Total
6658 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-37200 | 1 Siemens | 1 Sinec Network Management System | 2021-09-24 | 4.0 MEDIUM | 7.7 HIGH |
| A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP1). An attacker with access to the webserver of an affected system could download arbitrary files from the underlying filesystem by sending a specially crafted HTTP request. | |||||
| CVE-2019-9489 | 2 Microsoft, Trendmicro | 6 Windows, Apex One, Apex One As A Service and 3 more | 2021-09-24 | 5.0 MEDIUM | 7.5 HIGH |
| A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (versions XG and 11.0), and Worry-Free Business Security (versions 10.0, 9.5 and 9.0) could allow an attacker to modify arbitrary files on the affected product's management console. | |||||
| CVE-2021-33685 | 1 Sap | 1 Business One | 2021-09-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| SAP Business One version - 10.0 allows low-level authorized attacker to traverse the file system to access files or directories that are outside of the restricted directory. A successful attack allows access to high level sensitive data | |||||
| CVE-2021-37532 | 1 Sap | 1 Business One | 2021-09-23 | 4.0 MEDIUM | 4.3 MEDIUM |
| SAP Business One version - 10, due to improper input validation, allows an authenticated User to gain access to directory and view the contents of index in the directory, which would otherwise be restricted to high privileged User. | |||||
| CVE-2020-19147 | 1 Jflyfox | 1 Jfinal Cms | 2021-09-23 | 4.0 MEDIUM | 6.5 MEDIUM |
| Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive infromation via the 'getFolder()' function in the component '/modules/filemanager/FileManager.java'. | |||||
| CVE-2020-19146 | 1 Jflyfox | 1 Jfinal Cms | 2021-09-23 | 4.0 MEDIUM | 6.5 MEDIUM |
| Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information via the 'TemplatePath' parameter in the component 'jfinal_cms/admin/folder/list'. | |||||
| CVE-2020-12006 | 1 Advantech | 1 Webaccess | 2021-09-23 | 7.5 HIGH | 9.8 CRITICAL |
| Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow a low privilege user to overwrite files outside the application’s control. | |||||
| CVE-2020-12010 | 1 Advantech | 1 Webaccess | 2021-09-23 | 5.8 MEDIUM | 7.1 HIGH |
| Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow an authenticated user to use a specially crafted file to delete files outside the application’s control. | |||||
| CVE-2020-12026 | 1 Advantech | 1 Webaccess | 2021-09-23 | 6.5 MEDIUM | 8.8 HIGH |
| Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow a low privilege user to overwrite files outside the application’s control. | |||||
| CVE-2021-25450 | 1 Google | 1 Android | 2021-09-22 | 3.3 LOW | 6.5 MEDIUM |
| Path traversal vulnerability in FactoryAirCommnadManger prior to SMR Sep-2021 Release 1 allows attackers to write file as system uid via remote socket. | |||||
| CVE-2021-38758 | 1 Online Catering Reservation System Project | 1 Online Catering Reservation System | 2021-09-21 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in Online Catering Reservation System 1.0 exists due to lack of validation in index.php. | |||||
| CVE-2021-32516 | 1 Qsan | 1 Storage Manager | 2021-09-20 | 5.0 MEDIUM | 7.5 HIGH |
| Path traversal vulnerability in share_link in QSAN Storage Manager allows remote attackers to download arbitrary files. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3. | |||||
| CVE-2021-32506 | 1 Qsan | 1 Storage Manager | 2021-09-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| Absolute Path Traversal vulnerability in GetImage in QSAN Storage Manager allows remote authenticated attackers download arbitrary files via the Url path parameter. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3 . | |||||
| CVE-2021-32532 | 1 Qsan | 1 Xevo | 2021-09-20 | 5.0 MEDIUM | 7.5 HIGH |
| Path traversal vulnerability in back-end analysis function in QSAN XEVO allows remote attackers to download arbitrary files without permissions. The referred vulnerability has been solved with the updated version of QSAN XEVO v2.1.0. | |||||
| CVE-2021-32527 | 1 Qsan | 1 Storage Manager | 2021-09-20 | 5.0 MEDIUM | 7.5 HIGH |
| Path traversal vulnerability in QSAN Storage Manager allows remote unauthenticated attackers to download arbitrary files thru injecting file path in download function. Suggest contacting with QSAN and refer to recommendations in QSAN Document. | |||||
| CVE-2021-33807 | 1 Gespage | 1 Gespage | 2021-09-20 | 5.0 MEDIUM | 7.5 HIGH |
| Cartadis Gespage through 8.2.1 allows Directory Traversal in gespage/doDownloadData and gespage/webapp/doDownloadData. | |||||
| CVE-2021-24453 | 1 Include Me Project | 1 Include Me | 2021-09-20 | 9.0 HIGH | 8.8 HIGH |
| The Include Me WordPress plugin through 1.2.1 is vulnerable to path traversal / local file inclusion, which can lead to Remote Code Execution (RCE) of the system due to log poisoning and therefore potentially a full compromise of the underlying structure | |||||
| CVE-2021-22704 | 1 Schneider-electric | 10 Ecostruxure Machine Expert, Harmony Gk, Harmony Gto and 7 more | 2021-09-20 | 6.4 MEDIUM | 9.1 CRITICAL |
| A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists in Harmony/HMI Products Configured by Vijeo Designer (all versions prior to V6.2 SP11 ), Vijeo Designer Basic (all versions prior to V1.2), or EcoStruxure Machine Expert (all versions prior to V2.0) that could cause a Denial of Service or unauthorized access to system information when connecting to the Harmony HMI over FTP. | |||||
| CVE-2021-27030 | 1 Autodesk | 1 Fbx Review | 2021-09-16 | 9.3 HIGH | 7.8 HIGH |
| A user may be tricked into opening a malicious FBX file which may exploit a Directory Traversal Remote Code Execution vulnerability in FBX’s Review causing it to run arbitrary code on the system. | |||||
| CVE-2021-39500 | 1 Eyoucms | 1 Eyoucms | 2021-09-15 | 5.0 MEDIUM | 7.5 HIGH |
| Eyoucms 1.5.4 is vulnerable to Directory Traversal. Due to a lack of input data sanitizaton in param tpldir, filename, type, nid an attacker can inject "../" to escape and write file to writeable directories. | |||||