Total
6658 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-9846 | 1 Magicwinmail | 1 Winmail Server | 2020-06-11 | 6.5 MEDIUM | 8.8 HIGH |
| Winmail Server 6.1 allows remote code execution by authenticated users who leverage directory traversal in a netdisk.php move_folder_file call to move a .php file from the FTP folder into a web folder. | |||||
| CVE-2020-13836 | 1 Google | 1 Android | 2020-06-07 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. HWRResProvider allows path traversal for data exposure. The Samsung ID is SVE-2020-16954 (June 2020). | |||||
| CVE-2019-16384 | 1 Cybelesoft | 1 Thinfinity Virtualui | 2020-06-05 | 4.0 MEDIUM | 6.5 MEDIUM |
| Cybele Thinfinity VirtualUI 2.5.17.2 allows ../ path traversal that can be used for data exfiltration. This enables files outside of the web directory to be retrieved if the exact location is known and the user has permissions. | |||||
| CVE-2020-13795 | 1 Naviwebs | 1 Navigate Cms | 2020-06-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Navigate CMS through 2.8.7. It allows Directory Traversal because lib/packages/templates/template.class.php mishandles ../ and ..\ substrings. | |||||
| CVE-2020-13792 | 1 Playtube | 1 Playtube | 2020-06-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| PlayTube 1.8 allows disclosure of user details via ajax.php?type=../admin-panel/autoload&page=manage-users directory traversal, aka local file inclusion. | |||||
| CVE-2017-6821 | 1 Synacor | 1 Zimbra Collaboration Suite | 2020-06-04 | 7.5 HIGH | 9.8 CRITICAL |
| Directory traversal vulnerability in Zimbra Collaboration Suite (aka ZCS) before 8.7.6 allows attackers to have unspecified impact via unknown vectors. | |||||
| CVE-2013-7091 | 1 Synacor | 1 Zimbra Collaboration Suite | 2020-06-04 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz in Zimbra 7.2.2 and 8.0.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the skin parameter. NOTE: this can be leveraged to execute arbitrary code by obtaining LDAP credentials and accessing the service/admin/soap API. | |||||
| CVE-2020-7652 | 1 Synk | 1 Broker | 2020-06-02 | 4.0 MEDIUM | 6.5 MEDIUM |
| All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users with access to Snyk's internal network via directory traversal. | |||||
| CVE-2014-8939 | 1 Piwigo | 1 Lexiglot | 2020-06-02 | 4.3 MEDIUM | 5.3 MEDIUM |
| Lexiglot through 2014-11-20 allows remote attackers to obtain sensitive information (full path) via an include/smarty/plugins/modifier.date_format.php request if PHP has a non-recommended configuration that produces warning messages. | |||||
| CVE-2020-13227 | 1 Sysax | 1 Multi Server | 2020-06-02 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Sysax Multi Server 6.90. An attacker can determine the username (under which the web server is running) by triggering an invalid path permission error. This bypasses the fakepath protection mechanism. | |||||
| CVE-2014-7174 | 1 Farsite | 2 Farlinx X25 Gateway, Farlinx X25 Gateway Firmware | 2020-06-02 | 5.0 MEDIUM | 5.3 MEDIUM |
| FarLinX X25 Gateway through 2014-09-25 allows directory traversal via the log-handling feature. | |||||
| CVE-2020-12832 | 1 Simplefilelist | 1 Simple-file-list | 2020-05-21 | 7.5 HIGH | 9.8 CRITICAL |
| WordPress Plugin Simple File List before 4.2.8 is prone to a vulnerability that lets attackers delete arbitrary files because the application fails to properly verify user-supplied input. | |||||
| CVE-2018-14363 | 2 Debian, Neomutt | 2 Debian Linux, Neomutt | 2020-05-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in NeoMutt before 2018-07-16. newsrc.c does not properly restrict '/' characters that may have unsafe interaction with cache pathnames. | |||||
| CVE-2009-1779 | 1 Frax | 1 Php Recommend | 2020-05-20 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in admin.php in Frax.dk Php Recommend 1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the form_include_template parameter. | |||||
| CVE-2018-14355 | 4 Canonical, Debian, Mutt and 1 more | 4 Ubuntu Linux, Debian Linux, Mutt and 1 more | 2020-05-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/util.c mishandles ".." directory traversal in a mailbox name. | |||||
| CVE-2020-12251 | 1 Gigamon | 1 Gigavue | 2020-05-18 | 3.5 LOW | 2.2 LOW |
| An issue was discovered in Gigamon GigaVUE 5.5.01.11. The upload functionality allows an authenticated user to change the filename value (in the POST method) from the original filename to achieve directory traversal via a ../ sequence and, for example, obtain a complete directory listing of the machine. | |||||
| CVE-2020-11531 | 1 Zohocorp | 2 Manageengine Adaudit Plus, Manageengine Datasecurity Plus | 2020-05-18 | 6.5 MEDIUM | 8.8 HIGH |
| The DataEngine Xnode Server application in Zoho ManageEngine DataSecurity Plus prior to 6.0.1 does not validate the database schema name when handling a DR-SCHEMA-SYNC request. This allows an authenticated attacker to execute code in the context of the product by writing a JSP file to the webroot directory via directory traversal. | |||||
| CVE-2020-8983 | 1 Citrix | 1 Sharefile Storagezones Controller | 2020-05-15 | 5.0 MEDIUM | 7.5 HIGH |
| An arbitrary file write issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020, which allows remote code execution. RCE and file access is granted to everything hosted by ShareFile, be it on-premise or inside Citrix Cloud itself (both are internet facing). NOTE: unlike most CVEs, exploitability depends on the product version that was in use when a particular setup step was performed, NOT the product version that is in use during a current assessment of a CVE consumer's product inventory. Specifically, the vulnerability can be exploited if a storage zone was created by one of these product versions: 5.9.0, 5.8.0, 5.7.0, 5.6.0, 5.5.0, or earlier. This CVE differs from CVE-2020-7473 and CVE-2020-8982. | |||||
| CVE-2020-8982 | 1 Citrix | 1 Sharefile Storagezones Controller | 2020-05-15 | 5.0 MEDIUM | 7.5 HIGH |
| An unauthenticated arbitrary file read issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020. RCE and file access is granted to everything hosted by ShareFile, be it on-premise or inside Citrix Cloud itself (both are internet facing). NOTE: unlike most CVEs, exploitability depends on the product version that was in use when a particular setup step was performed, NOT the product version that is in use during a current assessment of a CVE consumer's product inventory. Specifically, the vulnerability can be exploited if a storage zone was created by one of these product versions: 5.9.0, 5.8.0, 5.7.0, 5.6.0, 5.5.0, or earlier. This CVE differs from CVE-2020-7473 and CVE-2020-8983. | |||||
| CVE-2020-13093 | 1 Ispyconnect | 1 Agent Dvr | 2020-05-15 | 5.0 MEDIUM | 5.3 MEDIUM |
| iSpyConnect.com Agent DVR before 2.7.1.0 allows directory traversal. | |||||