Total
8266 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-20066 | 1 Cisco | 271 1000 Integrated Services Router, 1100-4g Integrated Services Router, 1100-4p Integrated Services Router and 268 more | 2024-11-21 | N/A | 6.5 MEDIUM |
|
A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to perform a directory traversal and access resources that are outside the filesystem mountpoint of the web UI. This vulnerability is due to an insufficient security configuration. An attacker could exploit this vulnerability by sending a crafted request to the web UI. A successful exploit could allow the attacker to gain read access to files that are outside the filesystem mountpoint of the web ...
Show More |
|||||
| CVE-2023-1956 | 1 Oretnom23 | 1 Online Computer And Laptop Store | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
|
A vulnerability classified as critical was found in SourceCodester Online Computer and Laptop Store 1.0. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php?f=delete_img of the component Image Handler. The manipulation of the argument path leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225343.
|
|||||
| CVE-2023-1864 | 1 Fanuc | 2 Roboguide Handlingpro, Roboguide Handlingpro Firmware | 2024-11-21 | N/A | 6.8 MEDIUM |
|
FANUC ROBOGUIDE-HandlingPRO Versions 9 Rev.ZD and prior is vulnerable to
a path traversal, which could allow an attacker to remotely read files
on the system running the affected software.
|
|||||
| CVE-2023-1467 | 1 Oretnom23 | 1 Student Study Center Desk Management System | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
|
A vulnerability classified as critical has been found in SourceCodester Student Study Center Desk Management System 1.0. Affected is an unknown function of the file Master.php?f=delete_img of the component POST Parameter Handler. The manipulation of the argument path with the input C%3A%2Ffoo.txt leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-223326 is the identifier assigned to this vulnerability.
|
|||||
| CVE-2023-1398 | 1 Teacms Project | 1 Teacms | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability classified as critical was found in XiaoBingBy TeaCMS 2.0. Affected by this vulnerability is an unknown functionality of the file /admin/upload. The manipulation leads to path traversal: '../filedir'. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222985 was assigned to this vulnerability.
|
|||||
| CVE-2023-1191 | 1 Xjd2020 | 1 Fastcms | 2024-11-21 | 5.8 MEDIUM | 4.7 MEDIUM |
|
A vulnerability classified as problematic has been found in fastcms. This affects an unknown part of the file admin/TemplateController.java of the component ZIP File Handler. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB- ...
Show More |
|||||
| CVE-2023-1183 | 3 Fedoraproject, Libreoffice, Redhat | 3 Fedora, Libreoffice, Enterprise Linux | 2024-11-21 | N/A | 5.0 MEDIUM |
|
A flaw was found in the Libreoffice package. An attacker can craft an odb containing a "database/script" file with a SCRIPT command where the contents of the file could be written to a new file whose location was determined by the attacker.
|
|||||
| CVE-2023-1177 | 1 Lfprojects | 1 Mlflow | 2024-11-21 | N/A | 9.3 CRITICAL |
|
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.2.1.
|
|||||
| CVE-2023-1163 | 1 Draytek | 2 Vigor 2960, Vigor 2960 Firmware | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in DrayTek Vigor 2960 1.5.1.4/1.5.1.5 and classified as critical. Affected by this vulnerability is the function getSyslogFile of the file mainfunction.cgi of the component Web Management Interface. The manipulation of the argument option leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222259. NOTE: This ...
Show More |
|||||
| CVE-2023-1142 | 1 Deltaww | 1 Infrasuite Device Master | 2024-11-21 | N/A | 7.5 HIGH |
|
In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use URL decoding to retrieve system files, credentials, and bypass authentication resulting in privilege escalation.
|
|||||
| CVE-2023-1134 | 1 Deltaww | 1 Infrasuite Device Master | 2024-11-21 | N/A | 7.1 HIGH |
|
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a path traversal vulnerability, which could allow an attacker to read local files, disclose plaintext credentials, and escalate privileges.
|
|||||
| CVE-2023-1112 | 1 Codedropz | 1 Drag And Drop Multiple File Upload - Contact Form 7 | 2024-11-21 | 5.8 MEDIUM | 4.7 MEDIUM |
|
A vulnerability was found in Drag and Drop Multiple File Upload Contact Form 7 5.0.6.1 on WordPress. It has been classified as critical. Affected is an unknown function of the file admin-ajax.php. The manipulation of the argument upload_name leads to relative path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222072.
|
|||||
| CVE-2023-1109 | 1 Phoenixcontact | 7 Energy Axc Pu, Infobox, Infobox Firmware and 4 more | 2024-11-21 | N/A | 8.8 HIGH |
|
In Phoenix Contacts ENERGY AXC PU Web service an authenticated restricted user of the web frontend can access, read, write and create files throughout the file system using specially crafted URLs via the upload and download functionality of the web service. This may lead to full control of the service.
|
|||||
| CVE-2023-1045 | 1 Muyucms | 1 Muyucms | 2024-11-21 | 4.7 MEDIUM | 3.8 LOW |
|
A vulnerability was found in MuYuCMS 2.2. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin.php/accessory/filesdel.html. The manipulation of the argument filedelur leads to relative path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221804.
|
|||||
| CVE-2023-1044 | 1 Muyucms | 1 Muyucms | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability was found in MuYuCMS 2.2. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /editor/index.php. The manipulation of the argument file_path leads to relative path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221803.
|
|||||
| CVE-2023-1043 | 1 Muyucms | 1 Muyucms | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability was found in MuYuCMS 2.2. It has been classified as problematic. Affected is an unknown function of the file /editor/index.php. The manipulation of the argument dir_path leads to relative path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-221802 is the identifier assigned to this vulnerability.
|
|||||
| CVE-2023-1009 | 1 Draytek | 2 Vigor2960, Vigor2960 Firmware | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in DrayTek Vigor 2960 1.5.1.4/1.5.1.5. Affected is the function sub_1DF14 of the file /cgi-bin/mainfunction.cgi of the component Web Management Interface. The manipulation of the argument option with the input /../etc/passwd- leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-221742 is the identifier assigned to this vulnerabi ...
Show More |
|||||
| CVE-2023-1002 | 1 Muyucms | 1 Muyucms | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability, which was classified as problematic, has been found in MuYuCMS 2.2. This issue affects some unknown processing of the file index.php. The manipulation of the argument file_path leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221735.
|
|||||
| CVE-2023-0956 | 1 Tel-ster | 1 Telwin Scada Webinterface | 2024-11-21 | N/A | 7.5 HIGH |
|
External input could be used on TEL-STER TelWin SCADA WebInterface to construct paths to files and directories without properly neutralizing special elements within the pathname, which could allow an unauthenticated attacker to read files on the system.
|
|||||
| CVE-2023-0947 | 1 Flatpress | 1 Flatpress | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Path Traversal in GitHub repository flatpressblog/flatpress prior to 1.3.
|
|||||
| CVE-2023-0862 | 1 Netmodule | 10 Nb1601, Nb1800, Nb1810 and 7 more | 2024-11-21 | N/A | 7.2 HIGH |
|
The NetModule NSRW web administration interface is vulnerable to path traversals, which could lead to arbitrary file uploads and deletion. By uploading malicious files to the web root directory, authenticated users could gain remote command execution with elevated privileges.
This issue affects NSRW: from 4.3.0.0 before 4.3.0.119, from 4.4.0.0 before 4.4.0.118, from 4.6.0.0 before 4.6.0.105, from 4.7.0.0 before 4.7.0.103.
|
|||||
| CVE-2023-0745 | 1 Yugabyte | 1 Yugabytedb Managed | 2024-11-21 | N/A | 6.7 MEDIUM |
|
The High Availability functionality of Yugabyte Anywhere can be abused to write arbitrary
files through the backup upload endpoint by using path traversal characters.
This vulnerability is associated with program files PlatformReplicationManager.Java.
This issue affects YugabyteDB Anywhere: from 2.0.0.0 through 2.13.0.0
|
|||||
| CVE-2023-0593 | 1 Yaffshiv Project | 1 Yaffshiv | 2024-11-21 | N/A | 5.5 MEDIUM |
|
A path traversal vulnerability affects yaffshiv YAFFS filesystem extractor. By crafting a malicious YAFFS file, an attacker could force yaffshiv to write outside of the extraction directory.
This issue affects yaffshiv up to version 0.1 included, which is the most recent at time of publication.
|
|||||
| CVE-2023-0592 | 1 Jefferson Project | 1 Jefferson | 2024-11-21 | N/A | 5.5 MEDIUM |
|
A path traversal vulnerability affects jefferson's JFFS2 filesystem extractor. By crafting malicious JFFS2 files, attackers could force jefferson to write outside of the extraction directory.This issue affects jefferson: before 0.4.1.
|
|||||
| CVE-2023-0591 | 1 Ubi Reader Project | 1 Ubi Reader | 2024-11-21 | N/A | 5.5 MEDIUM |
|
ubireader_extract_files is vulnerable to path traversal when run against specifically crafted UBIFS files, allowing the attacker to overwrite files outside of the extraction directory (provided the process has write access to that file or directory).
This is due to the fact that a node name (dent_node.name) is considered trusted and joined to the extraction directory path during processing, then the node content is written to that joined path. By crafting a malicious UBIFS file with node names ...
Show More |
|||||
| CVE-2023-0104 | 1 Weintek | 1 Easybuilder Pro | 2024-11-21 | N/A | 9.3 CRITICAL |
|
The listed versions for Weintek EasyBuilder Pro are vulnerable to a ZipSlip attack caused by decompiling a malicious project file. This may allow an attacker to gain control of the user’s computer or gain access to sensitive data.
|
|||||
| CVE-2022-4885 | 1 Jefferson Project | 1 Jefferson | 2024-11-21 | 5.1 MEDIUM | 5.0 MEDIUM |
|
A vulnerability has been found in sviehb jefferson up to 0.3 and classified as critical. This vulnerability affects unknown code of the file src/scripts/jefferson. The manipulation leads to path traversal. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 0.4 is able to address this issue. The name of the patch is 53b3f2fc34af0bb32afbcee29d18213e61471d87. It is recommended to upgrade the affected compo ...
Show More |
|||||
| CVE-2022-4884 | 1 Checkmk | 1 Checkmk | 2024-11-21 | N/A | 3.5 LOW |
|
Path-Traversal in MKP storing in Tribe29 Checkmk <=2.0.0p32 and <= 2.1.0p18 allows an administrator to write mkp files to arbitrary locations via a malicious mkp file.
|
|||||
| CVE-2022-4880 | 1 Openutau | 1 Openutau | 2024-11-21 | 5.2 MEDIUM | 5.5 MEDIUM |
|
A vulnerability was found in stakira OpenUtau. It has been classified as critical. This affects the function VoicebankInstaller of the file OpenUtau.Core/Classic/VoicebankInstaller.cs of the component ZIP Archive Handler. The manipulation leads to path traversal. Upgrading to version 0.0.991 is able to address this issue. The identifier of the patch is 849a0a6912aac8b1c28cc32aa1132a3140caff4a. It is recommended to upgrade the affected component. The identifier VDB-217617 was assigned to this vul ...
Show More |
|||||
| CVE-2022-4878 | 1 Jatos | 1 Jatos | 2024-11-21 | 5.2 MEDIUM | 5.5 MEDIUM |
|
A vulnerability classified as critical has been found in JATOS. Affected is the function ZipUtil of the file modules/common/app/utils/common/ZipUtil.java of the component ZIP Handler. The manipulation leads to path traversal. Upgrading to version 3.7.5-alpha is able to address this issue. The name of the patch is 2b42519f309d8164e8811392770ce604cdabb5da. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217548.
|
|||||
| CVE-2022-4773 | 1 Cloudsync Project | 1 Cloudsync | 2024-11-21 | N/A | 2.5 LOW |
|
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic was found in cloudsync. Affected by this vulnerability is the function getItem of the file src/main/java/cloudsync/connector/LocalFilesystemConnector.java. The manipulation leads to path traversal. It is possible to launch the attack on the local host. The name of the patch is 3ad796833398af257c28e0ebeade68518e0e612a. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is V ...
Show More |
|||||
| CVE-2022-4772 | 1 Widoco Project | 1 Widoco | 2024-11-21 | N/A | 4.5 MEDIUM |
|
A vulnerability was found in Widoco and classified as critical. Affected by this issue is the function unZipIt of the file src/main/java/widoco/WidocoUtils.java. The manipulation leads to path traversal. It is possible to launch the attack on the local host. The name of the patch is f2279b76827f32190adfa9bd5229b7d5a147fa92. It is recommended to apply a patch to fix this issue. VDB-216914 is the identifier assigned to this vulnerability.
|
|||||
| CVE-2022-4748 | 1 Flatpress | 1 Flatpress | 2024-11-21 | N/A | 5.5 MEDIUM |
|
A vulnerability was found in FlatPress. It has been classified as critical. This affects the function doItemActions of the file fp-plugins/mediamanager/panels/panel.mediamanager.file.php of the component File Delete Handler. The manipulation of the argument deletefile leads to path traversal. The name of the patch is 5d5c7f6d8f072d14926fc2c3a97cdd763802f170. It is recommended to apply a patch to fix this issue. The identifier VDB-216861 was assigned to this vulnerability.
|
|||||
| CVE-2022-4636 | 1 Blackbox | 10 Acr1000a-r-r2, Acr1000a-r-r2 Firmware, Acr1000a-t-r2 and 7 more | 2024-11-21 | N/A | 7.5 HIGH |
|
Black Box KVM Firmware version 3.4.31307 on models ACR1000A-R-R2, ACR1000A-T-R2, ACR1002A-T, ACR1002A-R, and ACR1020A-T is vulnerable to path traversal, which may allow an attacker to steal user credentials and other sensitive information through local file inclusion.
|
|||||
| CVE-2022-4594 | 1 Tjws2 Project | 1 Tjws2 | 2024-11-21 | N/A | 6.3 MEDIUM |
|
A vulnerability was found in drogatkin TJWS2. It has been declared as critical. Affected by this vulnerability is the function deployWar of the file 1.x/src/rogatkin/web/WarRoller.java. The manipulation leads to path traversal. The attack can be launched remotely. The name of the patch is 1bac15c496ec54efe21ad7fab4e17633778582fc. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216187.
|
|||||
| CVE-2022-4583 | 1 Neuroml | 1 Jlems | 2024-11-21 | N/A | 6.3 MEDIUM |
|
A vulnerability was found in jLEMS. It has been declared as critical. Affected by this vulnerability is the function unpackJar of the file src/main/java/org/lemsml/jlems/io/util/JUtil.java. The manipulation leads to path traversal. The attack can be launched remotely. The name of the patch is 8c224637d7d561076364a9e3c2c375daeaf463dc. It is recommended to apply a patch to fix this issue. The identifier VDB-216169 was assigned to this vulnerability.
|
|||||
| CVE-2022-4572 | 1 Ubi Reader Project | 1 Ubi Reader | 2024-11-21 | N/A | 5.4 MEDIUM |
|
A vulnerability, which was classified as problematic, has been found in UBI Reader up to 0.8.0. Affected by this issue is the function ubireader_extract_files of the file ubireader/ubifs/output.py of the component UBIFS File Handler. The manipulation leads to path traversal. The attack may be launched remotely. Upgrading to version 0.8.5 is able to address this issue. The name of the patch is d5d68e6b1b9f7070c29df5f67fc060f579ae9139. It is recommended to upgrade the affected component. VDB-21614 ...
Show More |
|||||
| CVE-2022-4511 | 1 Docsys Project | 1 Docsys | 2024-11-21 | N/A | 5.3 MEDIUM |
|
A vulnerability has been found in RainyGao DocSys and classified as critical. Affected by this vulnerability is an unknown functionality of the component com.DocSystem.controller.UserController#getUserImg. The manipulation leads to path traversal: '../filedir'. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-215851.
|
|||||
| CVE-2022-4494 | 1 Mcp Mapping Viewer Project | 1 Mcp Mapping Viewer | 2024-11-21 | N/A | 6.3 MEDIUM |
|
A vulnerability, which was classified as critical, has been found in bspkrs MCPMappingViewer. Affected by this issue is the function extractZip of the file src/main/java/bspkrs/mmv/RemoteZipHandler.java of the component ZIP File Handler. The manipulation leads to path traversal. The attack may be launched remotely. The name of the patch is 6e602746c96b4756c271d080dae7d22ad804a1bd. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-215804.
|
|||||
| CVE-2022-4493 | 1 Scif | 1 Scifio | 2024-11-21 | N/A | 6.3 MEDIUM |
|
A vulnerability classified as critical was found in scifio. Affected by this vulnerability is the function downloadAndUnpackResource of the file src/test/java/io/scif/util/DefaultSampleFilesService.java of the component ZIP File Handler. The manipulation leads to path traversal. The attack can be launched remotely. The name of the patch is fcb0dbca0ec72b22fe0c9ddc8abc9cb188a0ff31. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-215803.
|
|||||