Search
Total
1401 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-43492 | 1 Alquistai | 1 Alquist | 2021-11-16 | 5.0 MEDIUM | 7.5 HIGH |
| AlquistManager branch as of commit 280d99f43b11378212652e75f6f3159cde9c1d36 is affected by a directory traversal vulnerability. This attack can cause the disclosure of critical secrets stored anywhere on the system andcan significantly aid in getting remote code access. | |||||
| CVE-2021-43493 | 1 Servermanagement Project | 1 Servermanagement | 2021-11-16 | 5.0 MEDIUM | 7.5 HIGH |
| ServerManagement master branch as of commit 49491cc6f94980e6be7791d17be947c27071eb56 is affected by a directory traversal vulnerability. This vulnerability can be used to extract credentials which can in turn be used to execute code. | |||||
| CVE-2021-3924 | 1 Getgrav | 1 Grav | 2021-11-09 | 5.0 MEDIUM | 7.5 HIGH |
| grav is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | |||||
| CVE-2018-12895 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2021-11-05 | 6.5 MEDIUM | 8.8 HIGH |
| WordPress through 4.9.6 allows Author users to execute arbitrary code by leveraging directory traversal in the wp-admin/post.php thumb parameter, which is passed to the PHP unlink function and can delete the wp-config.php file. This is related to missing filename validation in the wp-includes/post.php wp_delete_attachment function. The attacker must have capabilities for files and posts that are normally available only to the Author, Editor, and Administrator roles. The attack methodology is to delete wp-config.php and then launch a new installation process to increase the attacker's privileges. | |||||
| CVE-2021-33800 | 1 Alibaba | 1 Druid | 2021-11-05 | 5.0 MEDIUM | 7.5 HIGH |
| In Druid 1.2.3, visiting the path with parameter in a certain function can lead to directory traversal. | |||||
| CVE-2020-11073 | 1 Autoswitch Python Virtualenv Project | 1 Autoswitch Python Virtualenv | 2021-11-04 | 4.6 MEDIUM | 7.8 HIGH |
| In Autoswitch Python Virtualenv before version 0.16.0, a user who enters a directory with a malicious `.venv` file could run arbitrary code without any user interaction. This is fixed in version: 1.16.0 | |||||
| CVE-2021-34762 | 1 Cisco | 3 Firepower Management Center Virtual Appliance, Firepower Threat Defense, Sourcefire Defense Center | 2021-11-03 | 5.5 MEDIUM | 8.1 HIGH |
| A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to perform a directory traversal attack on an affected device. The attacker would require valid device credentials. The vulnerability is due to insufficient input validation of the HTTPS URL by the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTPS request that contains directory traversal character sequences to an affected device. A successful exploit could allow the attacker to read or write arbitrary files on the device. | |||||
| CVE-2019-3976 | 1 Mikrotik | 1 Routeros | 2021-11-03 | 6.5 MEDIUM | 8.8 HIGH |
| RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below are vulnerable to an arbitrary directory creation vulnerability via the upgrade package's name field. If an authenticated user installs a malicious package then a directory could be created and the developer shell could be enabled. | |||||
| CVE-2020-18438 | 1 Phpok | 1 Phpok | 2021-11-03 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in qinggan phpok 5.1, allows attackers to disclose sensitive information, via the title parameter to admin.php. | |||||
| CVE-2019-3816 | 4 Fedoraproject, Opensuse, Openwsman Project and 1 more | 11 Fedora, Leap, Openwsman and 8 more | 2021-11-02 | 5.0 MEDIUM | 7.5 HIGH |
| Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemon was set to root directory. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request to openwsman server. | |||||
| CVE-2019-3737 | 1 Dell | 1 Avamar Data Migration Enabler Web Interface | 2021-11-02 | 5.0 MEDIUM | 7.5 HIGH |
| Dell EMC Avamar ADMe Web Interface 1.0.50 and 1.0.51 are affected by an LFI vulnerability which may allow a malicious user to download arbitrary files from the affected system by sending a specially crafted request to the Web Interface application. | |||||
| CVE-2018-13982 | 2 Debian, Smarty | 2 Debian Linux, Smarty | 2021-11-02 | 5.0 MEDIUM | 7.5 HIGH |
| Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the executed template code to bypass the trusted directory security restriction and read arbitrary files. | |||||
| CVE-2019-3556 | 1 Facebook | 1 Hhvm | 2021-10-29 | 5.5 MEDIUM | 8.1 HIGH |
| HHVM supports the use of an "admin" server which accepts administrative requests over HTTP. One of those request handlers, dump-pcre-cache, can be used to output cached regular expressions from the current execution context into a file. The handler takes a parameter which specifies where on the filesystem to write this data. The parameter is not validated, allowing a malicious user to overwrite arbitrary files where the user running HHVM has write access. This issue affects HHVM versions prior to 4.56.2, all versions between 4.57.0 and 4.78.0, as well as 4.79.0, 4.80.0, 4.81.0, 4.82.0, and 4.83.0. | |||||
| CVE-2021-37130 | 1 Huawei | 2 Fusioncube, Fusioncube Firmware | 2021-10-28 | 5.0 MEDIUM | 7.5 HIGH |
| There is a path traversal vulnerability in Huawei FusionCube 6.0.2.The vulnerability is due to that the software uses external input to construct a pathname that is intended to identify a directory that is located underneath a restricted parent directory, but the software does not properly validate the pathname. Successful exploit could allow the attacker to access a location that is outside of the restricted directory by a crafted filename. | |||||
| CVE-2020-23061 | 1 Dropouts | 1 Super Backup | 2021-10-28 | 5.0 MEDIUM | 7.5 HIGH |
| Dropouts Technologies LLP Super Backup v2.0.5 was discovered to contain an issue in the path parameter of the `list` and `download` module which allows attackers to perform a directory traversal via a change to the path variable to request the local list command. | |||||
| CVE-2020-23040 | 1 Sky File Project | 1 Sky File | 2021-10-27 | 5.0 MEDIUM | 7.5 HIGH |
| Sky File v2.1.0 contains a directory traversal vulnerability in the FTP server which allows attackers to access sensitive data and files via 'null' path commands. | |||||
| CVE-2020-23038 | 1 Kumilabs | 1 Swift File Transfer | 2021-10-27 | 5.0 MEDIUM | 7.5 HIGH |
| Swift File Transfer Mobile v1.1.2 and below was discovered to contain an information disclosure vulnerability in the path parameter. This vulnerability is exploited via an error caused by including non-existent path environment variables. | |||||
| CVE-2021-42542 | 1 Emerson | 6 Wireless 1410 Gateway, Wireless 1410 Gateway Firmware, Wireless 1410d Gateway and 3 more | 2021-10-27 | 6.5 MEDIUM | 8.8 HIGH |
| The affected product is vulnerable to directory traversal due to mishandling of provided backup folder structure. | |||||
| CVE-2021-41127 | 1 Rasa | 1 Rasa | 2021-10-27 | 5.8 MEDIUM | 7.1 HIGH |
| Rasa is an open source machine learning framework to automate text-and voice-based conversations. In affected versions a vulnerability exists in the functionality that loads a trained model `tar.gz` file which allows a malicious actor to craft a `model.tar.gz` file which can overwrite or replace bot files in the bot directory. The vulnerability is fixed in Rasa 2.8.10. For users unable to update ensure that users do not upload untrusted model files, and restrict CLI or API endpoint access where a malicious actor could target a deployed Rasa instance. | |||||
| CVE-2021-31385 | 1 Juniper | 1 Junos | 2021-10-25 | 8.5 HIGH | 8.8 HIGH |
| An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in J-Web of Juniper Networks Junos OS allows any low-privileged authenticated attacker to elevate their privileges to root. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S19; 15.1 versions prior to 15.1R7-S10; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R3-S3; 19.4 versions prior to 19.4R3-S5; 20.1 versions prior to 20.1R2-S2, 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2. | |||||
| CVE-2021-42261 | 1 Revisorlab | 1 Video Management System | 2021-10-25 | 5.0 MEDIUM | 7.5 HIGH |
| Revisor Video Management System (VMS) before 2.0.0 has a directory traversal vulnerability. Successful exploitation could allow an attacker to traverse the file system to access files or directories that are outside of restricted directory on the remote server. This could lead to the disclosure of sensitive data on the vulnerable server. | |||||
| CVE-2021-41149 | 1 Amazon | 1 Tough | 2021-10-25 | 8.5 HIGH | 8.1 HIGH |
| Tough provides a set of Rust libraries and tools for using and generating the update framework (TUF) repositories. The tough library, prior to 0.12.0, does not properly sanitize target names when caching a repository, or when saving specific targets to an output directory. When targets are cached or saved, files could be overwritten with arbitrary content anywhere on the system. A fix is available in version 0.12.0. No workarounds to this issue are known. | |||||
| CVE-2021-41131 | 1 Linuxfoundation | 1 The Update Framework | 2021-10-22 | 8.8 HIGH | 8.7 HIGH |
| python-tuf is a Python reference implementation of The Update Framework (TUF). In both clients (`tuf/client` and `tuf/ngclient`), there is a path traversal vulnerability that in the worst case can overwrite files ending in `.json` anywhere on the client system on a call to `get_one_valid_targetinfo()`. It occurs because the rolename is used to form the filename, and may contain path traversal characters (ie `../../name.json`). The impact is mitigated by a few facts: It only affects implementations that allow arbitrary rolename selection for delegated targets metadata, The attack requires the ability to A) insert new metadata for the path-traversing role and B) get the role delegated by an existing targets metadata, The written file content is heavily restricted since it needs to be a valid, signed targets file. The file extension is always .json. A fix is available in version 0.19 or newer. There are no workarounds that do not require code changes. Clients can restrict the allowed character set for rolenames, or they can store metadata in files named in a way that is not vulnerable: neither of these approaches is possible without modifying python-tuf. | |||||
| CVE-2021-41152 | 1 Frentix | 1 Openolat | 2021-10-22 | 4.0 MEDIUM | 7.7 HIGH |
| OpenOlat is a web-based e-learning platform for teaching, learning, assessment and communication, an LMS, a learning management system. In affected versions by manipulating the HTTP request an attacker can modify the path of a requested file download in the folder component to point to anywhere on the target system. The attack could be used to read any file accessible in the web root folder or outside, depending on the configuration of the system and the properly configured permission of the application server user. The attack requires an OpenOlat user account or the enabled guest user feature together with the usage of the folder component in a course. The attack does not allow writing of arbitrary files, it allows only reading of files and also only ready of files that the attacker knows the exact path which is very unlikely at least for OpenOlat data files. The problem is fixed in version 15.5.8 and 16.0.1 It is advised to upgrade to version 16.0.x. There are no known workarounds to fix this problem, an upgrade is necessary. | |||||
| CVE-2021-40724 | 2 Adobe, Google | 2 Acrobat Reader, Android | 2021-10-21 | 6.8 MEDIUM | 7.8 HIGH |
| Acrobat Reader for Android versions 21.8.0 (and earlier) are affected by a Path traversal vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-40988 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2021-10-21 | 9.0 HIGH | 7.2 HIGH |
| A remote directory traversal vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability. | |||||
| CVE-2021-33726 | 1 Siemens | 1 Sinec Nms | 2021-10-18 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system allows to download arbitrary files under a user controlled path and does not correctly check if the relative path is still within the intended target directory. | |||||
| CVE-2021-28966 | 2 Microsoft, Ruby-lang | 2 Windows, Ruby | 2021-10-18 | 5.0 MEDIUM | 7.5 HIGH |
| In Ruby through 3.0 on Windows, a remote attacker can submit a crafted path when a Web application handles a parameter with TmpDir. | |||||
| CVE-2021-40978 | 1 Mkdocs | 1 Mkdocs | 2021-10-15 | 5.0 MEDIUM | 7.5 HIGH |
| ** DISPUTED ** The mkdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain :sensitive information. NOTE: the vendor has disputed this as described in https://github.com/mkdocs/mkdocs/issues/2601.] and https://github.com/nisdn/CVE-2021-40978/issues/1. | |||||
| CVE-2021-25485 | 1 Google | 1 Android | 2021-10-13 | 5.8 MEDIUM | 8.0 HIGH |
| Path traversal vulnerability in FactoryAirCommnadManger prior to SMR Oct-2021 Release 1 allows attackers to write file as system UID via BT remote socket. | |||||
| CVE-2021-41578 | 1 Myscada | 1 Mydesigner | 2021-10-12 | 6.8 MEDIUM | 7.8 HIGH |
| mySCADA myDESIGNER 8.20.0 and below allows Directory Traversal attacks when importing project files. If an attacker can trick a victim into importing a malicious mep file, then they gain the ability to write arbitrary files to OS locations where the user has permission. This would typically lead to code execution. | |||||
| CVE-2021-41579 | 1 Laquisscada | 1 Scada | 2021-10-12 | 6.8 MEDIUM | 7.8 HIGH |
| LCDS LAquis SCADA through 4.3.1.1085 is vulnerable to a control bypass and path traversal. If an attacker can get a victim to load a malicious els project file and use the play feature, then the attacker can bypass a consent popup and write arbitrary files to OS locations where the user has permission, leading to code execution. | |||||
| CVE-2021-41291 | 1 Ecoa | 5 Ecs Router Controller-ecs, Ecs Router Controller-ecs Firmware, Riskbuster and 2 more | 2021-10-07 | 5.0 MEDIUM | 7.5 HIGH |
| ECOA BAS controller suffers from a path traversal content disclosure vulnerability. Using the GET parameter in File Manager, unauthenticated attackers can remotely disclose directory content on the affected device. | |||||
| CVE-2021-40153 | 4 Debian, Fedoraproject, Redhat and 1 more | 4 Debian Linux, Fedora, Enterprise Linux and 1 more | 2021-10-07 | 5.8 MEDIUM | 8.1 HIGH |
| squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory, and thus allows writing to locations outside of the destination. | |||||
| CVE-2021-41293 | 1 Ecoa | 5 Ecs Router Controller-ecs, Ecs Router Controller-ecs Firmware, Riskbuster and 2 more | 2021-10-07 | 5.0 MEDIUM | 7.5 HIGH |
| ECOA BAS controller suffers from a path traversal vulnerability, causing arbitrary files disclosure. Using the specific POST parameter, unauthenticated attackers can remotely disclose arbitrary files on the affected device and disclose sensitive and system information. | |||||
| CVE-2019-7254 | 1 Nortekcontrol | 4 Linear Emerge Elite, Linear Emerge Elite Firmware, Linear Emerge Essential and 1 more | 2021-10-04 | 5.0 MEDIUM | 7.5 HIGH |
| Linear eMerge E3-Series devices allow File Inclusion. | |||||
| CVE-2021-35027 | 1 Zyxel | 2 Zywall Vpn2s, Zywall Vpn2s Firmware | 2021-10-02 | 5.0 MEDIUM | 7.5 HIGH |
| A directory traversal vulnerability in the web server of the Zyxel VPN2S firmware version 1.12 could allow a remote attacker to gain access to sensitive information. | |||||
| CVE-2021-40097 | 1 Concretecms | 1 Concrete Cms | 2021-10-01 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Concrete CMS through 8.5.5. Authenticated path traversal leads to to remote code execution via uploaded PHP code, related to the bFilename parameter. | |||||
| CVE-2021-40103 | 1 Concretecms | 1 Concrete Cms | 2021-10-01 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Concrete CMS through 8.5.5. Path Traversal can lead to Arbitrary File Reading and SSRF. | |||||
| CVE-2021-36286 | 1 Dell | 1 Supportassist Client Consumer | 2021-10-01 | 3.6 LOW | 7.1 HIGH |
| Dell SupportAssist Client Consumer versions 3.9.13.0 and any versions prior to 3.9.13.0 contain an arbitrary file deletion vulnerability that can be exploited by using the Windows feature of NTFS called Symbolic links. Symbolic links can be created by any(non-privileged) user under some object directories, but by themselves are not sufficient to successfully escalate privileges. However, combining them with a different object, such as the NTFS junction point allows for the exploitation. Support assist clean files functionality do not distinguish junction points from the physical folder and proceeds to clean the target of the junction that allows nonprivileged users to create junction points and delete arbitrary files on the system which can be accessed only by the admin. | |||||
| CVE-2019-9060 | 1 Cmsmadesimple | 1 Cms Made Simple | 2021-09-28 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in CMS Made Simple 2.2.8. It is possible to achieve unauthenticated path traversal in the CGExtensions module (in the file action.setdefaulttemplate.php) with the m1_filename parameter; and through the action.showmessage.php file, it is possible to read arbitrary file content (by using that path traversal with m1_prefname set to cg_errormsg and m1_resettodefault=1). | |||||
| CVE-2021-33692 | 1 Sap | 1 Cloud Connector | 2021-09-28 | 5.0 MEDIUM | 7.5 HIGH |
| SAP Cloud Connector, version - 2.0, allows the upload of zip files as backup. This backup file can be tricked to inject special elements such as '..' and '/' separators, for attackers to escape outside of the restricted location to access files or directories. | |||||
| CVE-2021-22013 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2021-09-27 | 5.0 MEDIUM | 7.5 HIGH |
| The vCenter Server contains a file path traversal vulnerability leading to information disclosure in the appliance management API. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information. | |||||
| CVE-2021-37200 | 1 Siemens | 1 Sinec Network Management System | 2021-09-24 | 4.0 MEDIUM | 7.7 HIGH |
| A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP1). An attacker with access to the webserver of an affected system could download arbitrary files from the underlying filesystem by sending a specially crafted HTTP request. | |||||
| CVE-2019-9489 | 2 Microsoft, Trendmicro | 6 Windows, Apex One, Apex One As A Service and 3 more | 2021-09-24 | 5.0 MEDIUM | 7.5 HIGH |
| A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (versions XG and 11.0), and Worry-Free Business Security (versions 10.0, 9.5 and 9.0) could allow an attacker to modify arbitrary files on the affected product's management console. | |||||
| CVE-2020-12010 | 1 Advantech | 1 Webaccess | 2021-09-23 | 5.8 MEDIUM | 7.1 HIGH |
| Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow an authenticated user to use a specially crafted file to delete files outside the application’s control. | |||||
| CVE-2020-12026 | 1 Advantech | 1 Webaccess | 2021-09-23 | 6.5 MEDIUM | 8.8 HIGH |
| Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow a low privilege user to overwrite files outside the application’s control. | |||||
| CVE-2021-38758 | 1 Online Catering Reservation System Project | 1 Online Catering Reservation System | 2021-09-21 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in Online Catering Reservation System 1.0 exists due to lack of validation in index.php. | |||||
| CVE-2021-32516 | 1 Qsan | 1 Storage Manager | 2021-09-20 | 5.0 MEDIUM | 7.5 HIGH |
| Path traversal vulnerability in share_link in QSAN Storage Manager allows remote attackers to download arbitrary files. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3. | |||||
| CVE-2021-32532 | 1 Qsan | 1 Xevo | 2021-09-20 | 5.0 MEDIUM | 7.5 HIGH |
| Path traversal vulnerability in back-end analysis function in QSAN XEVO allows remote attackers to download arbitrary files without permissions. The referred vulnerability has been solved with the updated version of QSAN XEVO v2.1.0. | |||||