Total
6658 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-24625 | 1 Hpe | 1 Utility Computing Service Meter | 2020-09-29 | 5.0 MEDIUM | 7.5 HIGH |
| Unathenticated directory traversal in the ReceiverServlet class doGet() method can lead to arbitrary file reads in HPE Pay Per Use (PPU) Utility Computing Service (UCS) Meter version 1.9. | |||||
| CVE-2020-24626 | 1 Hpe | 1 Utility Computing Service Meter | 2020-09-29 | 7.5 HIGH | 9.8 CRITICAL |
| Unathenticated directory traversal in the ReceiverServlet class doPost() method can lead to arbitrary remote code execution in HPE Pay Per Use (PPU) Utility Computing Service (UCS) Meter version 1.9. | |||||
| CVE-2020-24624 | 1 Hpe | 1 Utility Computing Service Meter | 2020-09-29 | 5.0 MEDIUM | 7.5 HIGH |
| Unathenticated directory traversal in the DownloadServlet class execute() method can lead to arbitrary file reads in HPE Pay Per Use (PPU) Utility Computing Service (UCS) Meter version 1.9. | |||||
| CVE-2020-14028 | 1 Ozeki | 1 Ozeki Ng Sms Gateway | 2020-09-26 | 9.0 HIGH | 7.2 HIGH |
| An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. By leveraging a path traversal vulnerability in the Autoreply module's Script Name, an attacker may write to or overwrite arbitrary files, with arbitrary content, usually with NT AUTHORITY\SYSTEM privileges. | |||||
| CVE-2020-5605 | 1 Buffalo | 2 Airstation Whr-g54s, Airstation Whr-g54s Firmware | 2020-09-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| Directory traversal vulnerability in WHR-G54S firmware 1.43 and earlier allows an attacker to access sensitive information such as setting values via unspecified vectors. | |||||
| CVE-2020-15182 | 2 Soy Cms Project, Soy Inquiry Project | 2 Soy Cms, Soy Inquiry | 2020-09-23 | 6.8 MEDIUM | 9.6 CRITICAL |
| The SOY Inquiry component of SOY CMS is affected by Cross-site Request Forgery (CSRF) and Remote Code Execution (RCE). The vulnerability affects versions 2.0.0.3 and earlier of SOY Inquiry. This allows remote attackers to force the administrator to edit files once the administrator loads a specially crafted webpage. An administrator must be logged in for exploitation to be possible. This issue is fixed in SOY Inquiry version 2.0.0.4 and included in SOY CMS 3.0.2.328. | |||||
| CVE-2020-7529 | 1 Schneider-electric | 1 Scadapack 7x Remote Connect | 2020-09-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| A CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Transversal') vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which allows an attacker to place content in any unprotected folder on the target system using a crafted .RCZ file. | |||||
| CVE-2018-15450 | 1 Cisco | 1 Prime Collaboration | 2020-09-16 | 5.5 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the web-based UI of Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to overwrite files on the file system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by using a specific UI input field to provide a custom path location. A successful exploit could allow the attacker to overwrite files on the file system. | |||||
| CVE-2018-13980 | 1 Zeta-producer | 1 Zeta Producer | 2020-09-16 | 2.1 LOW | 5.5 MEDIUM |
| The websites that were built from Zeta Producer Desktop CMS before 14.2.1 are vulnerable to unauthenticated file disclosure if the plugin "filebrowser" is installed, because of assets/php/filebrowser/filebrowser.main.php?file=../ directory traversal. | |||||
| CVE-2020-4711 | 1 Ibm | 1 Spectrum Protect Plus | 2020-09-16 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 187501. | |||||
| CVE-2020-7669 | 1 U-root | 1 U-root | 2020-09-08 | 5.0 MEDIUM | 7.5 HIGH |
| This affects all versions of package github.com/u-root/u-root/pkg/tarutil. It is vulnerable to both leading and non-leading relative path traversal attacks in tar file extraction. | |||||
| CVE-2020-7665 | 1 U-root | 1 U-root | 2020-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| This affects all versions of package github.com/u-root/u-root/pkg/uzip. It is vulnerable to both leading and non-leading relative path traversal attacks in zip file extraction. | |||||
| CVE-2020-7666 | 1 U-root | 1 U-root | 2020-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| This affects all versions of package github.com/u-root/u-root/pkg/cpio. It is vulnerable to leading, non-leading relative path traversal attacks and symlink based (relative and absolute) path traversal attacks in cpio file extraction. | |||||
| CVE-2020-7521 | 1 Schneider-electric | 1 Apc Easy Ups Online Software | 2020-09-04 | 7.5 HIGH | 9.8 CRITICAL |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in SFAPV9601 - APC Easy UPS On-Line Software (V2.0 and earlier) when accessing a vulnerable method of `FileUploadServlet` which may lead to uploading executable files to non-specified directories. | |||||
| CVE-2020-7522 | 1 Schneider-electric | 1 Apc Easy Ups Online Software | 2020-09-04 | 7.5 HIGH | 9.8 CRITICAL |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in SFAPV9601 - APC Easy UPS On-Line Software (V2.0 and earlier) when accessing a vulnerable method of `SoundUploadServlet` which may lead to uploading executable files to non-specified directories. | |||||
| CVE-2012-3337 | 1 Ibm | 1 Infosphere Guardium | 2020-09-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM InfoSphere Guardium 8.0, 8.01, and 8.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to download arbitrary files on the system. IBM X-Force ID: 78284. | |||||
| CVE-2019-8074 | 1 Adobe | 1 Coldfusion | 2020-09-04 | 10.0 HIGH | 9.8 CRITICAL |
| ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Path Traversal vulnerability. Successful exploitation could lead to Access Control Bypass in the context of the current user. | |||||
| CVE-2020-15639 | 1 Marvell | 1 Qconvergeconsole | 2020-09-03 | 10.0 HIGH | 9.8 CRITICAL |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Authentication is not required to exploit this vulnerability. The specific flaw exists within the decryptFile method of the FlashValidatorServiceImpl class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-10496. | |||||
| CVE-2020-3440 | 1 Cisco | 1 Webex Meetings | 2020-09-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| A vulnerability in Cisco Webex Meetings Desktop App for Windows could allow an unauthenticated, remote attacker to overwrite arbitrary files on an end-user system. The vulnerability is due to improper validation of URL parameters that are sent from a website to the affected application. An attacker could exploit this vulnerability by persuading a user to follow a URL to a website that is designed to submit crafted input to the affected application. A successful exploit could allow the attacker to overwrite arbitrary files on the affected system, possibly corrupting or deleting critical system files. | |||||
| CVE-2020-7376 | 1 Rapid7 | 1 Metasploit | 2020-09-02 | 10.0 HIGH | 9.8 CRITICAL |
| The Metasploit Framework module "post/osx/gather/enum_osx module" is affected by a relative path traversal vulnerability in the get_keychains method which can be exploited to write arbitrary files to arbitrary locations on the host filesystem when the module is run on a malicious host. | |||||