Search
Total
4706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-46493 | 1 Evershop | 1 Evershop | 2023-12-12 | N/A | 5.3 MEDIUM |
| Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the readDirSync function in fileBrowser/browser.js. | |||||
| CVE-2023-6577 | 1 Byzoro | 2 Patrolflow-am-2530pro, Patrolflow-am-2530pro Firmware | 2023-12-12 | N/A | 4.3 MEDIUM |
| A vulnerability was found in Beijing Baichuo PatrolFlow 2530Pro up to 20231126. It has been rated as problematic. This issue affects some unknown processing of the file /log/mailsendview.php. The manipulation of the argument file with the input /boot/phpConfig/tb_admin.txt leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247157 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-6458 | 1 Mattermost | 1 Mattermost Server | 2023-12-12 | N/A | 9.8 CRITICAL |
| Mattermost webapp fails to validate route parameters in/<TEAM_NAME>/channels/<CHANNEL_NAME> allowing an attacker to perform a client-side path traversal. | |||||
| CVE-2023-33411 | 1 Supermicro | 724 B12dpe-6, B12dpe-6 Firmware, B12dpt-6 and 721 more | 2023-12-12 | N/A | 7.5 HIGH |
| A web server in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions up to 3.17.02, allows remote unauthenticated users to perform directory traversal, potentially disclosing sensitive information. | |||||
| CVE-2023-47440 | 1 Gladysassistant | 1 Gladys Assistant | 2023-12-12 | N/A | 6.5 MEDIUM |
| Gladys Assistant v4.27.0 and prior is vulnerable to Directory Traversal. The patch of CVE-2023-43256 was found to be incomplete, allowing authenticated attackers to extract sensitive files in the host machine. | |||||
| CVE-2023-46307 | 1 Buddho | 1 Etcd Browser | 2023-12-12 | N/A | 7.5 HIGH |
| An issue was discovered in server.js in etcd-browser 87ae63d75260. By supplying a /../../../ Directory Traversal input to the URL's GET request while connecting to the remote server port specified during setup, an attacker can retrieve local operating system files from the remote system. | |||||
| CVE-2020-25243 | 1 Siemens | 1 Logo\! Soft Comfort | 2023-12-12 | 7.2 HIGH | 5.1 MEDIUM |
| A vulnerability has been identified in LOGO! Soft Comfort (All versions < V8.4). A zip slip vulnerability could be triggered while importing a compromised project file to the affected software. Chained with other vulnerabilities this vulnerability could ultimately lead to a system takeover by an attacker. | |||||
| CVE-2023-49735 | 1 Apache | 1 Tiles | 2023-12-12 | N/A | 7.5 HIGH |
| ** UNSUPPORTED WHEN ASSIGNED ** The value set as the DefaultLocaleResolver.LOCALE_KEY attribute on the session was not validated while resolving XML definition files, leading to possible path traversal and eventually SSRF/XXE when passing user-controlled data to this key. Passing user-controlled data to this key may be relatively common, as it was also used like that to set the language in the 'tiles-test' application shipped with Tiles. This issue affects Apache Tiles from version 2 onwards. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2023-32317 | 1 Autolabproject | 1 Autolab | 2023-12-11 | N/A | 7.2 HIGH |
| Autolab is a course management service that enables auto-graded programming assignments. A Tar slip vulnerability was found in the MOSS cheat checker functionality of Autolab. To exploit this vulnerability an authenticated attacker with instructor permissions needs to upload a specially crafted Tar file. Both "Base File Tar" and "Additional file archive" can be fed with Tar files that contain paths outside their target directories (e.g., `../../../../tmp/tarslipped2.sh`). When the MOSS cheat checker is started the files inside of the archives are expanded to the attacker-chosen locations. This issue may lead to arbitrary file write within the scope of the running process. This issue has been addressed in version 2.11.0. Users are advised to upgrade. | |||||
| CVE-2023-32676 | 1 Autolabproject | 1 Autolab | 2023-12-11 | N/A | 7.2 HIGH |
| Autolab is a course management service that enables auto-graded programming assignments. A Tar slip vulnerability was found in the Install assessment functionality of Autolab. To exploit this vulnerability an authenticated attacker with instructor permissions needs to upload a specially crafted Tar file. Using the install assessment functionality an attacker can feed a Tar file that contain files with paths pointing outside of the target directory (e.g., `../../../../tmp/tarslipped1.sh`). When the Install assessment form is submitted the files inside of the archives are expanded to the attacker-chosen locations. This issue has been addressed in version 2.11.0. Users are advised to upgrade. | |||||
| CVE-2022-41956 | 1 Autolabproject | 1 Autolab | 2023-12-11 | N/A | 6.5 MEDIUM |
| Autolab is a course management service, initially developed by a team of students at Carnegie Mellon University, that enables instructors to offer autograded programming assignments to their students over the Web. A file disclosure vulnerability was discovered in Autolab's remote handin feature, whereby users are able to hand-in assignments using paths outside their submission directory. Users can then view the submission to view the file's contents. The vulnerability has been patched in version 2.10.0. As a workaround, ensure that the field for the remote handin feature is empty (Edit Assessment > Advanced > Remote handin path), and that you are not running Autolab as `root` (or any user that has write access to `/`). Alternatively, disable the remote handin feature if it is unneeded by replacing the body of `local_submit` in `app/controllers/assessment/handin.rb` with `render(plain: "Feature disabled", status: :bad_request) && return`. | |||||
| CVE-2021-35975 | 1 Systematica | 6 Financial Calculator, Fix Adapter, Http Adapter and 3 more | 2023-12-11 | N/A | 5.3 MEDIUM |
| Absolute path traversal vulnerability in the Systematica SMTP Adapter component (up to v2.0.1.101) in Systematica Radius (up to v.3.9.256.777) allows remote attackers to read arbitrary files via a full pathname in GET parameter "file" in URL. Also: affected components in same product - HTTP Adapter (up to v.1.8.0.15), MSSQL MessageBus Proxy (up to v.1.1.06), Financial Calculator (up to v.1.3.05), FIX Adapter (up to v.2.4.0.25) | |||||
| CVE-2023-6352 | 1 Aquaforest | 1 Tiff Server | 2023-12-11 | N/A | 5.3 MEDIUM |
| The default configuration of Aquaforest TIFF Server allows access to arbitrary file paths, subject to any restrictions imposed by Internet Information Services (IIS) or Microsoft Windows. Depending on how a web application uses and configures TIFF Server, a remote attacker may be able to enumerate files or directories, traverse directories, bypass authentication, or access restricted files. | |||||
| CVE-2014-125080 | 1 Faplanet Project | 1 Faplanet | 2023-12-08 | N/A | 9.8 CRITICAL |
| A vulnerability has been found in frontaccounting faplanet and classified as critical. This vulnerability affects unknown code. The manipulation leads to path traversal. The patch is identified as a5dcd87f46080a624b1a9ad4b0dd035bbd24ac50. It is recommended to apply a patch to fix this issue. VDB-218398 is the identifier assigned to this vulnerability. | |||||
| CVE-2017-7675 | 1 Apache | 1 Tomcat | 2023-12-08 | 5.0 MEDIUM | 7.5 HIGH |
| The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M21 and 8.5.0 to 8.5.15 bypassed a number of security checks that prevented directory traversal attacks. It was therefore possible to bypass security constraints using a specially crafted URL. | |||||
| CVE-2015-5345 | 3 Apache, Canonical, Debian | 3 Tomcat, Ubuntu Linux, Debian Linux | 2023-12-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character. | |||||
| CVE-2014-125068 | 1 Maps-js-icoads Project | 1 Maps-js-icoads | 2023-12-08 | N/A | 5.3 MEDIUM |
| A vulnerability was found in saxman maps-js-icoads and classified as critical. This issue affects some unknown processing of the file http-server.js. The manipulation leads to path traversal. The patch is named 34b8b0cce2807b119f4cffda2ac48fc8f427d69a. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217643. | |||||
| CVE-2021-31542 | 3 Debian, Djangoproject, Fedoraproject | 3 Debian Linux, Django, Fedora | 2023-12-07 | 5.0 MEDIUM | 7.5 HIGH |
| In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed directory traversal via uploaded files with suitably crafted file names. | |||||
| CVE-2017-16877 | 1 Zeit | 1 Next.js | 2023-12-07 | 5.0 MEDIUM | 7.5 HIGH |
| ZEIT Next.js before 2.4.1 has directory traversal under the /_next and /static request namespace, allowing attackers to obtain sensitive information. | |||||
| CVE-2023-5105 | 1 Najeebmedia | 1 Frontend File Manager Plugin | 2023-12-07 | N/A | 6.5 MEDIUM |
| The Frontend File Manager Plugin WordPress plugin before 22.6 has a vulnerability that allows an Editor+ user to bypass the file download logic and download files such as `wp-config.php` | |||||
| CVE-2023-49108 | 1 Sei-info | 1 Rakrak Document Plus | 2023-12-07 | N/A | 8.8 HIGH |
| Path traversal vulnerability exists in RakRak Document Plus Ver.3.2.0.0 to Ver.6.4.0.7 (excluding Ver.6.1.1.3a). If this vulnerability is exploited, arbitrary files on the server may be obtained or deleted by a user of the product with specific privileges. | |||||
| CVE-2020-25540 | 1 Thinkadmin | 1 Thinkadmin | 2023-12-07 | 5.0 MEDIUM | 7.5 HIGH |
| ThinkAdmin v6 is affected by a directory traversal vulnerability. An unauthorized attacker can read arbitrarily file on a remote server via GET request encode parameter. | |||||
| CVE-2018-25094 | 1 Kotchasan | 1 Online Accounting System | 2023-12-07 | N/A | 7.5 HIGH |
| A vulnerability was found in ???????????????? Online Accounting System up to 1.4.0 and classified as problematic. This issue affects some unknown processing of the file ckeditor/filemanager/browser/default/image.php. The manipulation of the argument fid with the input ../../../etc/passwd leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. Upgrading to version 2.0.0 is able to address this issue. The identifier of the patch is 9d9618422b980335bb30be612ea90f4f56cb992c. It is recommended to upgrade the affected component. The identifier VDB-246641 was assigned to this vulnerability. | |||||
| CVE-2023-6021 | 1 Ray Project | 1 Ray | 2023-12-06 | N/A | 7.5 HIGH |
| LFI in Ray's log API endpoint allows attackers to read any file on the server without authentication. The issue is fixed in version 2.8.1+. Ray maintainers' response can be found here: https://www.anyscale.com/blog/update-on-ray-cves-cve-2023-6019-cve-2023-6020-cve-2023-6021-cve-2023-48022-cve-2023-48023 | |||||
| CVE-2023-46690 | 1 Deltaww | 1 Infrasuite Device Master | 2023-12-06 | N/A | 8.8 HIGH |
| In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an attacker to write to any file to any location of the filesystem, which could lead to remote code execution. | |||||
| CVE-2023-47279 | 1 Deltaww | 1 Infrasuite Device Master | 2023-12-06 | N/A | 7.5 HIGH |
| In Delta Electronics InfraSuite Device Master v.1.0.7, A vulnerability exists that allows an unauthenticated attacker to disclose user information through a single UDP packet, obtain plaintext credentials, or perform NTLM relaying. | |||||
| CVE-2023-6026 | 1 Elijaa | 1 Phpmemcachedadmin | 2023-12-06 | N/A | 9.1 CRITICAL |
| A Path traversal vulnerability has been reported in elijaa/phpmemcachedadmin affecting version 1.3.0. This vulnerability allows an attacker to delete files stored on the server due to lack of proper verification of user-supplied input. | |||||
| CVE-2023-3533 | 1 Chamilo | 1 Chamilo | 2023-12-05 | N/A | 9.8 CRITICAL |
| Path traversal in file upload functionality in `/main/webservices/additional_webservices.php` in Chamilo LMS <= v1.11.20 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via arbitrary file write. | |||||
| CVE-2023-47464 | 1 Gl-inet | 2 Gl-ax1800, Gl-ax1800 Firmware | 2023-12-05 | N/A | 8.8 HIGH |
| Insecure Permissions vulnerability in GL.iNet AX1800 version 4.0.0 before 4.5.0 allows a remote attacker to execute arbitrary code via the upload API function. | |||||
| CVE-2023-46886 | 1 Dreamer Cms Project | 1 Dreamer Cms | 2023-12-05 | N/A | 9.1 CRITICAL |
| Dreamer CMS before version 4.0.1 is vulnerable to Directory Traversal. Background template management allows arbitrary modification of the template file, allowing system sensitive files to be read. | |||||
| CVE-2023-48848 | 1 Ureport Project | 1 Ureport | 2023-12-04 | N/A | 7.5 HIGH |
| An arbitrary file read vulnerability in ureport v2.2.9 allows a remote attacker to arbitrarily read files on the server by inserting a crafted path. | |||||
| CVE-2022-41951 | 1 Oroinc | 1 Oroplatform | 2023-12-04 | N/A | 9.8 CRITICAL |
| OroPlatform is a PHP Business Application Platform (BAP) designed to make development of custom business applications easier and faster. Path Traversal is possible in `Oro\Bundle\GaufretteBundle\FileManager::getTemporaryFileName`. With this method, an attacker can pass the path to a non-existent file, which will allow writing the content to a new file that will be available during script execution. This vulnerability has been fixed in version 5.0.9. | |||||
| CVE-2023-32558 | 1 Nodejs | 1 Node.js | 2023-12-04 | N/A | 7.5 HIGH |
| The use of the deprecated API `process.binding()` can bypass the permission model through path traversal. This vulnerability affects all users using the experimental permission model in Node.js 20.x. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js. | |||||
| CVE-2022-37703 | 1 Amanda | 1 Amanda | 2023-12-03 | N/A | 3.3 LOW |
| In Amanda 3.5.1, an information leak vulnerability was found in the calcsize SUID binary. An attacker can abuse this vulnerability to know if a directory exists or not anywhere in the fs. The binary will use `opendir()` as root directly without checking the path, letting the attacker provide an arbitrary path. | |||||
| CVE-2023-48185 | 1 Terra-mater | 1 Terra-master | 2023-12-02 | N/A | 7.5 HIGH |
| Directory Traversal vulnerability in TerraMaster v.s1.0 through v.2.295 allows a remote attacker to obtain sensitive information via a crafted GET request. | |||||
| CVE-2023-5885 | 1 Franklinfueling | 2 Colibri, Colibri Firmware | 2023-12-01 | N/A | 6.5 MEDIUM |
| The discontinued FFS Colibri product allows a remote user to access files on the system including files containing login credentials for other users. | |||||
| CVE-2023-6307 | 1 Jeecg | 1 Jimureport | 2023-12-01 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical was found in jeecgboot JimuReport up to 1.6.1. Affected by this vulnerability is an unknown functionality of the file /download/image. The manipulation of the argument imageUrl leads to relative path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-246133 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-5607 | 1 Trellix | 1 Application And Change Control | 2023-12-01 | N/A | 7.2 HIGH |
| An improper limitation of a path name to a restricted directory (path traversal) vulnerability in the TACC ePO extension, for on-premises ePO servers, prior to version 8.4.0 could lead to an authorised administrator attacker executing arbitrary code through uploading a specially crafted GTI reputation file. The attacker would need the appropriate privileges to access the relevant section of the User Interface. The import logic has been updated to restrict file types and content. | |||||
| CVE-2023-47313 | 1 H-mdm | 1 Headwind Mdm | 2023-11-30 | N/A | 5.4 MEDIUM |
| Headwind MDM Web panel 5.22.1 is vulnerable to Directory Traversal. The application uses an API call to move the uploaded temporary file to the file directory during the file upload process. This API call receives two input parameters, such as path and localPath. The first one refers to the temporary file with an absolute path without validating it. Attackers may modify this API call by referring to arbitrary files. As a result, arbitrary files can be moved to the files directory and so they can be downloaded. | |||||
| CVE-2023-6118 | 1 Neutron | 34 Ipc2224-sr3-npf-36, Ipc2224-sr3-npf-36 Firmware, Ipc2624-sr3-npf-36 and 31 more | 2023-11-30 | N/A | 7.5 HIGH |
| Path Traversal: '/../filedir' vulnerability in Neutron IP Camera allows Absolute Path Traversal.This issue affects IP Camera: before b1130.1.0.1. | |||||
| CVE-2023-47251 | 1 M-privacy | 2 Mprivacy-tools, Tightgatevnc | 2023-11-30 | N/A | 6.5 MEDIUM |
| In mprivacy-tools before 2.0.406g in m-privacy TightGate-Pro Server, a Directory Traversal in the print function of the VNC service allows authenticated attackers (with access to a VNC session) to automatically transfer malicious PDF documents by moving them into the .spool directory, and then sending a signal to the VNC service, which automatically transfers them to the connected VNC client's filesystem. | |||||
| CVE-2023-47467 | 1 Jeecg | 1 Jeecg-boot | 2023-11-30 | N/A | 6.5 MEDIUM |
| Directory Traversal vulnerability in jeecg-boot v.3.6.0 allows a remote privileged attacker to obtain sensitive information via the file directory structure. | |||||
| CVE-2022-25178 | 1 Jenkins | 1 Pipeline\ | 2023-11-30 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier does not restrict the names of resources passed to the libraryResource step, allowing attackers able to configure Pipelines permission to read arbitrary files on the Jenkins controller file system. | |||||
| CVE-2022-27203 | 1 Jenkins | 1 Extended Choice Parameter | 2023-11-30 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier allows attackers with Item/Configure permission to read values from arbitrary JSON and Java properties files on the Jenkins controller. | |||||
| CVE-2022-23113 | 1 Jenkins | 1 Publish Over Ssh | 2023-11-30 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins Publish Over SSH Plugin 1.22 and earlier performs a validation of the file name specifying whether it is present or not, resulting in a path traversal vulnerability allowing attackers with Item/Configure permission to discover the name of the Jenkins controller files. | |||||
| CVE-2022-25188 | 1 Jenkins | 1 Fortify | 2023-11-30 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins Fortify Plugin 20.2.34 and earlier does not sanitize the appName and appVersion parameters of its Pipeline steps, allowing attackers with Item/Configure permission to write or overwrite .xml files on the Jenkins controller file system with content not controllable by the attacker. | |||||
| CVE-2021-22151 | 1 Elastic | 1 Kibana | 2023-11-30 | N/A | 4.3 MEDIUM |
| It was discovered that Kibana was not validating a user supplied path, which would load .pbf files. Because of this, a malicious user could arbitrarily traverse the Kibana host to load internal files ending in the .pbf extension. | |||||
| CVE-2023-6209 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2023-11-30 | N/A | 6.5 MEDIUM |
| Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal "/../" part in the path could be used to override the specified host. This could contribute to security problems in web sites. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. | |||||
| CVE-2023-38879 | 1 Os4ed | 1 Opensis | 2023-11-30 | N/A | 7.5 HIGH |
| The Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to read arbitrary files via a directory traversal vulnerability in the 'filename' parameter of 'DownloadWindow.php'. | |||||
| CVE-2023-4593 | 2 Microsoft, Seattlelab | 2 Windows, Slmail | 2023-11-29 | N/A | 6.5 MEDIUM |
| Path traversal vulnerability whose exploitation could allow an authenticated remote user to bypass SecurityManager's intended restrictions and list a parent directory via any filename, such as a multiple ..%2F value affecting the 'dodoc' parameter in the /MailAdmin_dll.htm file. | |||||