Total
6658 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-39037 | 1 Flowring | 1 Agentflow | 2022-11-15 | N/A | 7.5 HIGH |
| Agentflow BPM file download function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files. | |||||
| CVE-2022-29836 | 1 Westerndigital | 6 My Cloud Home, My Cloud Home Duo, My Cloud Home Duo Firmware and 3 more | 2022-11-15 | N/A | 4.3 MEDIUM |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability was discovered via an HTTP API on Western Digital My Cloud Home; My Cloud Home Duo; and SanDisk ibi devices that could allow an attacker to abuse certain parameters to point to random locations on the file system. This could also allow the attacker to initiate the installation of custom packages at these locations. This can only be exploited once the attacker has been authenticated to the device. This issue affects: Western Digital My Cloud Home and My Cloud Home Duo versions prior to 8.11.0-113 on Linux; SanDisk ibi versions prior to 8.11.0-113 on Linux. | |||||
| CVE-2020-7246 | 1 Qdpm | 1 Qdpm | 2022-11-10 | 6.5 MEDIUM | 8.8 HIGH |
| A remote code execution (RCE) vulnerability exists in qdPM 9.1 and earlier. An attacker can upload a malicious PHP code file via the profile photo functionality, by leveraging a path traversal vulnerability in the users['photop_preview'] delete photo feature, allowing bypass of .htaccess protection. NOTE: this issue exists because of an incomplete fix for CVE-2015-3884. | |||||
| CVE-2022-2863 | 1 Wpvivid | 1 Migration\, Backup\, Staging | 2022-11-10 | N/A | 4.9 MEDIUM |
| The Migration, Backup, Staging WordPress plugin before 0.9.76 does not sanitise and validate a parameter before using it to read the content of a file, allowing high privilege users to read any file from the web server via a Traversal attack | |||||
| CVE-2022-1391 | 1 Kanev | 1 Cab Fare Calculator | 2022-11-09 | 7.5 HIGH | 9.8 CRITICAL |
| The Cab fare calculator WordPress plugin before 1.0.4 does not validate the controller parameter before using it in require statements, which could lead to Local File Inclusion issues. | |||||
| CVE-2022-41212 | 1 Sap | 1 Netweaver Application Server Abap | 2022-11-09 | N/A | 4.9 MEDIUM |
| Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges to use a remote enabled function to read a file which is otherwise restricted. On successful exploitation an attacker can completely compromise the confidentiality of the application. | |||||
| CVE-2021-32682 | 1 Std42 | 1 Elfinder | 2022-11-09 | 7.5 HIGH | 9.8 CRITICAL |
| elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Several vulnerabilities affect elFinder 2.1.58. These vulnerabilities can allow an attacker to execute arbitrary code and commands on the server hosting the elFinder PHP connector, even with minimal configuration. The issues were patched in version 2.1.59. As a workaround, ensure the connector is not exposed without authentication. | |||||
| CVE-2022-41670 | 1 Schneider-electric | 2 Ecostruxure Operator Terminal Expert, Pro-face Blue | 2022-11-08 | N/A | 7.8 HIGH |
| A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior). | |||||
| CVE-2020-12509 | 1 Badgermeter | 1 Moni\ | 2022-11-08 | N/A | 7.5 HIGH |
| In s::can moni::tools in versions below 4.2 an unauthenticated attacker could get any file from the device by path traversal in the camera-file module. | |||||
| CVE-2020-21365 | 2 Debian, Wkhtmltopdf | 2 Debian Linux, Wkhtmltopdf | 2022-11-07 | N/A | 7.5 HIGH |
| Directory traversal vulnerability in wkhtmltopdf through 0.12.5 allows remote attackers to read local files and disclose sensitive information via a crafted html file running with the default configurations. | |||||
| CVE-2022-43451 | 1 Openharmony | 1 Openharmony | 2022-11-07 | N/A | 6.5 MEDIUM |
| OpenHarmony-v3.1.2 and prior versions had an Multiple path traversal vulnerability in appspawn and nwebspawn services. Local attackers can create arbitrary directories or escape application sandbox.If chained with other vulnerabilities it would allow an unprivileged process to gain full root privileges. | |||||
| CVE-2022-29774 | 1 Ispyconnect | 1 Ispy | 2022-11-05 | 7.5 HIGH | 9.8 CRITICAL |
| iSpy v7.2.2.0 is vulnerable to remote command execution via path traversal. | |||||
| CVE-2022-41667 | 1 Schneider-electric | 2 Ecostruxure Operator Terminal Expert, Pro-face Blue | 2022-11-05 | N/A | 7.8 HIGH |
| A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that allows adversaries with local user privileges to load a malicious DLL which could lead to execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior). | |||||
| CVE-2019-10220 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2022-11-03 | 9.3 HIGH | 8.8 HIGH |
| Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a relative paths injection in directory entry lists. | |||||
| CVE-2021-38399 | 1 Honeywell | 8 Application Control Environment, Application Control Environment Firmware, C200 and 5 more | 2022-11-02 | N/A | 7.5 HIGH |
| Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to relative path traversal, which may allow an attacker access to unauthorized files and directories. | |||||
| CVE-2008-0333 | 1 Afterlogic | 1 Mailbee Webmail Pro | 2022-11-02 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in download_view_attachment.aspx in AfterLogic MailBee WebMail Pro 4.1 for ASP.NET allows remote attackers to read arbitrary files via a .. (dot dot) in the temp_filename parameter. | |||||
| CVE-2018-8965 | 1 Zzcms | 1 Zzcms | 2022-11-01 | 6.4 MEDIUM | 7.5 HIGH |
| An issue was discovered in zzcms 8.2. user/ppsave.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock. | |||||
| CVE-2018-8969 | 1 Zzcms | 1 Zzcms | 2022-11-01 | 6.4 MEDIUM | 7.5 HIGH |
| An issue was discovered in zzcms 8.2. user/licence_save.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock. | |||||
| CVE-2018-8968 | 1 Zzcms | 1 Zzcms | 2022-11-01 | 6.4 MEDIUM | 7.5 HIGH |
| An issue was discovered in zzcms 8.2. user/manage.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg or oldflv parameter in an action=modify request. This can be leveraged for database access by deleting install.lock. | |||||
| CVE-2018-9331 | 1 Zzcms | 1 Zzcms | 2022-11-01 | 6.4 MEDIUM | 7.5 HIGH |
| An issue was discovered in zzcms 8.2. user/adv.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter. This can be leveraged for database access by deleting install.lock. | |||||