Search
Total
4706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-34638 | 1 Wpdownloadmanager | 1 Wordpress Download Manager | 2021-08-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| Authenticated Directory Traversal in WordPress Download Manager <= 3.1.24 allows authenticated (Contributor+) users to obtain sensitive configuration file information, as well as allowing Author+ users to perform XSS attacks, by setting Download template to a file containing configuration information or an uploaded JavaScript with an image extension This issue affects: WordPress Download Manager version 3.1.24 and prior versions. | |||||
| CVE-2015-9266 | 2 Ubnt, Ui | 23 Airos 4 Xs2, Airos 4 Xs5, Edgeswitch Xp Firmware and 20 more | 2021-08-12 | 10.0 HIGH | 9.8 CRITICAL |
| The web management interface of Ubiquiti airMAX, airFiber, airGateway and EdgeSwitch XP (formerly TOUGHSwitch) allows an unauthenticated attacker to upload and write arbitrary files using directory traversal techniques. An attacker can exploit this vulnerability to gain root privileges. This vulnerability is fixed in the following product versions (fixes released in July 2015, all prior versions are affected): airMAX AC 7.1.3; airMAX M (and airRouter) 5.6.2 XM/XW/TI, 5.5.11 XM/TI, and 5.5.10u2 XW; airGateway 1.1.5; airFiber AF24/AF24HD 2.2.1, AF5x 3.0.2.1, and AF5 2.2.1; airOS 4 XS2/XS5 4.0.4; and EdgeSwitch XP (formerly TOUGHSwitch) 1.3.2. | |||||
| CVE-2021-32016 | 1 Jump-technology | 1 Asset Management | 2021-08-12 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in JUMP AMS 3.6.0.04.009-2487. A JUMP SOAP endpoint permitted the writing of arbitrary files to a user-controlled location on the remote filesystem (with user-controlled content) via directory traversal, potentially leading to remote code and command execution. | |||||
| CVE-2021-32018 | 1 Jump-technology | 1 Asset Management | 2021-08-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in JUMP AMS 3.6.0.04.009-2487. The JUMP SOAP API was vulnerable to arbitrary file reading due to an improper limitation of file loading on the server filesystem, aka directory traversal. | |||||
| CVE-2021-35397 | 1 Drogon | 1 Drogon | 2021-08-11 | 5.0 MEDIUM | 7.5 HIGH |
| A path traversal vulnerability in the static router for Drogon from 1.0.0-beta14 to 1.6.0 could allow an unauthenticated, remote attacker to arbitrarily read files. The vulnerability is due to lack of proper input validation for requested path. An attacker could exploit this vulnerability by sending crafted HTTP request with specific path to read. Successful exploitation could allow the attacker to read files that should be restricted. | |||||
| CVE-2020-19304 | 1 Metinfo | 1 Metinfo | 2021-08-11 | 5.0 MEDIUM | 7.5 HIGH |
| An issue in /admin/index.php?n=system&c=filept&a=doGetFileList of Metinfo v7.0.0 allows attackers to perform a directory traversal and access sensitive information. | |||||
| CVE-2021-36157 | 1 Linuxfoundation | 1 Cortex | 2021-08-11 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Grafana Cortex through 1.9.0. The header value X-Scope-OrgID is used to construct file paths for rules files, and if crafted to conduct directory traversal such as ae ../../sensitive/path/in/deployment pathname, then Cortex will attempt to parse a rules file at that location and include some of the contents in the error message. (Other Cortex API requests can also be sent a malicious OrgID header, e.g., tricking the ingester into writing metrics to a different location, but the effect is nuisance rather than information disclosure.) | |||||
| CVE-2021-32814 | 1 Skytable | 1 Skytable | 2021-08-11 | 9.4 HIGH | 8.1 HIGH |
| Skytable is a NoSQL database with automated snapshots and TLS. Versions prior to 0.5.1 are vulnerable to a a directory traversal attack enabling remotely connected clients to destroy and/or manipulate critical files on the host's file system. This security bug has been patched in version 0.5.1. There are no known workarounds aside from upgrading. | |||||
| CVE-2021-24010 | 1 Fortinet | 1 Fortisandbox | 2021-08-11 | 4.0 MEDIUM | 6.5 MEDIUM |
| Improper limitation of a pathname to a restricted directory vulnerabilities in FortiSandbox 3.2.0 through 3.2.2, and 3.1.0 through 3.1.4 may allow an authenticated user to obtain unauthorized access to files and data via specifially crafted web requests. | |||||
| CVE-2021-36168 | 1 Fortinet | 1 Fortiportal | 2021-08-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| A Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Fortinet FortiPortal 6.x before 6.0.5, FortiPortal 5.3.x before 5.3.6 and any FortiPortal before 6.2.5 allows authenticated attacker to disclosure information via crafted GET request with malicious parameter values. | |||||
| CVE-2020-1735 | 1 Redhat | 4 Ansible, Ansible Tower, Cloudforms Management Engine and 1 more | 2021-08-07 | 3.6 LOW | 4.6 MEDIUM |
| A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable. | |||||
| CVE-2020-3383 | 1 Cisco | 1 Data Center Network Manager | 2021-08-06 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability in the archive utility of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. The vulnerability is due to a lack of proper input validation of paths that are embedded within archive files. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to write arbitrary files in the system with the privileges of the logged-in user. | |||||
| CVE-2019-17640 | 1 Eclipse | 1 Vert.x | 2021-08-06 | 7.5 HIGH | 9.8 CRITICAL |
| In Eclipse Vert.x 3.4.x up to 3.9.4, 4.0.0.milestone1, 4.0.0.milestone2, 4.0.0.milestone3, 4.0.0.milestone4, 4.0.0.milestone5, 4.0.0.Beta1, 4.0.0.Beta2, and 4.0.0.Beta3, StaticHandler doesn't correctly processes back slashes on Windows Operating systems, allowing, escape the webroot folder to the current working directory. | |||||
| CVE-2021-37441 | 1 Nch | 1 Axon Pbx | 2021-08-06 | 6.5 MEDIUM | 8.8 HIGH |
| NCH Axon PBX v2.22 and earlier allows path traversal for file deletion via the logdelete?file=/.. substring. | |||||
| CVE-2021-35521 | 1 Idemia | 12 Morphowave Compact Md, Morphowave Compact Md Firmware, Morphowave Compact Mdpi and 9 more | 2021-08-06 | 4.9 MEDIUM | 5.9 MEDIUM |
| A path traversal in Thrift command handlers in IDEMIA Morpho Wave Compact and VisionPass devices before 2.6.2 allows remote authenticated attackers to achieve denial of services and information disclosure via TCP/IP packets. | |||||
| CVE-2021-37440 | 1 Nch | 1 Axon Pbx | 2021-08-05 | 4.0 MEDIUM | 6.5 MEDIUM |
| NCH Axon PBX v2.22 and earlier allows path traversal for file disclosure via the logprop?file=/.. substring. | |||||
| CVE-2021-37439 | 1 Nch | 1 Flexiserver | 2021-08-05 | 4.0 MEDIUM | 6.5 MEDIUM |
| NCH FlexiServer v6.00 suffers from a syslog?file=/.. path traversal vulnerability. | |||||
| CVE-2021-37469 | 1 Nch | 1 Webdictate | 2021-08-05 | 4.0 MEDIUM | 6.5 MEDIUM |
| In NCH WebDictate v2.13 and earlier, authenticated users can abuse logprop?file=/.. path traversal to read files on the filesystem. | |||||
| CVE-2021-23407 | 1 Elfinder.net.core Project | 1 Elfinder.net.core | 2021-08-05 | 5.0 MEDIUM | 7.5 HIGH |
| This affects the package elFinder.Net.Core from 0 and before 1.2.4. The user-controlled file name is not properly sanitized before it is used to create a file system path. | |||||
| CVE-2021-23415 | 1 Elfinder.aspnet Project | 1 Elfinder.aspnet | 2021-08-04 | 5.0 MEDIUM | 7.5 HIGH |
| This affects the package elFinder.AspNet before 1.1.1. The user-controlled file name is not properly sanitized before it is used to create a file system path. | |||||
| CVE-2021-37446 | 1 Nchsoftware | 1 Quorum | 2021-08-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via documentprop?file=/.. for file reading. | |||||
| CVE-2021-37447 | 1 Nchsoftware | 1 Quorum | 2021-08-04 | 5.5 MEDIUM | 8.1 HIGH |
| In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via documentdelete?file=/.. for file deletion. | |||||
| CVE-2017-2627 | 2 Openstack, Redhat | 2 Tripleo-common, Openstack | 2021-08-04 | 7.2 HIGH | 8.2 HIGH |
| A flaw was found in openstack-tripleo-common as shipped with Red Hat Openstack Enterprise 10 and 11. The sudoers file as installed with OSP's openstack-tripleo-common package is much too permissive. It contains several lines for the mistral user that have wildcards that allow directory traversal with '..' and it grants full passwordless root access to the validations user. | |||||
| CVE-2021-30483 | 1 Isomorphic-git | 1 Isomorphic-git | 2021-08-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| isomorphic-git before 1.8.2 allows Directory Traversal via a crafted repository. | |||||
| CVE-2021-35962 | 1 Secom | 2 Door Access Control, Personnel Attendance System | 2021-08-02 | 5.0 MEDIUM | 7.5 HIGH |
| Specific page parameters in Dr. ID Door Access Control and Personnel Attendance Management system does not filter special characters. Remote attackers can apply Path Traversal means to download credential files from the system without permission. | |||||
| CVE-2020-5370 | 1 Dell | 1 Emc Openmanage Enterprise | 2021-08-02 | 6.0 MEDIUM | 6.8 MEDIUM |
| Dell EMC OpenManage Enterprise (OME) versions prior to 3.4 contain an arbitrary file overwrite vulnerability. A remote authenticated malicious user with high privileges could potentially exploit this vulnerability to overwrite arbitrary files via directory traversal sequences using a crafted tar file to inject malicious RPMs which may cause a denial of service or perform unauthorized actions. | |||||
| CVE-2021-21586 | 1 Dell | 1 Wyse Management Suite | 2021-07-31 | 6.8 MEDIUM | 6.5 MEDIUM |
| Wyse Management Suite versions 3.2 and earlier contain an absolute path traversal vulnerability. A remote authenticated malicious user could exploit this vulnerability in order to read arbitrary files on the system. | |||||
| CVE-2021-22867 | 1 Github | 1 Enterprise Server | 2021-07-31 | 4.0 MEDIUM | 6.5 MEDIUM |
| A path traversal vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it possible to read files on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.1.3 and was fixed in 3.1.3, 3.0.11, and 2.22.17. This vulnerability was reported via the GitHub Bug Bounty program. | |||||
| CVE-2021-37442 | 1 Nchsoftware | 1 Ivm Attendant | 2021-07-30 | 4.0 MEDIUM | 6.5 MEDIUM |
| NCH IVM Attendant v5.12 and earlier allows path traversal via viewfile?file=/.. to read files. | |||||
| CVE-2021-37444 | 1 Nchsoftware | 1 Ivm Attendant | 2021-07-30 | 6.5 MEDIUM | 8.8 HIGH |
| NCH IVM Attendant v5.12 and earlier suffers from a directory traversal weakness upon uploading plugins in a ZIP archive. This can lead to code execution if a ZIP element's pathname is set to a Windows startup folder, a file for the inbuilt Out-Going Message function, or a file for the the inbuilt Autodial function. | |||||
| CVE-2021-37443 | 1 Nchsoftware | 1 Ivm Attendant | 2021-07-30 | 5.5 MEDIUM | 8.1 HIGH |
| NCH IVM Attendant v5.12 and earlier allows path traversal via the logdeleteselected check0 parameter for file deletion. | |||||
| CVE-2021-37445 | 1 Nchsoftware | 1 Quorum | 2021-07-30 | 4.0 MEDIUM | 6.5 MEDIUM |
| In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via logprop?file=/.. for file reading. | |||||
| CVE-2021-32633 | 2 Plone, Zope | 2 Plone, Zope | 2021-07-30 | 6.5 MEDIUM | 8.8 HIGH |
| Zope is an open-source web application server. In Zope versions prior to 4.6 and 5.2, users can access untrusted modules indirectly through Python modules that are available for direct use. By default, only users with the Manager role can add or edit Zope Page Templates through the web, but sites that allow untrusted users to add/edit Zope Page Templates through the web are at risk from this vulnerability. The problem has been fixed in Zope 5.2 and 4.6. As a workaround, a site administrator can restrict adding/editing Zope Page Templates through the web using the standard Zope user/role permission mechanisms. Untrusted users should not be assigned the Zope Manager role and adding/editing Zope Page Templates through the web should be restricted to trusted users only. | |||||
| CVE-2021-35968 | 1 Learningdigital | 1 Orca Hcm | 2021-07-29 | 4.0 MEDIUM | 4.3 MEDIUM |
| The directory list page parameter of the Orca HCM digital learning platform fails to filter special characters properly. Remote attackers can access the system directory thru Path Traversal with users’ privileges. | |||||
| CVE-2021-35967 | 1 Learningdigital | 1 Orca Hcm | 2021-07-29 | 5.0 MEDIUM | 5.3 MEDIUM |
| The directory page parameter of the Orca HCM digital learning platform does not filter special characters. Remote attackers can access the system directory thru Path Traversal without logging in. | |||||
| CVE-2021-35054 | 1 Minecraft | 1 Minecraft | 2021-07-28 | 4.3 MEDIUM | 7.5 HIGH |
| Minecraft before 1.17.1, when online-mode=false is configured, allows path traversal for deletion of arbitrary JSON files. | |||||
| CVE-2021-34820 | 1 Aat | 1 Novus Management System | 2021-07-28 | 5.0 MEDIUM | 7.5 HIGH |
| Web Path Directory Traversal in the Novus HTTP Server. The Novus HTTP Server is affected by the Directory Traversal for Arbitrary File Access vulnerability. A remote, unauthenticated attacker using an HTTP GET request may be able to exploit this issue to access sensitive data. The issue was discovered in the NMS (Novus Management System) software through 1.51.2 | |||||
| CVE-2021-24447 | 1 Silkypress | 1 Wp Image Zoom | 2021-07-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| The WP Image Zoom WordPress plugin before 1.47 did not validate its tab parameter before using it in the include_once() function, leading to a local file inclusion issue in the admin dashboard | |||||
| CVE-2017-9640 | 2 Automatedlogic, Carrier | 3 I-vu, Sitescan Web, Automatedlogic Webctrl | 2021-07-27 | 6.5 MEDIUM | 6.3 MEDIUM |
| A Path Traversal issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web prior to 6.5; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An authenticated attacker may be able to overwrite files that are used to execute code. This vulnerability does not affect version 6.5 of the software. | |||||
| CVE-2021-32769 | 1 Objectcomputing | 1 Micronaut | 2021-07-27 | 5.0 MEDIUM | 7.5 HIGH |
| Micronaut is a JVM-based, full stack Java framework designed for building JVM applications. A path traversal vulnerability exists in versions prior to 2.5.9. With a basic configuration, it is possible to access any file from a filesystem, using "/../../" in the URL. This occurs because Micronaut does not restrict file access to configured paths. The vulnerability is patched in version 2.5.9. As a workaround, do not use `**` in mapping, use only `*`, which exposes only flat structure of a directory not allowing traversal. If using Linux, another workaround is to run micronaut in chroot. | |||||
| CVE-2020-8159 | 1 Rubyonrails | 1 Actionpack Page-caching | 2021-07-23 | 7.5 HIGH | 9.8 CRITICAL |
| There is a vulnerability in actionpack_page-caching gem < v1.2.1 that allows an attacker to write arbitrary files to a web server, potentially resulting in remote code execution if the attacker can write unescaped ERB to a view. | |||||
| CVE-2012-2421 | 2 Intuit, Microsoft | 2 Quickbooks, Internet Explorer | 2021-07-23 | 1.8 LOW | N/A |
| Absolute path traversal vulnerability in the intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, might allow remote attackers to read arbitrary files in ZIP archives via a full pathname in the URI. | |||||
| CVE-2020-12265 | 1 Decompress Project | 1 Decompress | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| The decompress package before 4.2.1 for Node.js is vulnerable to Arbitrary File Write via ../ in an archive member, when a symlink is used, because of Directory Traversal. | |||||
| CVE-2019-7429 | 1 Property Rental Software Project | 1 Property Rental Software | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| PHP Scripts Mall Property Rental Software 2.1.4 has directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2016/08 directory. | |||||
| CVE-2019-7434 | 1 Rental Bike Script Project | 1 Rental Bike Script | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| PHP Scripts Mall Rental Bike Script 2.0.3 has directory traversal via a direct request for a listing of an uploads directory. | |||||
| CVE-2019-7436 | 1 Opensource Classified Ads Script Project | 1 Opensource Classified Ads Script | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| PHP Scripts Mall Opensource Classified Ads Script 3.2.2 has directory traversal via a direct request for a listing of an uploads directory. | |||||
| CVE-2020-24053 | 1 Moog | 4 Exvf5c-2, Exvf5c-2 Firmware, Exvp7c2-3 and 1 more | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Moog EXO Series EXVF5C-2 and EXVP7C2-3 units have a hardcoded credentials vulnerability. This could cause a confidentiality issue when using the FTP, Telnet, or SSH protocols. | |||||
| CVE-2020-24056 | 1 Verint | 6 4320, 4320 Firmware, 5620ptz and 3 more | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| A hardcoded credentials vulnerability exists in Verint 5620PTZ Verint_FW_0_42, Verint 4320 V4320_FW_0_23, V4320_FW_0_31, and Verint S5120FD Verint_FW_0_42units. This could cause a confidentiality issue when using the FTP, Telnet, or SSH protocols. | |||||
| CVE-2019-7431 | 1 Image Sharing Script Project | 1 Image Sharing Script | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| PHP Scripts Mall Image Sharing Script 1.3.4 has directory traversal via a direct request for a listing of an uploads directory. | |||||
| CVE-2019-9552 | 1 Eloan Project | 1 Eloan | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| Eloan V3.0 through 2018-09-20 allows remote attackers to list files via a direct request to the p2p/api/ or p2p/lib/ or p2p/images/ URI. | |||||