Total
6658 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-43734 | 1 Keking | 1 Kkfileview | 2022-02-23 | 5.0 MEDIUM | 7.5 HIGH |
| kkFileview v4.0.0 has arbitrary file read through a directory traversal vulnerability which may lead to sensitive file leak on related host. | |||||
| CVE-2021-22748 | 1 Schneider-electric | 1 C-bus Toolkit | 2022-02-23 | 6.5 MEDIUM | 8.8 HIGH |
| A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could allow a remote code execution when a file is saved. Affected Product: C-Bus Toolkit (V1.15.9 and prior), C-Gate Server (V2.11.7 and prior) | |||||
| CVE-2021-37343 | 1 Nagios | 1 Nagios Xi | 2022-02-22 | 6.5 MEDIUM | 8.8 HIGH |
| A path traversal vulnerability exists in Nagios XI below version 5.8.5 AutoDiscovery component and could lead to post authenticated RCE under security context of the user running Nagios. | |||||
| CVE-2020-35749 | 1 Presstigers | 1 Simple Board Job | 2022-02-22 | 4.0 MEDIUM | 7.7 HIGH |
| Directory traversal vulnerability in class-simple_job_board_resume_download_handler.php in the Simple Board Job plugin 2.9.3 and earlier for WordPress allows remote attackers to read arbitrary files via the sjb_file parameter to wp-admin/post.php. | |||||
| CVE-2017-14537 | 1 Netfortris | 1 Trixbox | 2022-02-19 | 4.0 MEDIUM | 6.5 MEDIUM |
| trixbox 2.8.0.4 has path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter to /maint/modules/home/index.php. | |||||
| CVE-2021-44111 | 1 S-cart | 1 S-cart | 2022-02-18 | 2.1 LOW | 4.4 MEDIUM |
| A Directory Traversal vulnerability exists in S-Cart 6.7 via download in sc-admin/backup. | |||||
| CVE-2021-22804 | 1 Schneider-electric | 1 Interactive Graphical Scada System Data Collector | 2022-02-18 | 5.0 MEDIUM | 7.5 HIGH |
| A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause disclosure of arbitrary files being read in the context of the user running IGSS, due to missing validation of user supplied data in network messages. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21243 and prior) | |||||
| CVE-2022-24312 | 1 Schneider-electric | 1 Interactive Graphical Scada System Data Server | 2022-02-17 | 7.5 HIGH | 9.8 CRITICAL |
| A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause modification of an existing file by adding at end of file or create a new file in the context of the Data Server potentially leading to remote code execution when an attacker sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior) | |||||
| CVE-2022-24647 | 1 Cuppacms | 1 Cuppacms | 2022-02-17 | 5.5 MEDIUM | 8.1 HIGH |
| Cuppa CMS v1.0 was discovered to contain an arbitrary file deletion vulnerability via the unlink() function. | |||||
| CVE-2022-24311 | 1 Schneider-electric | 1 Interactive Graphical Scada System Data Server | 2022-02-17 | 7.5 HIGH | 9.8 CRITICAL |
| A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause modification of an existing file by inserting at beginning of file or create a new file in the context of the Data Server potentially leading to remote code execution when an attacker sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior) | |||||
| CVE-2022-22931 | 1 Apache | 1 James | 2022-02-15 | 4.0 MEDIUM | 4.3 MEDIUM |
| Fix of CVE-2021-40525 do not prepend delimiters upon valid directory validations. Affected implementations include: - maildir mailbox store - Sieve file repository This enables a user to access other users data stores (limited to user names being prefixed by the value of the username being used). | |||||
| CVE-2021-45286 | 1 Zzcms | 1 Zzcms | 2022-02-15 | 5.0 MEDIUM | 5.3 MEDIUM |
| Directory Traversal vulnerability exists in ZZCMS 2021 via the skin parameter in 1) index.php, 2) bottom.php, and 3) top_index.php. | |||||
| CVE-2022-21193 | 1 Dounokouno | 1 Transmitmail | 2022-02-11 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in TransmitMail 2.5.0 to 2.6.1 allows a remote unauthenticated attacker to obtain an arbitrary file on the server via unspecified vectors. | |||||
| CVE-2021-37728 | 2 Arubanetworks, Siemens | 3 Arubaos, Scalance W1750d, Scalance W1750d Firmware | 2022-02-11 | 8.5 HIGH | 6.5 MEDIUM |
| A remote path traversal vulnerability was discovered in Aruba Operating System Software version(s): Prior to 8.8.0.1, 8.7.1.4, 8.6.0.11, 8.5.0.13. Aruba has released patches for ArubaOS that address this security vulnerability. | |||||
| CVE-2022-23609 | 1 Itunesrpc-remastered Project | 1 Itunesrpc-remastered | 2022-02-11 | 6.4 MEDIUM | 9.1 CRITICAL |
| iTunesRPC-Remastered is a Discord Rich Presence for iTunes on Windows utility. In affected versions iTunesRPC-Remastered did not properly sanitize user input used to remove files leading to file deletion only limited by the process permissions. Users are advised to upgrade as soon as possible. | |||||
| CVE-2014-0754 | 1 Schneider-electric | 86 171ccc96020, 171ccc96020 Firmware, 171ccc96020c and 83 more | 2022-02-10 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401 before 2.05, BMXNOE0100 before 2.9, BMXNOE0110x Exec before 6.0, TSXETC101 Exec before 2.04, TSXETY4103x Exec before 5.7, TSXETY5103x Exec before 5.9, TSXP57x ETYPort Exec before 5.7, and TSXP57x Ethernet Copro Exec before 5.5 allows remote attackers to visit arbitrary resources via a crafted HTTP request. | |||||
| CVE-2019-14530 | 1 Open-emr | 1 Openemr | 2022-02-10 | 6.0 MEDIUM | 8.8 HIGH |
| An issue was discovered in custom/ajax_download.php in OpenEMR before 5.0.2 via the fileName parameter. An attacker can download any file (that is readable by the user www-data) from server storage. If the requested file is writable for the www-data user and the directory /var/www/openemr/sites/default/documents/cqm_qrda/ exists, it will be deleted from server. | |||||
| CVE-2022-21371 | 1 Oracle | 1 Weblogic Server | 2022-02-09 | 5.0 MEDIUM | 7.5 HIGH |
| Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container). Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). | |||||
| CVE-2017-8033 | 1 Cloudfoundry | 2 Capi-release, Cf-release | 2022-02-09 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions prior to v1.35.0 and cf-release versions prior to v268. A filesystem traversal vulnerability exists in the Cloud Controller that allows a space developer to escalate privileges by pushing a specially crafted application that can write arbitrary files to the Cloud Controller VM. | |||||
| CVE-2021-29398 | 1 Globalnorthstar | 1 Northstar Club Management | 2022-02-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| Directory traversal in /northstar/Common/NorthFileManager/fileManagerObjects.jsp Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to browse and list the directories across the entire filesystem of the host of the web application. | |||||