Total
6658 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-34373 | 1 Dell | 1 Command \| Integration Suite For System Center | 2022-09-07 | N/A | 7.8 HIGH |
| Dell Command | Integration Suite for System Center, versions prior to 6.2.0, contains arbitrary file write vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability in order to perform an arbitrary write as system. | |||||
| CVE-2022-34375 | 1 Dell | 1 Container Storage Modules | 2022-09-07 | N/A | 6.5 MEDIUM |
| Dell Container Storage Modules 1.2 contains a path traversal vulnerability in goiscsi and gobrick libraries. A remote authenticated malicious user with low privileges could exploit this vulnerability leading to unintentional access to path outside of restricted directory. | |||||
| CVE-2020-12640 | 2 Opensuse, Roundcube | 3 Backports Sle, Leap, Webmail | 2022-09-02 | 7.5 HIGH | 9.8 CRITICAL |
| Roundcube Webmail before 1.4.4 allows attackers to include local files and execute code via directory traversal in a plugin name to rcube_plugin_api.php. | |||||
| CVE-2022-38794 | 1 Zaver Project | 1 Zaver | 2022-09-01 | N/A | 7.5 HIGH |
| Zaver through 2020-12-15 allows directory traversal via the GET /.. substring. | |||||
| CVE-2022-2261 | 1 Xplodedthemes | 1 Wpide | 2022-09-01 | N/A | 7.2 HIGH |
| The WPIDE WordPress plugin before 3.0 does not sanitize and validate the filename parameter before using it in a require statement in the admin dashboard, leading to a Local File Inclusion issue. | |||||
| CVE-2021-40285 | 1 Htmly | 1 Htmly | 2022-09-01 | N/A | 8.1 HIGH |
| htmly v2.8.1 was discovered to contain an arbitrary file deletion vulnerability via the component \views\backup.html.php. | |||||
| CVE-2021-21895 | 1 Lantronix | 2 Premierwave 2050, Premierwave 2050 Firmware | 2022-08-31 | 6.5 MEDIUM | 7.2 HIGH |
| A directory traversal vulnerability exists in the Web Manager FsTFtp functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to FsTFtp file overwrite. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2021-21894 | 1 Lantronix | 2 Premierwave 2050, Premierwave 2050 Firmware | 2022-08-31 | 6.5 MEDIUM | 9.1 CRITICAL |
| A directory traversal vulnerability exists in the Web Manager FsTFtp functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to arbitrary file overwrite FsTFtp file disclosure. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2021-21896 | 1 Lantronix | 2 Premierwave 2050, Premierwave 2050 Firmware | 2022-08-31 | 5.5 MEDIUM | 6.5 MEDIUM |
| A directory traversal vulnerability exists in the Web Manager FsBrowseClean functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to arbitrary file deletion. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2021-21904 | 1 Garrett | 1 Ic Module Cma | 2022-08-31 | 9.0 HIGH | 7.2 HIGH |
| A directory traversal vulnerability exists in the CMA CLI setenv command of Garrett Metal Detectors’ iC Module CMA Version 5.0. An attacker can provide malicious input to trigger this vulnerability | |||||
| CVE-2021-21907 | 1 Garrett | 1 Ic Module Cma | 2022-08-31 | 4.0 MEDIUM | 4.9 MEDIUM |
| A directory traversal vulnerability exists in the CMA CLI getenv command functionality of Garrett Metal Detectors’ iC Module CMA Version 5.0. A specially-crafted command line argument can lead to local file inclusion. An attacker can provide malicious input to trigger this vulnerability. | |||||
| CVE-2022-36168 | 1 Wuzhicms | 1 Wuzhicms | 2022-08-31 | N/A | 2.7 LOW |
| A directory traversal vulnerability was discovered in Wuzhicms 4.1.0. via /coreframe/app/attachment/admin/index.php: | |||||
| CVE-2022-34836 | 1 Abb | 1 Zenon | 2022-08-31 | N/A | 8.2 HIGH |
| Relative Path Traversal vulnerability in ABB Zenon 8.20 allows the user to access files on the Zenon system and user also can add own log messages and e.g., flood the log entries. An attacker who successfully exploit the vulnerability could access the Zenon runtime activities such as the start and stop of various activity and the last error code etc. | |||||
| CVE-2022-2464 | 1 Rockwellautomation | 1 Isagraf Workbench | 2022-08-27 | N/A | 7.8 HIGH |
| Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6.6.9 are affected by a Path Traversal vulnerability. Crafted malicious files can allow an attacker to traverse the file system when opened by ISaGRAF Workbench. If successfully exploited, an attacker could overwrite existing files and create additional files with the same permissions of the ISaGRAF Workbench software. User interaction is required for this exploit to be successful. | |||||
| CVE-2022-2463 | 1 Rockwellautomation | 1 Isagraf Workbench | 2022-08-27 | N/A | 7.8 HIGH |
| Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6.6.9 are affected by a Path Traversal vulnerability. A crafted malicious .7z exchange file may allow an attacker to gain the privileges of the ISaGRAF Workbench software when opened. If the software is running at the SYSTEM level, then the attacker will gain admin level privileges. User interaction is required for this exploit to be successful. | |||||
| CVE-2022-30547 | 1 Wwbn | 1 Avideo | 2022-08-26 | N/A | 9.9 CRITICAL |
| A directory traversal vulnerability exists in the unzipDirectory functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2022-34486 | 1 Pukiwiki | 1 Pukiwiki | 2022-08-24 | N/A | 7.2 HIGH |
| Path traversal vulnerability in PukiWiki versions 1.4.5 to 1.5.3 allows a remote authenticated attacker with an administrative privilege to execute a malicious script via unspecified vectors. | |||||
| CVE-2022-2557 | 1 Radiustheme | 1 Team - Wordpress Team Members Showcase | 2022-08-23 | N/A | 8.8 HIGH |
| The Team WordPress plugin before 4.1.2 contains a file which could allow any authenticated users to download arbitrary files from the server via a path traversal vector. Furthermore, the file will also be deleted after its content is returned to the user | |||||
| CVE-2022-37422 | 1 Payara | 1 Payara | 2022-08-20 | N/A | 7.5 HIGH |
| Payara through 5.2022.2 allows directory traversal without authentication. This affects Payara Server, Payara Micro, and Payara Server Embedded. | |||||
| CVE-2020-10387 | 1 Chadhaajay | 1 Phpkb | 2022-08-19 | 4.0 MEDIUM | 4.9 MEDIUM |
| Path Traversal in admin/download.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to download files from the server using a dot-dot-slash sequence (../) via the GET parameter file. | |||||