Total
6658 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-23479 | 1 Solarwinds | 1 Access Rights Manager | 2024-02-20 | N/A | 9.6 CRITICAL |
| SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability. If exploited, this vulnerability allows an unauthenticated user to achieve a Remote Code Execution. | |||||
| CVE-2023-40587 | 2 Agendaless, Fedoraproject | 2 Pyramid, Fedora | 2024-02-16 | N/A | 5.3 MEDIUM |
| Pyramid is an open source Python web framework. A path traversal vulnerability in Pyramid versions 2.0.0 and 2.0.1 impacts users of Python 3.11 that are using a Pyramid static view with a full filesystem path and have a `index.html` file that is located exactly one directory above the location of the static view's file system path. No further path traversal exists, and the only file that could be disclosed accidentally is `index.html`. Pyramid version 2.0.2 rejects any path that contains a null-byte out of caution. While valid in directory/file names, we would strongly consider it a mistake to use null-bytes in naming files/directories. Secondly, Python 3.11, and 3.12 has fixed the underlying issue in `os.path.normpath` to no longer truncate on the first `0x00` found, returning the behavior to pre-3.11 Python, un an as of yet unreleased version. Fixes will be available in:Python 3.12.0rc2 and 3.11.5. Some workarounds are available. Use a version of Python 3 that is not affected, downgrade to Python 3.10 series temporarily, or wait until Python 3.11.5 is released and upgrade to the latest version of Python 3.11 series. | |||||
| CVE-2024-22226 | 1 Dell | 1 Unity Operating Environment | 2024-02-16 | N/A | 6.5 MEDIUM |
| Dell Unity, versions prior to 5.4, contain a path traversal vulnerability in its svc_supportassist utility. An authenticated attacker could potentially exploit this vulnerability, to gain unauthorized write access to the files stored on the server filesystem, with elevated privileges. | |||||
| CVE-2024-24591 | 1 Clear | 1 Clearml | 2024-02-15 | N/A | 8.8 HIGH |
| A path traversal vulnerability in versions 1.4.0 to 1.14.1 of the client SDK of Allegro AI’s ClearML platform enables a maliciously uploaded dataset to write local or remote files to an arbitrary location on an end user’s system when interacted with. | |||||
| CVE-2008-7064 | 1 Quicksilver Forums | 1 Quicksilver Forums | 2024-02-14 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in the get_lang function in global.php in Quicksilver Forums 1.4.2 and earlier, as used in QSF Portal before 1.4.5, when running on Windows, allows remote attackers to include and execute arbitrary local files via a "\" (backslash) in the lang parameter to index.php, which bypasses a protection mechanism that only checks for "/" (forward slash), as demonstrated by uploading and including PHP code in an avatar file. | |||||
| CVE-2018-7467 | 1 Axxonsoft | 1 Next | 2024-02-14 | 5.0 MEDIUM | 7.5 HIGH |
| AxxonSoft Axxon Next has Directory Traversal via an initial /css//..%2f substring in a URI. | |||||
| CVE-2011-0966 | 1 Cisco | 1 Ciscoworks Common Services | 2024-02-14 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in cwhp/auditLog.do in the Homepage Auditing component in Cisco CiscoWorks Common Services 3.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, aka Bug ID CSCto35577. | |||||
| CVE-2019-11397 | 2 Microsoft, Rapidflows | 2 .net Framework, Rapid4 | 2024-02-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| GetFile.aspx in Rapid4 RapidFlows Enterprise Application Builder 4.5M.23 (when used with .NET Framework 4.5) allows Local File Inclusion via the FileDesc parameter. | |||||
| CVE-2009-1730 | 1 Netmechanica | 1 Netdecision Tftp Server | 2024-02-14 | 10.0 HIGH | N/A |
| Multiple directory traversal vulnerabilities in NetMechanica NetDecision TFTP Server 4.2 allow remote attackers to read or modify arbitrary files via directory traversal sequences in the (1) GET or (2) PUT command. | |||||
| CVE-2019-12169 | 1 Atutor | 1 Atutor | 2024-02-14 | 6.8 MEDIUM | 8.8 HIGH |
| ATutor 2.2.4 allows Arbitrary File Upload and Directory Traversal, resulting in remote code execution via a ".." pathname in a ZIP archive to the mods/_core/languages/language_import.php (aka Import New Language) or mods/_standard/patcher/index_admin.php (aka Patcher) component. | |||||
| CVE-2009-2922 | 1 Pixaria | 1 Pixaria Gallery | 2024-02-14 | 7.8 HIGH | N/A |
| Absolute path traversal vulnerability in pixaria.image.php in Pixaria Gallery 2.0.0 through 2.3.5 allows remote attackers to read arbitrary files via a base64-encoded file parameter. | |||||
| CVE-2018-16457 | 1 Open Source Real-estate Script Project | 1 Open Source Real-estate Script | 2024-02-14 | 5.0 MEDIUM | 5.3 MEDIUM |
| PHP Scripts Mall Open Source Real-estate Script 3.6.2 allows remote attackers to list the wp-content/themes/template_dp_dec2015/img directory. | |||||
| CVE-2018-18713 | 1 Phpyun | 1 Phpyun | 2024-02-14 | 5.0 MEDIUM | 7.5 HIGH |
| The function down_sql_action() in /admin/model/database.class.php in PHPYun 4.6 allows remote attackers to read arbitrary files via directory traversal in an m=database&c=down_sql&name=../ URI. | |||||
| CVE-2019-16123 | 1 Kartatopia | 1 Piluscart | 2024-02-14 | 5.0 MEDIUM | 7.5 HIGH |
| In Kartatopia PilusCart 1.4.1, the parameter filename in the file catalog.php is mishandled, leading to ../ Local File Disclosure. | |||||
| CVE-2020-36142 | 1 Bloofox | 1 Bloofoxcms | 2024-02-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| BloofoxCMS 0.5.2.1 allows Directory traversal vulnerability by inserting '../' payloads within the 'fileurl' parameter. | |||||
| CVE-2013-6226 | 1 Ajaxplorer | 1 Ajaxplorer | 2024-02-14 | 8.5 HIGH | N/A |
| Directory traversal vulnerability in plugins/editor.zoho/agent/save_zoho.php in the Zoho plugin in Pydio (formerly AjaXplorer) before 5.0.4 allows remote attackers to read or delete arbitrary files via unspecified vectors. | |||||
| CVE-2009-3902 | 2 Cherokee, Microsoft | 2 Cherokee Httpd, Windows | 2024-02-14 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Cherokee Web Server 0.5.4 and earlier for Windows allows remote attackers to read arbitrary files via a /\.. (slash backslash dot dot) in the URL. | |||||
| CVE-2009-0325 | 1 Ninjadesigns | 1 Ninja Blog | 2024-02-14 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in entries/index.php in Ninja Blog 4.8, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the cat parameter. | |||||
| CVE-2011-0049 | 1 Mj2 | 1 Majordomo 2 | 2024-02-14 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the _list_file_get function in lib/Majordomo.pm in Majordomo 2 before 20110131 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the help command, as demonstrated using (1) a crafted email and (2) cgi-bin/mj_wwwusr in the web interface. | |||||
| CVE-2009-0288 | 1 Windows Tftp Utility | 1 Tftputil | 2024-02-14 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in k23productions TFTPUtil GUI 1.2.0 and 1.3.0 allows remote attackers to read arbitrary files outside the TFTP root directory via directory traversal sequences in a GET request. | |||||