Path Traversal.This issue affects Bullwark: before BLW-2016E-960H. | |||||
| CVE-2023-37601 | 1 Mobisystems | 1 Office Suite | 2023-07-31 | N/A | 7.5 HIGH |
| Office Suite Premium v10.9.1.42602 was discovered to contain a local file inclusion (LFI) vulnerability via the component /etc/hosts. | |||||
| CVE-2023-30200 | 1 Advancedplugins | 1 Ultimateimagetool | 2023-07-31 | N/A | 7.5 HIGH |
| In the module “Image: WebP, Compress, Zoom, Lazy load, Alt & More” (ultimateimagetool) in versions up to 2.1.02 from Advanced Plugins for PrestaShop, a guest can download personal informations without restriction by performing a path traversal attack. | |||||
| CVE-2023-31461 | 1 Steelseries | 1 Gg | 2023-07-27 | N/A | 7.5 HIGH |
| Attackers can exploit an open API listener on SteelSeries GG 36.0.0 to create a sub-application that will be executed automatically from a controlled location, because of a path traversal vulnerability. | |||||
| CVE-2023-37476 | 1 Openrefine | 1 Openrefine | 2023-07-27 | N/A | 7.8 HIGH |
| OpenRefine is a free, open source tool for data processing. A carefully crafted malicious OpenRefine project tar file can be used to trigger arbitrary code execution in the context of the OpenRefine process if a user can be convinced to import it. The vulnerability exists in all versions of OpenRefine up to and including 3.7.3. Users should update to OpenRefine 3.7.4 as soon as possible. Users unable to upgrade should only import OpenRefine projects from trusted sources. | |||||
| CVE-2023-38337 | 1 Rswag Project | 1 Rswag | 2023-07-27 | N/A | 7.5 HIGH |
| rswag before 2.10.1 allows remote attackers to read arbitrary JSON and YAML files via directory traversal, because rswag-api can expose a file that is not the OpenAPI (or Swagger) specification file of a project. | |||||
| CVE-2023-3813 | 1 Artbees | 1 Jupiter X Core | 2023-07-26 | N/A | 7.5 HIGH |
| The Jupiter X Core plugin for WordPress is vulnerable to arbitrary file downloads in versions up to, and including, 2.5.0. This makes it possible for unauthenticated attackers to download the contents of arbitrary files on the server, which can contain sensitive information. The requires the premium version of the plugin to be activated. | |||||