Search
Total
1401 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-32527 | 1 Qsan | 1 Storage Manager | 2021-09-20 | 5.0 MEDIUM | 7.5 HIGH |
| Path traversal vulnerability in QSAN Storage Manager allows remote unauthenticated attackers to download arbitrary files thru injecting file path in download function. Suggest contacting with QSAN and refer to recommendations in QSAN Document. | |||||
| CVE-2021-33807 | 1 Gespage | 1 Gespage | 2021-09-20 | 5.0 MEDIUM | 7.5 HIGH |
| Cartadis Gespage through 8.2.1 allows Directory Traversal in gespage/doDownloadData and gespage/webapp/doDownloadData. | |||||
| CVE-2021-24453 | 1 Include Me Project | 1 Include Me | 2021-09-20 | 9.0 HIGH | 8.8 HIGH |
| The Include Me WordPress plugin through 1.2.1 is vulnerable to path traversal / local file inclusion, which can lead to Remote Code Execution (RCE) of the system due to log poisoning and therefore potentially a full compromise of the underlying structure | |||||
| CVE-2021-27030 | 1 Autodesk | 1 Fbx Review | 2021-09-16 | 9.3 HIGH | 7.8 HIGH |
| A user may be tricked into opening a malicious FBX file which may exploit a Directory Traversal Remote Code Execution vulnerability in FBX’s Review causing it to run arbitrary code on the system. | |||||
| CVE-2021-39500 | 1 Eyoucms | 1 Eyoucms | 2021-09-15 | 5.0 MEDIUM | 7.5 HIGH |
| Eyoucms 1.5.4 is vulnerable to Directory Traversal. Due to a lack of input data sanitizaton in param tpldir, filename, type, nid an attacker can inject "../" to escape and write file to writeable directories. | |||||
| CVE-2020-24143 | 1 Ninjateam | 1 Video Downloader For Tiktok | 2021-09-13 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal in the Video Downloader for TikTok (aka downloader-tiktok) plugin 1.3 for WordPress lets an attacker get access to files that are stored outside the web root folder via the njt-tk-download-video parameter. | |||||
| CVE-2014-5068 | 1 Microsemi | 2 S350i, S350i Firmware | 2021-09-13 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in the web application in Symmetricom s350i 2.70.15 allows remote attackers to read arbitrary files via a (1) ../ (dot dot slash) or (2) ..\ (dot dot forward slash) before a file name. | |||||
| CVE-2017-8007 | 1 Dell | 4 Emc M\&r, Emc Storage Monitoring And Reporting, Emc Vipr Srm and 1 more | 2021-09-13 | 6.5 MEDIUM | 8.8 HIGH |
| In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Webservice Gateway is affected by a directory traversal vulnerability. Attackers with knowledge of Webservice Gateway credentials could potentially exploit this vulnerability to access unauthorized information, and modify or delete data, by supplying specially crafted strings in input parameters of the web service call. | |||||
| CVE-2017-5168 | 1 Hanwha-security | 1 Smart Security Manager | 2021-09-13 | 5.1 MEDIUM | 7.5 HIGH |
| An issue was discovered in Hanwha Techwin Smart Security Manager Versions 1.5 and prior. Multiple Path Traversal vulnerabilities have been identified. The flaws exist within the ActiveMQ Broker service that is installed as part of the product. By issuing specific HTTP requests, if a user visits a malicious page, an attacker can gain access to arbitrary files on the server. Smart Security Manager Versions 1.4 and prior to 1.31 are affected by these vulnerabilities. These vulnerabilities can allow for remote code execution. | |||||
| CVE-2021-39109 | 1 Atlassian | 1 Atlasboard | 2021-09-10 | 5.0 MEDIUM | 7.5 HIGH |
| The renderWidgetResource resource in Atlasian Atlasboard before version 1.1.9 allows remote attackers to read arbitrary files via a path traversal vulnerability. | |||||
| CVE-2017-9024 | 1 Secure-bytes | 1 Secure Cisco Auditor | 2021-09-09 | 5.0 MEDIUM | 7.5 HIGH |
| Secure Bytes Cisco Configuration Manager, as bundled in Secure Bytes Secure Cisco Auditor (SCA) 3.0, has a Directory Traversal issue in its TFTP Server, allowing attackers to read arbitrary files via ../ sequences in a pathname. | |||||
| CVE-2018-1266 | 1 Cloudfoundry | 1 Capi-release | 2021-09-09 | 6.5 MEDIUM | 8.1 HIGH |
| Cloud Foundry Cloud Controller, versions prior to 1.52.0, contains information disclosure and path traversal vulnerabilities. An authenticated malicious user can predict the location of application blobs and leverage path traversal to create a malicious application that has the ability to overwrite arbitrary files on the Cloud Controller instance. | |||||
| CVE-2015-8799 | 1 Broadcom | 5 Symantec Critical System Protection, Symantec Data Center Security Server, Symantec Data Center Security Server And Agents and 2 more | 2021-09-09 | 7.1 HIGH | 7.6 HIGH |
| Directory traversal vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allows remote authenticated users to write update-package data to arbitrary agent locations via unspecified vectors. | |||||
| CVE-2015-8798 | 1 Broadcom | 5 Symantec Critical System Protection, Symantec Data Center Security Server, Symantec Data Center Security Server And Agents and 2 more | 2021-09-09 | 7.7 HIGH | 8.0 HIGH |
| Directory traversal vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allows remote authenticated users to execute arbitrary code via unspecified vectors. | |||||
| CVE-2021-20206 | 1 Linuxfoundation | 1 Container Network Interface | 2021-09-09 | 6.5 MEDIUM | 7.2 HIGH |
| An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the 'type' field in the network configuration, it is possible to use special elements such as "../" separators to reference binaries elsewhere on the system. This flaw allows an attacker to execute other existing binaries other than the cni plugins/types, such as 'reboot'. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | |||||
| CVE-2018-10897 | 2 Redhat, Rpm | 5 Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Workstation and 2 more | 2021-09-09 | 9.3 HIGH | 8.1 HIGH |
| A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. If reposync is running with heightened privileges on a targeted system, this flaw could potentially result in system compromise via the overwriting of critical system files. Version 1.1.31 and older are believed to be affected. | |||||
| CVE-2021-39180 | 1 Frentix | 1 Openolat | 2021-09-09 | 9.0 HIGH | 8.8 HIGH |
| OpenOLAT is a web-based learning management system (LMS). A path traversal vulnerability exists in versions prior to 15.3.18, 15.5.3, and 16.0.0. Using a specially prepared ZIP file, it is possible to overwrite any file that is writable by the application server user (e.g. the tomcat user). Depending on the configuration this can be limited to files of the OpenOlat user data directory, however, if not properly set up, the attack could also be used to overwrite application server config files, java code or even operating system files. The attack could be used to corrupt or modify any OpenOlat file such as course structures, config files or temporary test data. Those attack would require in-depth knowledge of the installation and thus more theoretical. If the app server configuration allows the execution of jsp files and the path to the context is known, it is also possible to execute java code. If the app server runs with the same user that is used to deploy the OpenOlat code or has write permissions on the OpenOlat code files and the path to the context is know, code injection is possible. The attack requires an OpenOlat user account to upload a ZIP file and trigger the unzip method. It can not be exploited by unregistered users. The problem is fixed in versions 15.3.18, 15.5.3 and 16.0.0. There are no known workarounds aside from upgrading. | |||||
| CVE-2018-9010 | 1 Intelbras | 4 Tip200, Tip200 Firmware, Tip200lite and 1 more | 2021-09-09 | 4.0 MEDIUM | 7.2 HIGH |
| Intelbras TELEFONE IP TIP200/200 LITE 60.0.75.29 devices allow remote authenticated admins to read arbitrary files via the /cgi-bin/cgiServer.exx page parameter, aka absolute path traversal. In some cases, authentication can be achieved via the admin account with its default admin password. | |||||
| CVE-2021-36031 | 1 Adobe | 2 Adobe Commerce, Magento Open Source | 2021-09-08 | 6.5 MEDIUM | 7.2 HIGH |
| Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a Path Traversal vulnerability via the `theme[preview_image]` parameter. An attacker with admin privileges could leverage this vulnerability to achieve remote code execution. | |||||
| CVE-2021-21037 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2021-09-08 | 6.8 MEDIUM | 7.8 HIGH |
| Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Path Traversal vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-33555 | 1 Pepperl-fuchs | 4 Wha-gw-f2d2-0-as- Z2-eth.eip, Wha-gw-f2d2-0-as- Z2-eth.eip Firmware, Wha-gw-f2d2-0-as-z2-eth and 1 more | 2021-09-08 | 5.0 MEDIUM | 7.5 HIGH |
| In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.7 the filename parameter is vulnerable to unauthenticated path traversal attacks, enabling read access to arbitrary files on the server. | |||||
| CVE-2021-38612 | 1 Nascent | 1 Remkon Device Manager | 2021-08-31 | 5.0 MEDIUM | 7.5 HIGH |
| In NASCENT RemKon Device Manager 4.0.0.0, a Directory Traversal vulnerability in a log-reading function in maintenance/readLog.php allows an attacker to read any file via a specialized URL. | |||||
| CVE-2021-23430 | 1 Startserver Project | 1 Startserver | 2021-08-31 | 5.0 MEDIUM | 7.5 HIGH |
| All versions of package startserver are vulnerable to Directory Traversal due to missing sanitization. | |||||
| CVE-2021-23423 | 1 Bikeshed Project | 1 Bikeshed | 2021-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| This affects the package bikeshed before 3.0.0. This can occur when an untrusted source file containing include, include-code or include-raw block is processed. The contents of arbitrary files could be disclosed in the HTML output. | |||||
| CVE-2021-38511 | 1 Tar Project | 1 Tar | 2021-08-18 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the tar crate before 0.4.36 for Rust. When symlinks are present in a TAR archive, extraction can create arbitrary directories via .. traversal. | |||||
| CVE-2018-17365 | 1 Seacms | 1 Seacms | 2021-08-17 | 6.4 MEDIUM | 7.5 HIGH |
| SeaCMS 6.64 and 7.2 allows remote attackers to delete arbitrary files via the filedir parameter. | |||||
| CVE-2021-21501 | 1 Apache | 1 Servicecomb | 2021-08-17 | 5.0 MEDIUM | 7.5 HIGH |
| Improper configuration will cause ServiceComb ServiceCenter Directory Traversal problem in ServcieCenter 1.x.x versions and fixed in 2.0.0. | |||||
| CVE-2015-2074 | 1 Sap | 1 Businessobjects Edge | 2021-08-13 | 5.0 MEDIUM | 7.5 HIGH |
| The File Repository Server (FRS) CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to write to arbitrary files via a full pathname, aka SAP Note 2018681. | |||||
| CVE-2015-2073 | 1 Sap | 1 Businessobjects Edge | 2021-08-13 | 5.0 MEDIUM | 7.5 HIGH |
| The File RepositoRy Server (FRS) CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to read arbitrary files via a full pathname, aka SAP Note 2018682. | |||||
| CVE-2021-37367 | 1 Ctparental Project | 1 Ctparental | 2021-08-13 | 4.6 MEDIUM | 7.8 HIGH |
| CTparental before 4.45.07 is affected by a code execution vulnerability in the CTparental admin panel. Because The file "bl_categories_help.php" is vulnerable to directory traversal, an attacker can create a file that contains scripts and run arbitrary commands. | |||||
| CVE-2021-32016 | 1 Jump-technology | 1 Asset Management | 2021-08-12 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in JUMP AMS 3.6.0.04.009-2487. A JUMP SOAP endpoint permitted the writing of arbitrary files to a user-controlled location on the remote filesystem (with user-controlled content) via directory traversal, potentially leading to remote code and command execution. | |||||
| CVE-2021-35397 | 1 Drogon | 1 Drogon | 2021-08-11 | 5.0 MEDIUM | 7.5 HIGH |
| A path traversal vulnerability in the static router for Drogon from 1.0.0-beta14 to 1.6.0 could allow an unauthenticated, remote attacker to arbitrarily read files. The vulnerability is due to lack of proper input validation for requested path. An attacker could exploit this vulnerability by sending crafted HTTP request with specific path to read. Successful exploitation could allow the attacker to read files that should be restricted. | |||||
| CVE-2020-19304 | 1 Metinfo | 1 Metinfo | 2021-08-11 | 5.0 MEDIUM | 7.5 HIGH |
| An issue in /admin/index.php?n=system&c=filept&a=doGetFileList of Metinfo v7.0.0 allows attackers to perform a directory traversal and access sensitive information. | |||||
| CVE-2021-32814 | 1 Skytable | 1 Skytable | 2021-08-11 | 9.4 HIGH | 8.1 HIGH |
| Skytable is a NoSQL database with automated snapshots and TLS. Versions prior to 0.5.1 are vulnerable to a a directory traversal attack enabling remotely connected clients to destroy and/or manipulate critical files on the host's file system. This security bug has been patched in version 0.5.1. There are no known workarounds aside from upgrading. | |||||
| CVE-2020-3383 | 1 Cisco | 1 Data Center Network Manager | 2021-08-06 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability in the archive utility of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. The vulnerability is due to a lack of proper input validation of paths that are embedded within archive files. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to write arbitrary files in the system with the privileges of the logged-in user. | |||||
| CVE-2021-37441 | 1 Nch | 1 Axon Pbx | 2021-08-06 | 6.5 MEDIUM | 8.8 HIGH |
| NCH Axon PBX v2.22 and earlier allows path traversal for file deletion via the logdelete?file=/.. substring. | |||||
| CVE-2021-23407 | 1 Elfinder.net.core Project | 1 Elfinder.net.core | 2021-08-05 | 5.0 MEDIUM | 7.5 HIGH |
| This affects the package elFinder.Net.Core from 0 and before 1.2.4. The user-controlled file name is not properly sanitized before it is used to create a file system path. | |||||
| CVE-2021-23415 | 1 Elfinder.aspnet Project | 1 Elfinder.aspnet | 2021-08-04 | 5.0 MEDIUM | 7.5 HIGH |
| This affects the package elFinder.AspNet before 1.1.1. The user-controlled file name is not properly sanitized before it is used to create a file system path. | |||||
| CVE-2021-37447 | 1 Nchsoftware | 1 Quorum | 2021-08-04 | 5.5 MEDIUM | 8.1 HIGH |
| In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via documentdelete?file=/.. for file deletion. | |||||
| CVE-2017-2627 | 2 Openstack, Redhat | 2 Tripleo-common, Openstack | 2021-08-04 | 7.2 HIGH | 8.2 HIGH |
| A flaw was found in openstack-tripleo-common as shipped with Red Hat Openstack Enterprise 10 and 11. The sudoers file as installed with OSP's openstack-tripleo-common package is much too permissive. It contains several lines for the mistral user that have wildcards that allow directory traversal with '..' and it grants full passwordless root access to the validations user. | |||||
| CVE-2021-35962 | 1 Secom | 2 Door Access Control, Personnel Attendance System | 2021-08-02 | 5.0 MEDIUM | 7.5 HIGH |
| Specific page parameters in Dr. ID Door Access Control and Personnel Attendance Management system does not filter special characters. Remote attackers can apply Path Traversal means to download credential files from the system without permission. | |||||
| CVE-2021-37444 | 1 Nchsoftware | 1 Ivm Attendant | 2021-07-30 | 6.5 MEDIUM | 8.8 HIGH |
| NCH IVM Attendant v5.12 and earlier suffers from a directory traversal weakness upon uploading plugins in a ZIP archive. This can lead to code execution if a ZIP element's pathname is set to a Windows startup folder, a file for the inbuilt Out-Going Message function, or a file for the the inbuilt Autodial function. | |||||
| CVE-2021-37443 | 1 Nchsoftware | 1 Ivm Attendant | 2021-07-30 | 5.5 MEDIUM | 8.1 HIGH |
| NCH IVM Attendant v5.12 and earlier allows path traversal via the logdeleteselected check0 parameter for file deletion. | |||||
| CVE-2021-32633 | 2 Plone, Zope | 2 Plone, Zope | 2021-07-30 | 6.5 MEDIUM | 8.8 HIGH |
| Zope is an open-source web application server. In Zope versions prior to 4.6 and 5.2, users can access untrusted modules indirectly through Python modules that are available for direct use. By default, only users with the Manager role can add or edit Zope Page Templates through the web, but sites that allow untrusted users to add/edit Zope Page Templates through the web are at risk from this vulnerability. The problem has been fixed in Zope 5.2 and 4.6. As a workaround, a site administrator can restrict adding/editing Zope Page Templates through the web using the standard Zope user/role permission mechanisms. Untrusted users should not be assigned the Zope Manager role and adding/editing Zope Page Templates through the web should be restricted to trusted users only. | |||||
| CVE-2021-35054 | 1 Minecraft | 1 Minecraft | 2021-07-28 | 4.3 MEDIUM | 7.5 HIGH |
| Minecraft before 1.17.1, when online-mode=false is configured, allows path traversal for deletion of arbitrary JSON files. | |||||
| CVE-2021-34820 | 1 Aat | 1 Novus Management System | 2021-07-28 | 5.0 MEDIUM | 7.5 HIGH |
| Web Path Directory Traversal in the Novus HTTP Server. The Novus HTTP Server is affected by the Directory Traversal for Arbitrary File Access vulnerability. A remote, unauthenticated attacker using an HTTP GET request may be able to exploit this issue to access sensitive data. The issue was discovered in the NMS (Novus Management System) software through 1.51.2 | |||||
| CVE-2021-32769 | 1 Objectcomputing | 1 Micronaut | 2021-07-27 | 5.0 MEDIUM | 7.5 HIGH |
| Micronaut is a JVM-based, full stack Java framework designed for building JVM applications. A path traversal vulnerability exists in versions prior to 2.5.9. With a basic configuration, it is possible to access any file from a filesystem, using "/../../" in the URL. This occurs because Micronaut does not restrict file access to configured paths. The vulnerability is patched in version 2.5.9. As a workaround, do not use `**` in mapping, use only `*`, which exposes only flat structure of a directory not allowing traversal. If using Linux, another workaround is to run micronaut in chroot. | |||||
| CVE-2020-24056 | 1 Verint | 6 4320, 4320 Firmware, 5620ptz and 3 more | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| A hardcoded credentials vulnerability exists in Verint 5620PTZ Verint_FW_0_42, Verint 4320 V4320_FW_0_23, V4320_FW_0_31, and Verint S5120FD Verint_FW_0_42units. This could cause a confidentiality issue when using the FTP, Telnet, or SSH protocols. | |||||
| CVE-2020-24053 | 1 Moog | 4 Exvf5c-2, Exvf5c-2 Firmware, Exvp7c2-3 and 1 more | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Moog EXO Series EXVF5C-2 and EXVP7C2-3 units have a hardcoded credentials vulnerability. This could cause a confidentiality issue when using the FTP, Telnet, or SSH protocols. | |||||
| CVE-2020-24144 | 1 Media File Organizer Project | 1 Media File Organizer | 2021-07-10 | 5.0 MEDIUM | 8.6 HIGH |
| Directory traversal in the Media File Organizer (aka media-file-organizer) plugin 1.0.1 for WordPress lets an attacker get access to files that are stored outside the web root folder via the items[] parameter in a move operation. | |||||