Search
Total
4706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-24626 | 1 Hpe | 1 Utility Computing Service Meter | 2020-09-29 | 7.5 HIGH | 9.8 CRITICAL |
| Unathenticated directory traversal in the ReceiverServlet class doPost() method can lead to arbitrary remote code execution in HPE Pay Per Use (PPU) Utility Computing Service (UCS) Meter version 1.9. | |||||
| CVE-2020-24625 | 1 Hpe | 1 Utility Computing Service Meter | 2020-09-29 | 5.0 MEDIUM | 7.5 HIGH |
| Unathenticated directory traversal in the ReceiverServlet class doGet() method can lead to arbitrary file reads in HPE Pay Per Use (PPU) Utility Computing Service (UCS) Meter version 1.9. | |||||
| CVE-2020-24624 | 1 Hpe | 1 Utility Computing Service Meter | 2020-09-29 | 5.0 MEDIUM | 7.5 HIGH |
| Unathenticated directory traversal in the DownloadServlet class execute() method can lead to arbitrary file reads in HPE Pay Per Use (PPU) Utility Computing Service (UCS) Meter version 1.9. | |||||
| CVE-2020-14028 | 1 Ozeki | 1 Ozeki Ng Sms Gateway | 2020-09-26 | 9.0 HIGH | 7.2 HIGH |
| An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. By leveraging a path traversal vulnerability in the Autoreply module's Script Name, an attacker may write to or overwrite arbitrary files, with arbitrary content, usually with NT AUTHORITY\SYSTEM privileges. | |||||
| CVE-2020-15643 | 1 Marvell | 1 Qconvergeconsole | 2020-09-25 | 9.0 HIGH | 8.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the saveAsText method of the GWTTestServiceImpl class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-10549. | |||||
| CVE-2020-12640 | 1 Roundcube | 1 Webmail | 2020-09-24 | 7.5 HIGH | 9.8 CRITICAL |
| Roundcube Webmail before 1.4.4 allows attackers to include local files and execute code via directory traversal in a plugin name to rcube_plugin_api.php. | |||||
| CVE-2020-25734 | 1 Webtareas Project | 1 Webtareas | 2020-09-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| webTareas through 2.1 allows files/Default/ Directory Listing. | |||||
| CVE-2020-5605 | 1 Buffalo | 2 Airstation Whr-g54s, Airstation Whr-g54s Firmware | 2020-09-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| Directory traversal vulnerability in WHR-G54S firmware 1.43 and earlier allows an attacker to access sensitive information such as setting values via unspecified vectors. | |||||
| CVE-2020-15182 | 2 Soy Cms Project, Soy Inquiry Project | 2 Soy Cms, Soy Inquiry | 2020-09-23 | 6.8 MEDIUM | 9.6 CRITICAL |
| The SOY Inquiry component of SOY CMS is affected by Cross-site Request Forgery (CSRF) and Remote Code Execution (RCE). The vulnerability affects versions 2.0.0.3 and earlier of SOY Inquiry. This allows remote attackers to force the administrator to edit files once the administrator loads a specially crafted webpage. An administrator must be logged in for exploitation to be possible. This issue is fixed in SOY Inquiry version 2.0.0.4 and included in SOY CMS 3.0.2.328. | |||||
| CVE-2020-7529 | 1 Schneider-electric | 1 Scadapack 7x Remote Connect | 2020-09-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| A CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Transversal') vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which allows an attacker to place content in any unprotected folder on the target system using a crafted .RCZ file. | |||||
| CVE-2018-19365 | 1 Wowza | 1 Streaming Engine | 2020-09-18 | 5.0 MEDIUM | 7.5 HIGH |
| The REST API in Wowza Streaming Engine 4.7.4.01 allows traversal of the directory structure and retrieval of a file via a remote, specifically crafted HTTP request. | |||||
| CVE-2020-2275 | 1 Jenkins | 1 Copy Data To Workspace | 2020-09-18 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Copy data to workspace Plugin 1.0 and earlier does not limit which directories can be copied from the Jenkins controller to job workspaces, allowing attackers with Job/Configure permission to read arbitrary files on the Jenkins controller. | |||||
| CVE-2020-2254 | 1 Jenkins | 1 Blue Ocean | 2020-09-18 | 3.5 LOW | 6.5 MEDIUM |
| Jenkins Blue Ocean Plugin 1.23.2 and earlier provides an undocumented feature flag that, when enabled, allows an attacker with Job/Configure or Job/Create permission to read arbitrary files on the Jenkins controller file system. | |||||
| CVE-2020-2277 | 1 Jenkins | 1 Storable Configs | 2020-09-18 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Storable Configs Plugin 1.0 and earlier allows users with Job/Read permission to read arbitrary files on the Jenkins controller. | |||||
| CVE-2020-2278 | 1 Jenkins | 1 Storable Configs | 2020-09-18 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Storable Configs Plugin 1.0 and earlier does not restrict the user-specified file name, allowing attackers with Job/Configure permission to replace any other '.xml' file on the Jenkins controller with a job config.xml file's content. | |||||
| CVE-2018-15450 | 1 Cisco | 1 Prime Collaboration | 2020-09-16 | 5.5 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the web-based UI of Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to overwrite files on the file system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by using a specific UI input field to provide a custom path location. A successful exploit could allow the attacker to overwrite files on the file system. | |||||
| CVE-2018-13980 | 1 Zeta-producer | 1 Zeta Producer | 2020-09-16 | 2.1 LOW | 5.5 MEDIUM |
| The websites that were built from Zeta Producer Desktop CMS before 14.2.1 are vulnerable to unauthenticated file disclosure if the plugin "filebrowser" is installed, because of assets/php/filebrowser/filebrowser.main.php?file=../ directory traversal. | |||||
| CVE-2020-4711 | 1 Ibm | 1 Spectrum Protect Plus | 2020-09-16 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 187501. | |||||
| CVE-2020-3365 | 1 Cisco | 1 Enterprise Network Function Virtualization Infrastructure | 2020-09-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the directory permissions of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to perform a directory traversal attack on a limited set of restricted directories. The vulnerability is due to a flaw in the logic that governs directory permissions. An attacker could exploit this vulnerability by using capabilities that are not controlled by the role-based access control (RBAC) mechanisms of the software. A successful exploit could allow the attacker to overwrite files on an affected device. | |||||
| CVE-2020-7669 | 1 U-root | 1 U-root | 2020-09-08 | 5.0 MEDIUM | 7.5 HIGH |
| This affects all versions of package github.com/u-root/u-root/pkg/tarutil. It is vulnerable to both leading and non-leading relative path traversal attacks in tar file extraction. | |||||
| CVE-2020-7665 | 1 U-root | 1 U-root | 2020-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| This affects all versions of package github.com/u-root/u-root/pkg/uzip. It is vulnerable to both leading and non-leading relative path traversal attacks in zip file extraction. | |||||
| CVE-2020-7666 | 1 U-root | 1 U-root | 2020-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| This affects all versions of package github.com/u-root/u-root/pkg/cpio. It is vulnerable to leading, non-leading relative path traversal attacks and symlink based (relative and absolute) path traversal attacks in cpio file extraction. | |||||
| CVE-2020-7521 | 1 Schneider-electric | 1 Apc Easy Ups Online Software | 2020-09-04 | 7.5 HIGH | 9.8 CRITICAL |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in SFAPV9601 - APC Easy UPS On-Line Software (V2.0 and earlier) when accessing a vulnerable method of `FileUploadServlet` which may lead to uploading executable files to non-specified directories. | |||||
| CVE-2020-7522 | 1 Schneider-electric | 1 Apc Easy Ups Online Software | 2020-09-04 | 7.5 HIGH | 9.8 CRITICAL |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in SFAPV9601 - APC Easy UPS On-Line Software (V2.0 and earlier) when accessing a vulnerable method of `SoundUploadServlet` which may lead to uploading executable files to non-specified directories. | |||||
| CVE-2012-3337 | 1 Ibm | 1 Infosphere Guardium | 2020-09-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM InfoSphere Guardium 8.0, 8.01, and 8.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to download arbitrary files on the system. IBM X-Force ID: 78284. | |||||
| CVE-2020-3490 | 1 Cisco | 1 Vision Dynamic Signage Director | 2020-09-04 | 6.8 MEDIUM | 4.9 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an authenticated, remote attacker with administrative privileges to conduct directory traversal attacks and obtain read access to sensitive files on an affected system. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to read files on the underlying operating system with root privileges. To exploit this vulnerability, the attacker would need to have administrative privileges on the affected system. | |||||
| CVE-2019-8074 | 1 Adobe | 1 Coldfusion | 2020-09-04 | 10.0 HIGH | 9.8 CRITICAL |
| ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Path Traversal vulnerability. Successful exploitation could lead to Access Control Bypass in the context of the current user. | |||||
| CVE-2020-15858 | 1 Thalesgroup | 18 Bgs5, Bgs5 Firmware, Ehs5 and 15 more | 2020-09-03 | 3.6 LOW | 6.4 MEDIUM |
| Some devices of Thales DIS (formerly Gemalto, formerly Cinterion) allow Directory Traversal by physically proximate attackers. The directory path access check of the internal flash file system can be circumvented. This flash file system can store application-specific data and data needed for customer Java applications, TLS and OTAP (Java over-the-air-provisioning) functionality. The affected products and releases are: BGS5 up to and including SW RN 02.000 / ARN 01.001.06 EHSx and PDSx up to and including SW RN 04.003 / ARN 01.000.04 ELS61 up to and including SW RN 02.002 / ARN 01.000.04 ELS81 up to and including SW RN 05.002 / ARN 01.000.04 PLS62 up to and including SW RN 02.000 / ARN 01.000.04 | |||||
| CVE-2020-15639 | 1 Marvell | 1 Qconvergeconsole | 2020-09-03 | 10.0 HIGH | 9.8 CRITICAL |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Authentication is not required to exploit this vulnerability. The specific flaw exists within the decryptFile method of the FlashValidatorServiceImpl class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-10496. | |||||
| CVE-2020-3440 | 1 Cisco | 1 Webex Meetings | 2020-09-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| A vulnerability in Cisco Webex Meetings Desktop App for Windows could allow an unauthenticated, remote attacker to overwrite arbitrary files on an end-user system. The vulnerability is due to improper validation of URL parameters that are sent from a website to the affected application. An attacker could exploit this vulnerability by persuading a user to follow a URL to a website that is designed to submit crafted input to the affected application. A successful exploit could allow the attacker to overwrite arbitrary files on the affected system, possibly corrupting or deleting critical system files. | |||||
| CVE-2020-7376 | 1 Rapid7 | 1 Metasploit | 2020-09-02 | 10.0 HIGH | 9.8 CRITICAL |
| The Metasploit Framework module "post/osx/gather/enum_osx module" is affected by a relative path traversal vulnerability in the get_keychains method which can be exploited to write arbitrary files to arbitrary locations on the host filesystem when the module is run on a malicious host. | |||||
| CVE-2020-7377 | 1 Rapid7 | 1 Metasploit | 2020-09-01 | 5.0 MEDIUM | 7.5 HIGH |
| The Metasploit Framework module "auxiliary/admin/http/telpho10_credential_dump" module is affected by a relative path traversal vulnerability in the untar method which can be exploited to write arbitrary files to arbitrary locations on the host file system when the module is run on a malicious HTTP server. | |||||
| CVE-2020-12456 | 1 Mitel | 1 Mivoice Connect | 2020-09-01 | 6.5 MEDIUM | 8.8 HIGH |
| A remote code execution vulnerability in Mitel MiVoice Connect Client before 214.100.1223.0 could allow an attacker to execute arbitrary code in the chat notification window, due to improper rendering of chat messages. A successful exploit could allow an attacker to steal session cookies, perform directory traversal, and execute arbitrary scripts in the context of the Connect client. | |||||
| CVE-2020-8913 | 1 Android | 1 Play Core Library | 2020-08-31 | 6.8 MEDIUM | 8.8 HIGH |
| A local, arbitrary code execution vulnerability exists in the SplitCompat.install endpoint in Android's Play Core Library versions prior to 1.7.2. A malicious attacker could create an apk which targets a specific application, and if a victim were to install this apk, the attacker could perform a directory traversal, execute code as the targeted application and access the targeted application's data on the Android device. We recommend all users update Play Core to version 1.7.2 or later. | |||||
| CVE-2020-16245 | 1 Advantech | 1 Iview | 2020-08-31 | 7.5 HIGH | 9.8 CRITICAL |
| Advantech iView, Versions 5.7 and prior. The affected product is vulnerable to path traversal vulnerabilities that could allow an attacker to create/download arbitrary files, limit system availability, and remotely execute code. | |||||
| CVE-2020-15640 | 1 Marvell | 1 Qconvergeconsole | 2020-08-28 | 5.0 MEDIUM | 7.5 HIGH |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole 5.5.0.64. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getFileUploadBytes method of the FlashValidatorServiceImpl class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-10497. | |||||
| CVE-2020-15641 | 1 Marvell | 1 Qconvergeconsole | 2020-08-28 | 5.0 MEDIUM | 7.5 HIGH |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole 5.5.0.64. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getFileUploadBytes method of the FlashValidatorServiceImpl class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-10499. | |||||
| CVE-2020-17387 | 1 Marvell | 1 Qconvergeconsole | 2020-08-28 | 9.0 HIGH | 8.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the writeObjectToConfigFile method of the GWTTestServiceImpl class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-10565. | |||||
| CVE-2020-17389 | 1 Marvell | 1 Qconvergeconsole | 2020-08-28 | 9.0 HIGH | 8.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the decryptFile method of the GWTTestServiceImpl class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-10502. | |||||
| CVE-2020-17385 | 1 Cellopoint | 1 Cellos | 2020-08-27 | 5.0 MEDIUM | 7.5 HIGH |
| Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL inputted properly, which allows unauthorized user to launch Path Traversal attack and access arbitrate file on the system. | |||||
| CVE-2020-24571 | 1 Nexusdb | 1 Nexusdb | 2020-08-26 | 5.0 MEDIUM | 7.5 HIGH |
| NexusQA NexusDB before 4.50.23 allows the reading of files via ../ directory traversal. | |||||
| CVE-2017-5541 | 1 Getsymphony | 1 Symphony | 2020-08-25 | 5.0 MEDIUM | 5.3 MEDIUM |
| Directory traversal vulnerability in template/usererror.missing_extension.php in Symphony CMS before 2.6.10 allows remote attackers to rename arbitrary files via a .. (dot dot) in the existing-folder and new-folder parameters. | |||||
| CVE-2010-2143 | 1 Getsymphony | 1 Symphony | 2020-08-25 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in index.php in Symphony CMS 2.0.7 allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the mode parameter. | |||||
| CVE-2020-19877 | 1 Dbhcms Project | 1 Dbhcms | 2020-08-25 | 5.0 MEDIUM | 5.3 MEDIUM |
| DBHcms v1.2.0 has a directory traversal vulnerability as there is no directory control function in directory /dbhcms/. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information. | |||||
| CVE-2018-19124 | 2 Microsoft, Prestashop | 2 Windows, Prestashop | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| PrestaShop 1.6.x before 1.6.1.23 and 1.7.x before 1.7.4.4 on Windows allows remote attackers to write to arbitrary image files. | |||||
| CVE-2019-9960 | 1 Limesurvey | 1 Limesurvey | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| The downloadZip function in application/controllers/admin/export.php in LimeSurvey through 3.16.1+190225 allows a relative path. | |||||
| CVE-2018-7422 | 1 Siteeditor | 1 Site Editor | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| A Local File Inclusion vulnerability in the Site Editor plugin through 1.1.1 for WordPress allows remote attackers to retrieve arbitrary files via the ajax_path parameter to editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php, aka absolute path traversal. | |||||
| CVE-2018-12530 | 1 Metinfo | 1 Metinfo | 2020-08-24 | 5.8 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in MetInfo 6.0.0. admin/app/batch/csvup.php allows remote attackers to delete arbitrary files via a flienamecsv=../ directory traversal. This can be exploited via CSRF. | |||||
| CVE-2019-19374 | 1 Squiz | 1 Matrix | 2020-08-24 | 7.5 HIGH | 9.1 CRITICAL |
| An issue was discovered in core/assets/form/form_question_types/form_question_type_file_upload/form_question_type_file_upload.inc in Squiz Matrix CMS 5.5.0 prior to 5.5.0.3, 5.5.1 prior to 5.5.1.8, 5.5.2 prior to 5.5.2.4, and 5.5.3 prior to 5.5.3.3 where a user can delete arbitrary files from the server during interaction with the File Upload field type, when a custom form exists. (This is related to an information disclosure issue within the File Upload field type that allows users to view the full path to uploaded files, including the product's web root directory.) | |||||
| CVE-2019-6111 | 5 Canonical, Debian, Openbsd and 2 more | 5 Ubuntu Linux, Debian Linux, Openssh and 2 more | 2020-08-24 | 5.8 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file). | |||||