Search
Total
4706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-28209 | 1 Asus | 88 Asmb9-ikvm, Asmb9-ikvm Firmware, E700 G4 and 85 more | 2021-04-14 | 6.8 MEDIUM | 4.9 MEDIUM |
| The specific function in ASUS BMC’s firmware Web management page (Delete video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files. | |||||
| CVE-2021-28208 | 1 Asus | 88 Asmb9-ikvm, Asmb9-ikvm Firmware, E700 G4 and 85 more | 2021-04-14 | 6.8 MEDIUM | 4.9 MEDIUM |
| The specific function in ASUS BMC’s firmware Web management page (Get video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files. | |||||
| CVE-2021-28207 | 1 Asus | 88 Asmb9-ikvm, Asmb9-ikvm Firmware, E700 G4 and 85 more | 2021-04-14 | 6.8 MEDIUM | 4.9 MEDIUM |
| The specific function in ASUS BMC’s firmware Web management page (Get Help file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files. | |||||
| CVE-2021-28206 | 1 Asus | 88 Asmb9-ikvm, Asmb9-ikvm Firmware, E700 G4 and 85 more | 2021-04-14 | 6.8 MEDIUM | 4.9 MEDIUM |
| The specific function in ASUS BMC’s firmware Web management page (Record video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files. | |||||
| CVE-2021-28205 | 1 Asus | 6 Asmb8-ikvm, Asmb8-ikvm Firmware, Z10pe-d16 Ws and 3 more | 2021-04-14 | 6.8 MEDIUM | 4.9 MEDIUM |
| The specific function in ASUS BMC’s firmware Web management page (Delete SOL video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files. | |||||
| CVE-2020-24137 | 1 Wcms | 1 Wcms | 2021-04-13 | 5.0 MEDIUM | 5.3 MEDIUM |
| Directory traversal vulnerability in Wcms 0.3.2 allows an attacker to read arbitrary files on the server that is running an application via the path parameter to wex/cssjs.php. | |||||
| CVE-2014-3460 | 1 Microfocus | 2 Sentinel, Sentinel Agent Manager | 2021-04-13 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in the DumpToFile method in the NQMcsVarSet ActiveX control in Agent Manager in NetIQ Sentinel allows remote attackers to create arbitrary files, and consequently execute arbitrary code, via a crafted pathname. | |||||
| CVE-2012-5931 | 1 Microfocus | 1 Privileged User Manager | 2021-04-13 | 5.5 MEDIUM | N/A |
| Directory traversal vulnerability in the set_log_config function in regclnt.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 allows remote authenticated users to create or overwrite arbitrary files via directory traversal sequences in a log pathname. | |||||
| CVE-2021-20692 | 1 Eikisoft | 1 Archive Collectively Operation Utility | 2021-04-12 | 5.8 MEDIUM | 7.1 HIGH |
| Directory traversal vulnerability in Archive collectively operation utility Ver.2.10.1.0 and earlier allows an attacker to create or overwrite files by leading a user to expand a malicious ZIP archives. | |||||
| CVE-2011-1654 | 1 Broadcom | 1 Total Defense | 2021-04-12 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in the Heartbeat Web Service in CA.Itm.Server.ManagementWS.dll in the Management Server in CA Total Defense (TD) r12 before SE2 allows remote attackers to execute arbitrary code via directory traversal sequences in the GUID parameter in an upload request to FileUploadHandler.ashx. | |||||
| CVE-2008-2241 | 2 Broadcom, Ca | 4 Brightstor Arcserve Backup, Server Protection Suite, Brightstor Arcserve Backup and 1 more | 2021-04-09 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in caloggerd in CA BrightStor ARCServe Backup 11.0, 11.1, and 11.5 allows remote attackers to append arbitrary data to arbitrary files via directory traversal sequences in unspecified input fields, which are used in log messages. NOTE: this can be leveraged for code execution in many installation environments by writing to a startup file or configuration file. | |||||
| CVE-2008-4397 | 2 Broadcom, Ca | 5 Arcserve Backup, Business Protection Suite, Server Protection Suite and 2 more | 2021-04-09 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in the RPC interface (asdbapi.dll) in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to execute arbitrary commands via a .. (dot dot) in an RPC call with opnum 0x10A. | |||||
| CVE-2021-28172 | 1 Deltaflow Project | 1 Deltaflow | 2021-04-09 | 5.0 MEDIUM | 7.5 HIGH |
| There is a Path Traversal vulnerability in the file download function of Vangene deltaFlow E-platform. Remote attackers can access credential data with this leakage. | |||||
| CVE-2020-13419 | 1 Openiam | 1 Openiam | 2021-04-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| OpenIAM before 4.2.0.3 allows Directory Traversal in the Batch task. | |||||
| CVE-2020-21590 | 1 Wuzhicms | 1 Wuzhicms | 2021-04-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| Directory traversal in coreframe/app/template/admin/index.php in WUZHI CMS 4.1.0 allows attackers to list files in arbitrary directories via the dir parameter. | |||||
| CVE-2007-5005 | 2 Broadcom, Ca | 3 Brightstor Arcserve Backup Laptops Desktops, Desktop Management Suite, Protection Suites | 2021-04-08 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in rxRPC.dll in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 allows remote attackers to upload and overwrite arbitrary files via a ..\ (dot dot backslash) sequence in the destination filename argument to sub-function 8 in the rxrReceiveFileFromServer command. | |||||
| CVE-2021-3374 | 1 Rstudio | 1 Shiny Server | 2021-04-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| Directory traversal in RStudio Shiny Server before 1.5.16 allows attackers to read the application source code, involving an encoded slash. | |||||
| CVE-2021-26714 | 1 Mitel | 1 Micontact Center Enterprise | 2021-04-01 | 7.5 HIGH | 9.8 CRITICAL |
| The Enterprise License Manager portal in Mitel MiContact Center Enterprise before 9.4 could allow a user to access restricted files and folders due to insufficient access control. A successful exploit could allow an attacker to view and modify application data via Directory Traversal. | |||||
| CVE-2021-25367 | 1 Samsung | 1 Notes | 2021-03-30 | 5.5 MEDIUM | 5.4 MEDIUM |
| Path Traversal vulnerability in Samsung Notes prior to version 4.2.00.22 allows attackers to access local files without permission. | |||||
| CVE-2021-27272 | 1 Netgear | 1 Prosafe Network Management System | 2021-03-30 | 7.5 HIGH | 7.1 HIGH |
| This vulnerability allows remote attackers to delete arbitrary files on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the ReportTemplateController class. When parsing the path parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-12123. | |||||
| CVE-2021-27276 | 1 Netgear | 1 Prosafe Network Management System | 2021-03-30 | 5.5 MEDIUM | 7.1 HIGH |
| This vulnerability allows remote attackers to delete arbitrary files on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the MibController class. When parsing the realName parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-12122. | |||||
| CVE-2021-27275 | 1 Netgear | 1 Prosafe Network Management System | 2021-03-30 | 6.5 MEDIUM | 8.3 HIGH |
| This vulnerability allows remote attackers to disclose sensitive information and delete arbitrary files on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the ConfigFileController class. When parsing the realName parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose sensitive information or to create a denial-of-service condition on the system. Was ZDI-CAN-12125. | |||||
| CVE-2020-23161 | 1 Pyres | 2 Termod4, Termod4 Firmware | 2021-03-30 | 4.0 MEDIUM | 6.5 MEDIUM |
| Local file inclusion in Pyrescom Termod4 time management devices before 10.04k allows authenticated remote attackers to traverse directories and read sensitive files via the Maintenance > Logs menu and manipulating the file-path in the URL. | |||||
| CVE-2021-1435 | 1 Cisco | 1 Ios Xe | 2021-03-29 | 9.0 HIGH | 7.2 HIGH |
| A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to inject arbitrary commands that can be executed as the root user. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted request to the web UI of an affected device with arbitrary commands injected into a portion of the request. A successful exploit could allow the attacker to execute arbitrary commands as the root user. | |||||
| CVE-2021-1436 | 1 Cisco | 1 Ios Xe | 2021-03-29 | 4.7 MEDIUM | 4.4 MEDIUM |
| A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to conduct path traversal attacks and obtain read access to sensitive files on an affected system. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to an affected system. A successful exploit could allow the attacker to view arbitrary files on the affected system. | |||||
| CVE-2021-21402 | 1 Jellyfin | 1 Jellyfin | 2021-03-27 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jellyfin is a Free Software Media System. In Jellyfin before version 10.7.1, with certain endpoints, well crafted requests will allow arbitrary file read from a Jellyfin server's file system. This issue is more prevalent when Windows is used as the host OS. Servers that are exposed to the public Internet are potentially at risk. This is fixed in version 10.7.1. As a workaround, users may be able to restrict some access by enforcing strict security permissions on their filesystem, however, it is recommended to update as soon as possible. | |||||
| CVE-2020-26279 | 1 Protocol | 1 Go-ipfs | 2021-03-27 | 5.5 MEDIUM | 8.1 HIGH |
| go-ipfs is an open-source golang implementation of IPFS which is a global, versioned, peer-to-peer filesystem. In go-ipfs before version 0.8.0-rc1, it is possible for path traversal to occur with DAGs containing relative paths during retrieval. This can cause files to be overwritten, or written to incorrect output directories. The issue can only occur when a get is done on an affected DAG. This is fixed in version 0.8.0-rc1. | |||||
| CVE-2020-15809 | 1 Spinetix | 11 Diva, Diva Firmware, Dsos and 8 more | 2021-03-26 | 4.0 MEDIUM | 6.5 MEDIUM |
| spxmanage on certain SpinetiX devices allows requests that access unintended resources because of SSRF and Path Traversal. This affects HMP350, HMP300, and DiVA through 4.5.2-1.0.36229; HMP400 and HMP400W through 4.5.2-1.0.2-1eb2ffbd; and DSOS through 4.5.2-1.0.2-1eb2ffbd. | |||||
| CVE-2020-10584 | 1 Invigo | 1 Automatic Device Management | 2021-03-26 | 5.0 MEDIUM | 7.5 HIGH |
| A directory traversal on the /admin/search_by.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote attackers to read arbitrary server files accessible to the user running the application. | |||||
| CVE-2020-10579 | 1 Invigo | 1 Automatic Device Management | 2021-03-26 | 5.0 MEDIUM | 7.5 HIGH |
| A directory traversal on the /admin/sysmon.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote attackers to list the content of arbitrary server directories accessible to the user running the application. | |||||
| CVE-2020-27871 | 1 Solarwinds | 1 Orion Platform | 2021-03-26 | 9.0 HIGH | 7.2 HIGH |
| This vulnerability allows remote attackers to create arbitrary files on affected installations of SolarWinds Orion Platform 2020.2.1. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within VulnerabilitySettings.aspx. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-11902. | |||||
| CVE-2021-21357 | 1 Typo3 | 1 Typo3 | 2021-03-26 | 6.5 MEDIUM | 8.3 HIGH |
| TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 8.7.40, 9.5.25, 10.4.14, 11.1.1 due to improper input validation, attackers can by-pass restrictions of predefined options and submit arbitrary data in the Form Designer backend module of the Form Framework. In the default configuration of the Form Framework this allows attackers to explicitly allow arbitrary mime-types for file uploads - however, default _fileDenyPattern_ successfully blocked files like _.htaccess_ or _malicious.php_. Besides that, attackers can persist those files in any writable directory of the corresponding TYPO3 installation. A valid backend user account with access to the form module is needed to exploit this vulnerability. This is fixed in versions 8.7.40, 9.5.25, 10.4.14, 11.1.1. | |||||
| CVE-2020-27870 | 1 Solarwinds | 1 Orion Platform | 2021-03-26 | 4.0 MEDIUM | 6.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of SolarWinds Orion Platform 2020.2.1. Authentication is required to exploit this vulnerability. The specific flaw exists within ExportToPDF.aspx. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. Was ZDI-CAN-11917. | |||||
| CVE-2021-20218 | 1 Redhat | 9 A-mq Online, Build Of Quarkus, Codeready Studio and 6 more | 2021-03-25 | 5.8 MEDIUM | 7.4 HIGH |
| A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after. This flaw allows a malicious pod/container to cause applications using the fabric8 kubernetes-client `copy` command to extract files outside the working path. The highest threat from this vulnerability is to integrity and system availability. This has been fixed in kubernetes-client-4.13.2 kubernetes-client-5.0.2 kubernetes-client-4.11.2 kubernetes-client-4.7.2 | |||||
| CVE-2017-1000170 | 1 Jqueryfiletree Project | 1 Jqueryfiletree | 2021-03-25 | 5.0 MEDIUM | 7.5 HIGH |
| jqueryFileTree 2.1.5 and older Directory Traversal | |||||
| CVE-2010-4399 | 1 Dynpg | 1 Dynpg | 2021-03-25 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in languages.inc.php in DynPG CMS 4.1.1 and 4.2.0, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the CHG_DYNPG_SET_LANGUAGE parameter to index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2019-10161 | 2 Canonical, Redhat | 5 Ubuntu Linux, Enterprise Linux, Libvirt and 2 more | 2021-03-25 | 7.2 HIGH | 7.8 HIGH |
| It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use this to probe the existence of arbitrary files, cause denial of service or cause libvirtd to execute arbitrary programs. | |||||
| CVE-2021-3178 | 3 Debian, Fedoraproject, Linux | 3 Debian Linux, Fedora, Linux Kernel | 2021-03-25 | 5.5 MEDIUM | 6.5 MEDIUM |
| ** DISPUTED ** fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPLUS. NOTE: some parties argue that such a subdirectory export is not intended to prevent this attack; see also the exports(5) no_subtree_check default behavior. | |||||
| CVE-2020-29556 | 1 Getgrav | 1 Grav Cms | 2021-03-25 | 2.1 LOW | 5.5 MEDIUM |
| The Backup functionality in Grav CMS through 1.7.0-rc.17 allows an authenticated attacker to read arbitrary local files on the underlying server by exploiting a path-traversal technique. (This vulnerability can also be exploited by an unauthenticated attacker due to a lack of CSRF protection.) | |||||
| CVE-2020-29555 | 1 Getgrav | 1 Grav Cms | 2021-03-25 | 5.5 MEDIUM | 8.1 HIGH |
| The BackupDelete functionality in Grav CMS through 1.7.0-rc.17 allows an authenticated attacker to delete arbitrary files on the underlying server by exploiting a path-traversal technique. (This vulnerability can also be exploited by an unauthenticated attacker due to a lack of CSRF protection.) | |||||
| CVE-2014-8801 | 1 Strangerstudios | 1 Paid Memberships Pro | 2021-03-23 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in services/getfile.php in the Paid Memberships Pro plugin before 1.7.15 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the QUERY_STRING in a getfile action to wp-admin/admin-ajax.php. | |||||
| CVE-2021-22651 | 2 Luxion, Siemens | 8 Keyshot, Keyshot Network Rendering, Keyshot Viewer and 5 more | 2021-03-23 | 6.8 MEDIUM | 7.8 HIGH |
| When loading a specially crafted file, Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are, while processing the extraction of temporary files, suffering from a directory traversal vulnerability, which allows an attacker to store arbitrary scripts into automatic startup folders. | |||||
| CVE-2020-13924 | 1 Apache | 1 Ambari | 2021-03-23 | 5.0 MEDIUM | 7.5 HIGH |
| In Apache Ambari versions 2.6.2.2 and earlier, malicious users can construct file names for directory traversal and traverse to other directories to download files. | |||||
| CVE-2019-12457 | 1 Afian | 1 Filerun | 2021-03-23 | 5.0 MEDIUM | 5.3 MEDIUM |
| FileRun 2019.05.21 allows images/extjs Directory Listing. This issue has been fixed in FileRun 2019.06.01. | |||||
| CVE-2019-12458 | 1 Afian | 1 Filerun | 2021-03-23 | 5.0 MEDIUM | 5.3 MEDIUM |
| FileRun 2019.05.21 allows css/ext-ux Directory Listing. This issue has been fixed in FileRun 2019.06.01. | |||||
| CVE-2019-12459 | 1 Afian | 1 Filerun | 2021-03-23 | 5.0 MEDIUM | 5.3 MEDIUM |
| FileRun 2019.05.21 allows customizables/plugins/audio_player Directory Listing. This issue has been fixed in FileRun 2019.06.01. | |||||
| CVE-2021-23357 | 1 Tyk | 1 Tyk | 2021-03-18 | 4.6 MEDIUM | 5.3 MEDIUM |
| All versions of package github.com/tyktechnologies/tyk/gateway are vulnerable to Directory Traversal via the handleAddOrUpdateApi function. This function is able to delete arbitrary JSON files on the disk where Tyk is running via the management API. The APIID is provided by the user and this value is then used to create a file on disk. If there is a file found with the same name then it will be deleted and then re-created with the contents of the API creation request. | |||||
| CVE-2020-17518 | 1 Apache | 1 Flink | 2021-03-18 | 5.0 MEDIUM | 7.5 HIGH |
| Apache Flink 1.5.1 introduced a REST handler that allows you to write an uploaded file to an arbitrary location on the local file system, through a maliciously modified HTTP HEADER. The files can be written to any location accessible by Flink 1.5.1. All users should upgrade to Flink 1.11.3 or 1.12.0 if their Flink instance(s) are exposed. The issue was fixed in commit a5264a6f41524afe8ceadf1d8ddc8c80f323ebc4 from apache/flink:master. | |||||
| CVE-2021-20669 | 1 Weseek | 1 Growi | 2021-03-17 | 6.5 MEDIUM | 4.7 MEDIUM |
| Path traversal vulnerability in GROWI versions v4.2.2 and earlier allows an attacker with administrator rights to read and/or delete an arbitrary path via a specially crafted URL. | |||||
| CVE-2020-5016 | 1 Ibm | 1 Websphere Application Server | 2021-03-17 | 3.5 LOW | 6.5 MEDIUM |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. When application security is disabled and JAX-RPC applications are present, an attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary xml files on the system. This does not occur if Application security is enabled. IBM X-Force ID: 193556. | |||||