Search
Total
4706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-36156 | 1 Grafana | 1 Loki | 2021-09-14 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Grafana Loki through 2.2.1. The header value X-Scope-OrgID is used to construct file paths for rules files, and if crafted to conduct directory traversal such as ae ../../sensitive/path/in/deployment pathname, then Loki will attempt to parse a rules file at that location and include some of the contents in the error message. | |||||
| CVE-2020-11420 | 2 Abb, Generex | 4 Cs141, Cs141 Firmware, Cs141 and 1 more | 2021-09-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| UPS Adapter CS141 before 1.90 allows Directory Traversal. An attacker with Admin or Engineer login credentials could exploit the vulnerability by manipulating variables that reference files and by doing this achieve access to files and directories outside the web root folder. An attacker may access arbitrary files and directories stored in the file system, but integrity of the files are not jeopardized as attacker have read access rights only. | |||||
| CVE-2021-34436 | 1 Eclipse | 1 Theia | 2021-09-14 | 7.5 HIGH | 9.8 CRITICAL |
| In Eclipse Theia 0.1.1 to 0.2.0, it is possible to exploit the default build to obtain remote code execution (and XXE) via the theia-xml-extension. This extension uses lsp4xml (recently renamed to LemMinX) in order to provide language support for XML. This is installed by default. | |||||
| CVE-2020-24143 | 1 Ninjateam | 1 Video Downloader For Tiktok | 2021-09-13 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal in the Video Downloader for TikTok (aka downloader-tiktok) plugin 1.3 for WordPress lets an attacker get access to files that are stored outside the web root folder via the njt-tk-download-video parameter. | |||||
| CVE-2014-5068 | 1 Microsemi | 2 S350i, S350i Firmware | 2021-09-13 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in the web application in Symmetricom s350i 2.70.15 allows remote attackers to read arbitrary files via a (1) ../ (dot dot slash) or (2) ..\ (dot dot forward slash) before a file name. | |||||
| CVE-2017-8007 | 1 Dell | 4 Emc M\&r, Emc Storage Monitoring And Reporting, Emc Vipr Srm and 1 more | 2021-09-13 | 6.5 MEDIUM | 8.8 HIGH |
| In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Webservice Gateway is affected by a directory traversal vulnerability. Attackers with knowledge of Webservice Gateway credentials could potentially exploit this vulnerability to access unauthorized information, and modify or delete data, by supplying specially crafted strings in input parameters of the web service call. | |||||
| CVE-2017-5168 | 1 Hanwha-security | 1 Smart Security Manager | 2021-09-13 | 5.1 MEDIUM | 7.5 HIGH |
| An issue was discovered in Hanwha Techwin Smart Security Manager Versions 1.5 and prior. Multiple Path Traversal vulnerabilities have been identified. The flaws exist within the ActiveMQ Broker service that is installed as part of the product. By issuing specific HTTP requests, if a user visits a malicious page, an attacker can gain access to arbitrary files on the server. Smart Security Manager Versions 1.4 and prior to 1.31 are affected by these vulnerabilities. These vulnerabilities can allow for remote code execution. | |||||
| CVE-2021-39109 | 1 Atlassian | 1 Atlasboard | 2021-09-10 | 5.0 MEDIUM | 7.5 HIGH |
| The renderWidgetResource resource in Atlasian Atlasboard before version 1.1.9 allows remote attackers to read arbitrary files via a path traversal vulnerability. | |||||
| CVE-2016-6269 | 1 Trendmicro | 1 Smart Protection Server | 2021-09-09 | 7.5 HIGH | 9.1 CRITICAL |
| Multiple directory traversal vulnerabilities in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allow remote attackers to read and delete arbitrary files via the tmpfname parameter to (1) log_mgt_adhocquery_ajaxhandler.php, (2) log_mgt_ajaxhandler.php, (3) log_mgt_ajaxhandler.php or (4) tf parameter to wcs_bwlists_handler.php. | |||||
| CVE-2017-9024 | 1 Secure-bytes | 1 Secure Cisco Auditor | 2021-09-09 | 5.0 MEDIUM | 7.5 HIGH |
| Secure Bytes Cisco Configuration Manager, as bundled in Secure Bytes Secure Cisco Auditor (SCA) 3.0, has a Directory Traversal issue in its TFTP Server, allowing attackers to read arbitrary files via ../ sequences in a pathname. | |||||
| CVE-2018-1266 | 1 Cloudfoundry | 1 Capi-release | 2021-09-09 | 6.5 MEDIUM | 8.1 HIGH |
| Cloud Foundry Cloud Controller, versions prior to 1.52.0, contains information disclosure and path traversal vulnerabilities. An authenticated malicious user can predict the location of application blobs and leverage path traversal to create a malicious application that has the ability to overwrite arbitrary files on the Cloud Controller instance. | |||||
| CVE-2015-8798 | 1 Broadcom | 5 Symantec Critical System Protection, Symantec Data Center Security Server, Symantec Data Center Security Server And Agents and 2 more | 2021-09-09 | 7.7 HIGH | 8.0 HIGH |
| Directory traversal vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allows remote authenticated users to execute arbitrary code via unspecified vectors. | |||||
| CVE-2015-8799 | 1 Broadcom | 5 Symantec Critical System Protection, Symantec Data Center Security Server, Symantec Data Center Security Server And Agents and 2 more | 2021-09-09 | 7.1 HIGH | 7.6 HIGH |
| Directory traversal vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allows remote authenticated users to write update-package data to arbitrary agent locations via unspecified vectors. | |||||
| CVE-2021-20206 | 1 Linuxfoundation | 1 Container Network Interface | 2021-09-09 | 6.5 MEDIUM | 7.2 HIGH |
| An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the 'type' field in the network configuration, it is possible to use special elements such as "../" separators to reference binaries elsewhere on the system. This flaw allows an attacker to execute other existing binaries other than the cni plugins/types, such as 'reboot'. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | |||||
| CVE-2018-9109 | 1 Std42 | 1 Elfinder | 2021-09-09 | 7.5 HIGH | 9.1 CRITICAL |
| Studio 42 elFinder before 2.1.36 has a directory traversal vulnerability in elFinder.class.php with the zipdl() function that can allow a remote attacker to download files accessible by the web server process and delete files owned by the account running the web server process. | |||||
| CVE-2018-9110 | 1 Std42 | 1 Elfinder | 2021-09-09 | 7.5 HIGH | 9.1 CRITICAL |
| Studio 42 elFinder before 2.1.37 has a directory traversal vulnerability in elFinder.class.php with the zipdl() function that can allow a remote attacker to download files accessible by the web server process and delete files owned by the account running the web server process. NOTE: this issue exists because of an incomplete fix for CVE-2018-9109. | |||||
| CVE-2018-10897 | 2 Redhat, Rpm | 5 Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Workstation and 2 more | 2021-09-09 | 9.3 HIGH | 8.1 HIGH |
| A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. If reposync is running with heightened privileges on a targeted system, this flaw could potentially result in system compromise via the overwriting of critical system files. Version 1.1.31 and older are believed to be affected. | |||||
| CVE-2021-39180 | 1 Frentix | 1 Openolat | 2021-09-09 | 9.0 HIGH | 8.8 HIGH |
| OpenOLAT is a web-based learning management system (LMS). A path traversal vulnerability exists in versions prior to 15.3.18, 15.5.3, and 16.0.0. Using a specially prepared ZIP file, it is possible to overwrite any file that is writable by the application server user (e.g. the tomcat user). Depending on the configuration this can be limited to files of the OpenOlat user data directory, however, if not properly set up, the attack could also be used to overwrite application server config files, java code or even operating system files. The attack could be used to corrupt or modify any OpenOlat file such as course structures, config files or temporary test data. Those attack would require in-depth knowledge of the installation and thus more theoretical. If the app server configuration allows the execution of jsp files and the path to the context is known, it is also possible to execute java code. If the app server runs with the same user that is used to deploy the OpenOlat code or has write permissions on the OpenOlat code files and the path to the context is know, code injection is possible. The attack requires an OpenOlat user account to upload a ZIP file and trigger the unzip method. It can not be exploited by unregistered users. The problem is fixed in versions 15.3.18, 15.5.3 and 16.0.0. There are no known workarounds aside from upgrading. | |||||
| CVE-2018-9010 | 1 Intelbras | 4 Tip200, Tip200 Firmware, Tip200lite and 1 more | 2021-09-09 | 4.0 MEDIUM | 7.2 HIGH |
| Intelbras TELEFONE IP TIP200/200 LITE 60.0.75.29 devices allow remote authenticated admins to read arbitrary files via the /cgi-bin/cgiServer.exx page parameter, aka absolute path traversal. In some cases, authentication can be achieved via the admin account with its default admin password. | |||||
| CVE-2021-36031 | 1 Adobe | 2 Adobe Commerce, Magento Open Source | 2021-09-08 | 6.5 MEDIUM | 7.2 HIGH |
| Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a Path Traversal vulnerability via the `theme[preview_image]` parameter. An attacker with admin privileges could leverage this vulnerability to achieve remote code execution. | |||||
| CVE-2021-21037 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2021-09-08 | 6.8 MEDIUM | 7.8 HIGH |
| Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Path Traversal vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-33555 | 1 Pepperl-fuchs | 4 Wha-gw-f2d2-0-as- Z2-eth.eip, Wha-gw-f2d2-0-as- Z2-eth.eip Firmware, Wha-gw-f2d2-0-as-z2-eth and 1 more | 2021-09-08 | 5.0 MEDIUM | 7.5 HIGH |
| In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.7 the filename parameter is vulnerable to unauthenticated path traversal attacks, enabling read access to arbitrary files on the server. | |||||
| CVE-2021-38612 | 1 Nascent | 1 Remkon Device Manager | 2021-08-31 | 5.0 MEDIUM | 7.5 HIGH |
| In NASCENT RemKon Device Manager 4.0.0.0, a Directory Traversal vulnerability in a log-reading function in maintenance/readLog.php allows an attacker to read any file via a specialized URL. | |||||
| CVE-2021-23430 | 1 Startserver Project | 1 Startserver | 2021-08-31 | 5.0 MEDIUM | 7.5 HIGH |
| All versions of package startserver are vulnerable to Directory Traversal due to missing sanitization. | |||||
| CVE-2020-19547 | 1 Popojicms | 1 Popojicms | 2021-08-30 | 4.0 MEDIUM | 6.5 MEDIUM |
| Directory Traversal vulnerability exists in PopojiCMS 2.0.1 via the id parameter in admin.php. | |||||
| CVE-2020-8567 | 3 Google, Hashicorp, Microsoft | 3 Secret Manager Provider For Secret Store Csi Driver, Vault Provider For Secrets Store Csi Driver, Azure Key Vault Provider For Secrets Store Csi Driver | 2021-08-27 | 4.0 MEDIUM | 6.5 MEDIUM |
| Kubernetes Secrets Store CSI Driver Vault Plugin prior to v0.0.6, Azure Plugin prior to v0.0.10, and GCP Plugin prior to v0.2.0 allow an attacker who can create specially-crafted SecretProviderClass objects to write to arbitrary file paths on the host filesystem, including /var/lib/kubelet/pods. | |||||
| CVE-2021-24549 | 1 Aceide Project | 1 Aceide | 2021-08-26 | 4.0 MEDIUM | 4.9 MEDIUM |
| The AceIDE WordPress plugin through 2.6.2 does not sanitise or validate the user input which is appended to system paths before using it in various actions, such as to read arbitrary files from the server. This allows high privilege users such as administrator to access any file on the web server outside of the blog directory via a path traversal attack. | |||||
| CVE-2015-1834 | 2 Cloudfoundry, Pivotal Software | 2 Cf-release, Cloud Foundry Elastic Runtime | 2021-08-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| A path traversal vulnerability was identified in the Cloud Foundry component Cloud Controller that affects cf-release versions prior to v208 and Pivotal Cloud Foundry Elastic Runtime versions prior to 1.4.2. Path traversal is the 'outbreak' of a given directory structure through relative file paths in the user input. It aims at accessing files and directories that are stored outside the web root folder, for disallowed reading or even executing arbitrary system commands. An attacker could use a certain parameter of the file path for instance to inject '../' sequences in order to navigate through the file system. In this particular case a remote authenticated attacker can exploit the identified vulnerability in order to upload arbitrary files to the server running a Cloud Controller instance - outside the isolated application container. | |||||
| CVE-2010-1951 | 1 60cyclecms Project | 1 60cyclecms | 2021-08-25 | 6.8 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in 60cycleCMS allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the DOCUMENT_ROOT parameter to (1) news.php, (2) submitComment.php, and (3) sqlConnect.php. | |||||
| CVE-2020-18878 | 1 Skycaiji | 1 Skycaiji | 2021-08-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| Directory Traversal in Skycaiji v1.3 allows remote attackers to obtain sensitive information via the component 'index.php?m=admin&c=Tool&a=log&file=D%3A%5CphpStudy%5CWWW%5Cindex.php'. | |||||
| CVE-2020-23069 | 1 Webtareas Project | 1 Webtareas | 2021-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| Path Traversal vulneraility exists in webTareas 2.0 via the extpath parameter in general_serv.php, which could let a malicious user read arbitrary files. | |||||
| CVE-2021-22933 | 1 Pulsesecure | 1 Pulse Connect Secure | 2021-08-24 | 5.5 MEDIUM | 6.5 MEDIUM |
| A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform an arbitrary file delete via a maliciously crafted web request. | |||||
| CVE-2021-23423 | 1 Bikeshed Project | 1 Bikeshed | 2021-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| This affects the package bikeshed before 3.0.0. This can occur when an untrusted source file containing include, include-code or include-raw block is processed. The contents of arbitrary files could be disclosed in the HTML output. | |||||
| CVE-2021-27402 | 1 Mitel | 1 Micollab | 2021-08-23 | 6.4 MEDIUM | 6.5 MEDIUM |
| The SAS Admin portal of Mitel MiCollab before 9.2 FP2 could allow an unauthenticated attacker to access (view and modify) user data by injecting arbitrary directory paths due to improper URL validation, aka Directory Traversal. | |||||
| CVE-2021-24363 | 1 10web | 1 Photo Gallery | 2021-08-23 | 4.0 MEDIUM | 4.9 MEDIUM |
| The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordPress plugin before 1.5.75 did not ensure that uploaded files are kept inside its uploads folder, allowing high privilege users to put images/SVG anywhere in the filesystem via a path traversal vector | |||||
| CVE-2021-38511 | 1 Tar Project | 1 Tar | 2021-08-18 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the tar crate before 0.4.36 for Rust. When symlinks are present in a TAR archive, extraction can create arbitrary directories via .. traversal. | |||||
| CVE-2021-22674 | 1 Advantech | 1 Webaccess\/scada | 2021-08-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| The affected product is vulnerable to a relative path traversal condition, which may allow an attacker access to unauthorized files and directories on the WebAccess/SCADA (WebAccess/SCADA versions prior to 8.4.5, WebAccess/SCADA versions prior to 9.0.1). | |||||
| CVE-2021-31731 | 1 Kitesky | 1 Kitecms | 2021-08-17 | 5.5 MEDIUM | 6.5 MEDIUM |
| A directory traversal issue in KiteCMS 1.1.1 allows remote administrators to overwrite arbitrary files via ../ in the path parameter to index.php/admin/Template/fileedit, with PHP code in the html parameter. | |||||
| CVE-2020-23172 | 1 Kuba Project | 1 Kuba | 2021-08-17 | 4.3 MEDIUM | 5.5 MEDIUM |
| A vulnerability in all versions of Kuba allows attackers to overwrite arbitrary files in arbitrary directories with crafted Zip files due to improper validation of file paths in .zip archives. | |||||
| CVE-2018-17365 | 1 Seacms | 1 Seacms | 2021-08-17 | 6.4 MEDIUM | 7.5 HIGH |
| SeaCMS 6.64 and 7.2 allows remote attackers to delete arbitrary files via the filedir parameter. | |||||
| CVE-2021-21501 | 1 Apache | 1 Servicecomb | 2021-08-17 | 5.0 MEDIUM | 7.5 HIGH |
| Improper configuration will cause ServiceComb ServiceCenter Directory Traversal problem in ServcieCenter 1.x.x versions and fixed in 2.0.0. | |||||
| CVE-2021-38197 | 1 Go-unarr Project | 1 Go-unarr | 2021-08-16 | 10.0 HIGH | 9.8 CRITICAL |
| unarr.go in go-unarr (aka Go bindings for unarr) 0.1.1 allows Directory Traversal via ../ in a pathname within a TAR archive. | |||||
| CVE-2015-2074 | 1 Sap | 1 Businessobjects Edge | 2021-08-13 | 5.0 MEDIUM | 7.5 HIGH |
| The File Repository Server (FRS) CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to write to arbitrary files via a full pathname, aka SAP Note 2018681. | |||||
| CVE-2015-2073 | 1 Sap | 1 Businessobjects Edge | 2021-08-13 | 5.0 MEDIUM | 7.5 HIGH |
| The File RepositoRy Server (FRS) CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to read arbitrary files via a full pathname, aka SAP Note 2018682. | |||||
| CVE-2021-37367 | 1 Ctparental Project | 1 Ctparental | 2021-08-13 | 4.6 MEDIUM | 7.8 HIGH |
| CTparental before 4.45.07 is affected by a code execution vulnerability in the CTparental admin panel. Because The file "bl_categories_help.php" is vulnerable to directory traversal, an attacker can create a file that contains scripts and run arbitrary commands. | |||||
| CVE-2021-38136 | 1 Corero | 1 Securewatch Managed Services | 2021-08-13 | 4.0 MEDIUM | 6.5 MEDIUM |
| Corero SecureWatch Managed Services 9.7.2.0020 is affected by a Path Traversal vulnerability via the snap_file parameter in the /it-IT/splunkd/__raw/services/get_snapshot HTTP API endpoint. A ‘low privileged’ attacker can read any file on the target host. | |||||
| CVE-2018-1261 | 1 Vmware | 1 Spring Integration Zip | 2021-08-12 | 4.0 MEDIUM | 4.7 MEDIUM |
| Spring-integration-zip versions prior to 1.0.1 exposes an arbitrary file write vulnerability, which can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z) that holds path traversal filenames. So when the filename gets concatenated to the target extraction directory, the final path ends up outside of the target folder. | |||||
| CVE-2018-1263 | 1 Vmware | 1 Spring Integration Zip | 2021-08-12 | 4.0 MEDIUM | 4.7 MEDIUM |
| Addresses partial fix in CVE-2018-1261. Pivotal spring-integration-zip, versions prior to 1.0.2, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z), that holds path traversal filenames. So when the filename gets concatenated to the target extraction directory, the final path ends up outside of the target folder. | |||||
| CVE-2016-1223 | 1 Trendmicro | 3 Officescan, Worry-free Business Security, Worry-free Business Security Services | 2021-08-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| Directory traversal vulnerability in Trend Micro Office Scan 11.0, Worry-Free Business Security Service 5.x, and Worry-Free Business Security 9.0 allows remote attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2021-25311 | 1 Wisc | 1 Htcondor | 2021-08-12 | 9.0 HIGH | 9.9 CRITICAL |
| condor_credd in HTCondor before 8.9.11 allows Directory Traversal outside the SEC_CREDENTIAL_DIRECTORY_OAUTH directory, as demonstrated by creating a file under /etc that will later be executed by root. | |||||