Total
6658 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-22717 | 1 Schneider-electric | 1 C-bus Toolkit | 2021-06-02 | 6.5 MEDIUM | 8.8 HIGH |
| A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in C-Bus Toolkit (V1.15.7 and prior) that could allow a remote code execution when processing config files. | |||||
| CVE-2021-22718 | 1 Schneider-electric | 1 C-bus Toolkit | 2021-06-02 | 6.8 MEDIUM | 7.8 HIGH |
| A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in C-Bus Toolkit (V1.15.7 and prior) that could allow a remote code execution when restoring project files. | |||||
| CVE-2021-22719 | 1 Schneider-electric | 1 C-bus Toolkit | 2021-06-02 | 6.5 MEDIUM | 8.8 HIGH |
| A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in C-Bus Toolkit (V1.15.7 and prior) that could allow a remote code execution when a file is uploaded. | |||||
| CVE-2012-1050 | 1 Mathopd | 1 Mathopd | 2021-06-01 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in Mathopd 1.4.x and 1.5.x before 1.5p7, when configured with the * construct for mass virtual hosting, allows remote attackers to read arbitrary files via a crafted Host header. | |||||
| CVE-2021-29695 | 1 Ibm | 6 8335-gca, 8335-gca Firmware, 8335-gta and 3 more | 2021-06-01 | 8.5 HIGH | 6.5 MEDIUM |
| IBM Host firmware for LC-class Systems could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request that would allow them to delete arbitrary files on the system. IBM X-Force ID: 200558. | |||||
| CVE-2021-27461 | 1 Emerson | 8 X-stream Enhanced Xefd, X-stream Enhanced Xefd Firmware, X-stream Enhanced Xegk and 5 more | 2021-05-28 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected webserver applications allow access to stored data that can be obtained by using specially crafted URLs. | |||||
| CVE-2021-33497 | 1 Dutchcoders | 1 Transfer.sh | 2021-05-27 | 6.4 MEDIUM | 9.1 CRITICAL |
| Dutchcoders transfer.sh before 1.2.4 allows Directory Traversal for deleting files. | |||||
| CVE-2020-21055 | 1 Fusionpbx | 1 Fusionpbx | 2021-05-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| A Directory Traversal vulnerability exists in FusionPBX 4.5.7 allows malicoius users to rename any file of the system.via the (1) folder, (2) filename, and (3) newfilename variables in app\edit\filerename.php. | |||||
| CVE-2020-36364 | 1 Smartstore | 1 Smartstorenet | 2021-05-25 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in Smartstore (aka SmartStoreNET) before 4.1.0. Administration/Controllers/ImportController.cs allows path traversal (for copy and delete actions) in the ImportController.Create method via a TempFileName field. | |||||
| CVE-2020-21057 | 1 Fusionpbx | 1 Fusionpbx | 2021-05-25 | 5.5 MEDIUM | 8.1 HIGH |
| Directory Traversal vulnerability in FusionPBX 4.5.7, which allows a remote malicious user to delete folders on the system via the folder variable to app/edit/folderdelete.php. | |||||
| CVE-2020-21056 | 1 Fusionpbx | 1 Fusionpbx | 2021-05-25 | 4.0 MEDIUM | 4.3 MEDIUM |
| Directory Traversal vulnerability exists in FusionPBX 4.5.7, which allows a remote malicious user to create folders via the folder variale to app\edit\foldernew.php. | |||||
| CVE-2020-18178 | 1 Hongcms Project | 1 Hongcms | 2021-05-24 | 7.5 HIGH | 9.8 CRITICAL |
| Path Traversal in HongCMS v4.0.0 allows remote attackers to view, edit, and delete arbitrary files via a crafted POST request to the component "/hcms/admin/index.php/language/ajax." | |||||
| CVE-2021-32572 | 1 Specotech | 1 Web Viewer | 2021-05-21 | 5.0 MEDIUM | 7.5 HIGH |
| Speco Web Viewer through 2021-05-12 allows Directory Traversal via GET request for a URI with /.. at the beginning, as demonstrated by reading the /etc/passwd file. | |||||
| CVE-2019-18978 | 3 Canonical, Debian, Rack-cors Project | 3 Ubuntu Linux, Debian Linux, Rack-cors | 2021-05-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in the rack-cors (aka Rack CORS Middleware) gem before 1.0.4 for Ruby. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format. | |||||
| CVE-2020-23575 | 1 Kyocera | 2 D-copia253mf Plus, D-copia253mf Plus Firmware | 2021-05-17 | 5.0 MEDIUM | 7.5 HIGH |
| A directory traversal vulnerability exists in Kyocera Printer d-COPIA253MF plus. Successful exploitation of this vulnerability could allow an attacker to retrieve or view arbitrary files from the affected server. | |||||
| CVE-2019-13551 | 1 Advantech | 1 Wise-paas\/rmm | 2021-05-13 | 10.0 HIGH | 9.8 CRITICAL |
| Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Path traversal vulnerabilities are caused by a lack of proper validation of a user-supplied path prior to use in file operations. An attacker can leverage these vulnerabilities to remotely execute code while posing as an administrator. | |||||
| CVE-2021-28149 | 1 Hongdian | 2 H8922, H8922 Firmware | 2021-05-13 | 4.0 MEDIUM | 6.5 MEDIUM |
| Hongdian H8922 3.0.5 devices allow Directory Traversal. The /log_download.cgi log export handler does not validate user input and allows a remote attacker with minimal privileges to download any file from the device by substituting ../ (e.g., ../../etc/passwd) This can be carried out with a web browser by changing the file name accordingly. Upon visiting log_download.cgi?type=../../etc/passwd and logging in, the web server will allow a download of the contents of the /etc/passwd file. | |||||
| CVE-2021-29246 | 1 Btcpayserver | 1 Btcpay Server | 2021-05-11 | 6.5 MEDIUM | 6.7 MEDIUM |
| BTCPay Server through 1.0.7.0 suffers from directory traversal, which allows an attacker with admin privileges to achieve code execution. The attacker must craft a malicious plugin file with special characters to upload the file outside of the restricted directory. | |||||
| CVE-2021-28959 | 1 Zohocorp | 1 Manageengine Eventlog Analyzer | 2021-05-11 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine Eventlog Analyzer through 12147 is vulnerable to unauthenticated directory traversal via an entry in a ZIP archive. This leads to remote code execution. | |||||
| CVE-2021-31421 | 1 Parallels | 1 Parallels Desktop | 2021-05-10 | 2.1 LOW | 6.0 MEDIUM |
| This vulnerability allows local attackers to delete arbitrary files on affected installations of Parallels Desktop 16.1.1-49141. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete arbitrary files in the context of the hypervisor. Was ZDI-CAN-12129. | |||||