Total
6658 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-44665 | 1 Xerte | 1 Xerte | 2022-03-04 | 3.5 LOW | 6.5 MEDIUM |
| A Directory Traversal vulnerability exists in the Xerte Project Xerte through 3.10.3 when downloading a project file via download.php. | |||||
| CVE-2022-22349 | 1 Ibm | 1 Sterling External Authentication Server | 2022-03-02 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Sterling External Authentication Server 3.4.3.2, 6.0.2.0, and 6.0.3.0 is vulnerable to path traversals, due to not properly validating RESTAPI configuration data. An authorized user could import invalid data which could be used for an attack. IBM X-Force ID: 220144. | |||||
| CVE-2020-27467 | 1 Processwire | 1 Processwire | 2022-03-02 | 7.8 HIGH | 7.5 HIGH |
| A Directory Traversal vulnerability exits in Processwire CMS before 2.7.1 via the download parameter to index.php. | |||||
| CVE-2021-45746 | 1 Webank | 1 Wecube | 2022-03-02 | 5.0 MEDIUM | 7.5 HIGH |
| A Directory Traversal vulnerability exists in WeBankPartners wecube-platform 3.2.1 via the file variable in PluginPackageController.java. | |||||
| CVE-2022-23612 | 1 Openmrs | 1 Openmrs | 2022-03-02 | 5.0 MEDIUM | 7.5 HIGH |
| OpenMRS is a patient-based medical record system focusing on giving providers a free customizable electronic medical record system. Affected versions are subject to arbitrary file exfiltration due to failure to sanitize request when satisfying GET requests for `/images` & `/initfilter/scripts`. This can allow an attacker to access any file on a system running OpenMRS that is accessible to the user id OpenMRS is running under. Affected implementations should update to the latest patch version of OpenMRS Core for the minor version they use. These are: 2.1.5, 2.2.1, 2.3.5, 2.4.5 and 2.5.3. As a general rule, this vulnerability is already mitigated by Tomcat's URL normalization in Tomcat 7.0.28+. Users on older versions of Tomcat should consider upgrading their Tomcat instance as well as their OpenMRS instance. | |||||
| CVE-2021-27755 | 1 Hcltech | 1 Hcl Sametime | 2022-03-02 | 2.1 LOW | 5.5 MEDIUM |
| "Sametime Android potential path traversal vulnerability when using File class" | |||||
| CVE-2021-27753 | 1 Hcltech | 1 Hcl Sametime | 2022-03-01 | 2.1 LOW | 5.5 MEDIUM |
| "Sametime Android PathTraversal Vulnerability" | |||||
| CVE-2022-0665 | 1 Pimcore | 1 Pimcore | 2022-03-01 | 5.5 MEDIUM | 6.5 MEDIUM |
| Path Traversal in GitHub repository pimcore/pimcore prior to 10.3.2. | |||||
| CVE-2003-0593 | 1 Opera | 1 Opera Browser | 2022-03-01 | 7.5 HIGH | N/A |
| Opera allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Opera to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application. | |||||
| CVE-2022-25358 | 1 Awful-salmonella-tar Project | 1 Awful-salmonella-tar | 2022-03-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| A ..%2F path traversal vulnerability exists in the path handler of awful-salmonella-tar before 0.0.4. Attackers can only list directories (not read files). This occurs because the safe-path? Scheme predicate is not used for directories. | |||||
| CVE-2020-14523 | 1 Mitsubishielectric | 27 Cw Configurator, Fr Configurator2, Gx Works2 and 24 more | 2022-03-01 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple Mitsubishi Electric Factory Automation products have a vulnerability that allows an attacker to execute arbitrary code. | |||||
| CVE-2021-26619 | 2 Bigfile, Microsoft | 2 Bigfileagent, Windows | 2022-02-28 | 6.4 MEDIUM | 9.1 CRITICAL |
| An path traversal vulnerability leading to delete arbitrary files was discovered in BigFileAgent. Remote attackers can use this vulnerability to delete arbitrary files of unspecified number of users. | |||||
| CVE-2021-39312 | 1 Trueranker | 1 True Ranker | 2022-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| The True Ranker plugin <= 2.2.2 for WordPress allows arbitrary files, including sensitive configuration files such as wp-config.php, to be accessed via the src parameter found in the ~/admin/vendor/datatables/examples/resources/examples.php file. | |||||
| CVE-2021-25082 | 1 Sygnoos | 1 Popup Builder | 2022-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| The Popup Builder WordPress plugin before 4.0.7 does not validate and sanitise the sgpb_type parameter before using it in a require statement, leading to a Local File Inclusion issue. Furthermore, since the beginning of the string can be controlled, the issue can lead to RCE vulnerability via wrappers such as PHAR | |||||
| CVE-2022-0673 | 1 Eclipse | 1 Lemminx | 2022-02-26 | 6.4 MEDIUM | 6.5 MEDIUM |
| A flaw was found in LemMinX in versions prior to 0.19.0. Cache poisoning of external schema files due to directory traversal. | |||||
| CVE-2022-25298 | 1 Webcc Project | 1 Webcc | 2022-02-25 | 5.0 MEDIUM | 7.5 HIGH |
| This affects the package sprinfall/webcc before 0.3.0. It is possible to traverse directories to fetch arbitrary files from the server. | |||||
| CVE-2022-22914 | 1 Ovidentia | 1 Ovidentia | 2022-02-25 | 5.0 MEDIUM | 7.5 HIGH |
| An incorrect access control issue in the component FileManager of Ovidentia CMS 6.0 allows authenticated attackers to to view and download content in the upload directory via path traversal. | |||||
| CVE-2022-24983 | 1 Jqueryform | 1 Jqueryform | 2022-02-25 | 5.0 MEDIUM | 7.5 HIGH |
| Forms generated by JQueryForm.com before 2022-02-05 allow remote attackers to obtain the URI to any uploaded file by capturing the POST response. When chained with CVE-2022-24984, this could lead to unauthenticated remote code execution on the underlying web server. This occurs because the Unique ID field is contained in the POST response upon submitting a form. | |||||
| CVE-2021-40841 | 1 Liveconfig | 1 Liveconfig | 2022-02-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| A Path Traversal vulnerability for a log file in LiveConfig 2.12.2 allows authenticated attackers to read files on the underlying server. | |||||
| CVE-2022-24977 | 1 Impresscms | 1 Impresscms | 2022-02-24 | 7.5 HIGH | 9.8 CRITICAL |
| ImpressCMS before 1.4.2 allows unauthenticated remote code execution via ...../// directory traversal in origName or imageName, leading to unsafe interaction with the CKEditor processImage.php script. The payload may be placed in PHP_SESSION_UPLOAD_PROGRESS when the PHP installation supports upload_progress. | |||||