Total
8266 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-4402 | 1 Docsys Project | 1 Docsys | 2024-11-21 | N/A | 4.7 MEDIUM |
|
A vulnerability classified as critical has been found in RainyGao DocSys 2.02.37. This affects an unknown part of the component ZIP File Decompression Handler. The manipulation leads to path traversal: '../filedir'. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-215271.
|
|||||
| CVE-2022-4065 | 1 Testng Project | 1 Testng | 2024-11-21 | 6.5 MEDIUM | 5.5 MEDIUM |
|
A vulnerability was found in cbeust testng 7.5.0/7.6.0/7.6.1/7.7.0. It has been declared as critical. Affected by this vulnerability is the function testngXmlExistsInJar of the file testng-core/src/main/java/org/testng/JarFileUtils.java of the component XML File Parser. The manipulation leads to path traversal. The attack can be launched remotely. Upgrading to version 7.5.1 and 7.7.1 is able to address this issue. The patch is named 9150736cd2c123a6a3b60e6193630859f9f0422b. It is recommended to ...
Show More |
|||||
| CVE-2022-4031 | 1 Simple-press | 1 Simple\ | 2024-11-21 | N/A | 3.8 LOW |
|
The Simple:Press plugin for WordPress is vulnerable to arbitrary file modifications in versions up to, and including, 6.8 via the 'file' parameter which does not properly restrict files to be edited in the context of the plugin. This makes it possible with attackers, with high-level permissions such as an administrator, to supply paths to arbitrary files on the server that can be modified outside of the intended scope of the plugin.
|
|||||
| CVE-2022-4030 | 1 Simple-press | 1 Simple\ | 2024-11-21 | N/A | 8.1 HIGH |
|
The Simple:Press plugin for WordPress is vulnerable to Path Traversal in versions up to, and including, 6.8 via the 'file' parameter which can be manipulated during user avatar deletion. This makes it possible with attackers, with minimal permissions such as a subscriber, to supply paths to arbitrary files on the server that will subsequently be deleted. This can be used to delete the wp-config.php file that can allow an attacker to configure the site and achieve remote code execution.
|
|||||
| CVE-2022-48476 | 1 Jetbrains | 1 Ktor | 2024-11-21 | N/A | 7.5 HIGH |
|
In JetBrains Ktor before 2.3.0 path traversal in the `resolveResource` method was possible
|
|||||
| CVE-2022-48361 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 5.3 MEDIUM |
|
The Always On Display (AOD) has a path traversal vulnerability in theme files. Successful exploitation of this vulnerability may cause a failure in reading AOD theme resources.
|
|||||
| CVE-2022-48285 | 1 Jszip Project | 1 Jszip | 2024-11-21 | N/A | 7.3 HIGH |
|
loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive.
|
|||||
| CVE-2022-47757 | 1 Imo | 1 Imo | 2024-11-21 | N/A | 9.8 CRITICAL |
|
In imo.im 2022.11.1051, a path traversal vulnerability delivered via an unsanitized deeplink can force the application to write a file into the application's data directory. This may allow an attacker to save a shared library under a special directory which the app uses to dynamically load modules. Loading the library can lead to arbitrary code execution.
|
|||||
| CVE-2022-47595 | 1 Codecabin | 1 Wp Go Maps | 2024-11-21 | N/A | 4.9 MEDIUM |
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP Go Maps (formerly WP Google Maps) plugin <= 9.0.15 versions.
|
|||||
| CVE-2022-47506 | 1 Solarwinds | 1 Orion Platform | 2024-11-21 | N/A | 7.8 HIGH |
|
SolarWinds Platform was susceptible to the Directory Traversal Vulnerability. This vulnerability allows a local adversary with authenticated account access to edit the default configuration, enabling the execution of arbitrary commands.
|
|||||
| CVE-2022-46902 | 1 Vocera | 2 Report Server, Voice Server | 2024-11-21 | N/A | 7.5 HIGH |
|
An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is a Path Traversal for an Unzip operation. The Vocera Report Console contains a websocket function that allows for the restoration of the database from a ZIP archive that expects a SQL import file. During the unzip operation, the code takes file paths from the ZIP archive and writes them to a Vocera temporary directory. Unfortunately, the code does not properly check if the file paths include directory trave ...
Show More |
|||||
| CVE-2022-46900 | 1 Vocera | 2 Report Server, Voice Server | 2024-11-21 | N/A | 6.5 MEDIUM |
|
An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Path Traversal in the Task Exec filename. The Vocera Report Console contains various jobs that are executed on the server at specified intervals, e.g., backup, etc. An authenticated user has the ability to modify these entries and set the executable path and parameters.
|
|||||
| CVE-2022-46898 | 1 Vocera | 2 Report Server, Voice Server | 2024-11-21 | N/A | 9.8 CRITICAL |
|
An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Path Traversal via the "restore SQL data" filename. The Vocera Report Console contains a websocket function that allows for the restoration of the database from a ZIP archive that expects a SQL import file. The filename provided is not properly sanitized and allows for the inclusion of a path-traversal payload that can be used to escape the intended Vocera restoration directory. An attacker could exploit t ...
Show More |
|||||
| CVE-2022-46835 | 1 Sailpoint | 1 Identityiq | 2024-11-21 | N/A | 8.8 HIGH |
|
IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p2, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p5, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6 allow access to arbitrary files in the application server filesystem due to a path traversal vulnerability in JavaServer Faces (JSF) 2.2.20 documented in CVE-2020-6950.
|
|||||
| CVE-2022-46826 | 1 Jetbrains | 1 Intellij Idea | 2024-11-21 | N/A | 6.2 MEDIUM |
|
In JetBrains IntelliJ IDEA before 2022.3 the built-in web server allowed an arbitrary file to be read by exploiting a path traversal vulnerability.
|
|||||
| CVE-2022-46309 | 1 Vitalsesp | 1 Vitals Esp | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Vitals ESP upload function has a path traversal vulnerability. A remote attacker with general user privilege can exploit this vulnerability to access arbitrary system files.
|
|||||
| CVE-2022-46306 | 1 Changingtec | 1 Servisign | 2024-11-21 | N/A | 8.8 HIGH |
|
ChangingTec ServiSign component has a path traversal vulnerability due to insufficient filtering for special characters in the DLL file path. An unauthenticated remote attacker can host a malicious website for the component user to access, which triggers the component to load malicious DLL files under arbitrary file path and allows the attacker to perform arbitrary system operation and disrupt of service.
|
|||||
| CVE-2022-46305 | 1 Changingtec | 1 Servisign | 2024-11-21 | N/A | 6.5 MEDIUM |
|
ChangingTec ServiSign component has a path traversal vulnerability. An unauthenticated LAN attacker can exploit this vulnerability to bypass authentication and access arbitrary system files.
|
|||||
| CVE-2022-46178 | 1 Metersphere | 1 Metersphere | 2024-11-21 | N/A | 7.4 HIGH |
|
MeterSphere is a one-stop open source continuous testing platform, covering test management, interface testing, UI testing and performance testing. Versions prior to 2.5.1 allow users to upload a file, but do not validate the file name, which may lead to upload file to any path. The vulnerability has been fixed in v2.5.1. There are no workarounds.
|
|||||
| CVE-2022-46171 | 1 Tauri | 1 Tauri | 2024-11-21 | N/A | 6.8 MEDIUM |
|
Tauri is a framework for building binaries for all major desktop platforms. The filesystem glob pattern wildcards `*`, `?`, and `[...]` match file path literals and leading dots by default, which unintentionally exposes sub folder content of allowed paths. Scopes without the wildcards are not affected. As `**` allows for sub directories the behavior there is also as expected. The issue has been patched in the latest release and was backported into the currently supported 1.x branches. There are ...
Show More |
|||||
| CVE-2022-46154 | 1 Kodcloud | 1 Kodexplorer | 2024-11-21 | N/A | 8.6 HIGH |
|
Kodexplorer is a chinese language web based file manager and browser based code editor. Versions prior to 4.50 did not prevent unauthenticated users from requesting arbitrary files from the host OS file system. As a result any files available to the host process may be accessed by arbitrary users. This issue has been addressed in version 4.50. Users are advised to upgrade. There are no known workarounds for this issue.
|
|||||
| CVE-2022-45852 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in FormAssembly / Drew Buschhorn WP-FormAssembly allows Path Traversal.This issue affects WP-FormAssembly: from n/a through 2.0.5.
|
|||||
| CVE-2022-45833 | 1 Wp-ecommerce | 1 Easy Wp Smtp | 2024-11-21 | N/A | 6.8 MEDIUM |
|
Auth. Path Traversal vulnerability in Easy WP SMTP plugin <= 1.5.1 on WordPress.
|
|||||
| CVE-2022-45829 | 1 Wp-ecommerce | 1 Easy Wp Smtp | 2024-11-21 | N/A | 8.7 HIGH |
|
Auth. Path Traversal vulnerability in Easy WP SMTP plugin <= 1.5.1 at WordPress.
|
|||||
| CVE-2022-45792 | 1 Omron | 1 Sysmac Studio | 2024-11-21 | N/A | 7.8 HIGH |
|
Project files may contain malicious contents which the software will use to create files on the filesystem. This allows directory traversal and overwriting files with the privileges of the logged-in user.
|
|||||
| CVE-2022-45447 | 1 Prestashop | 1 M4 Pdf | 2024-11-21 | N/A | 6.5 MEDIUM |
|
M4 PDF plugin for Prestashop sites, in its 3.2.3 version and before, is vulnerable to a directory traversal vulnerability. The “f” parameter is not properly checked in the resource /m4pdf/pdf.php, returning any file given its relative path. An attacker that exploits this vulnerability could download /etc/passwd from the server if the file exists.
|
|||||
| CVE-2022-45368 | 2024-11-21 | N/A | 7.7 HIGH | ||
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Lenderd 1003 Mortgage Application allows Relative Path Traversal.This issue affects 1003 Mortgage Application: from n/a through 1.75.
|
|||||
| CVE-2022-45184 | 1 Ironmansoftware | 1 Powershell Universal | 2024-11-21 | N/A | 7.2 HIGH |
|
The Web Server in Ironman Software PowerShell Universal v3.x and v2.x allows for directory traversal outside of the configuration directory, which allows a remote attacker with administrator privilege to create, delete, update, and display files outside of the configuration directory via a crafted HTTP request to particular endpoints in the web server. Patched Versions are 3.5.3 and 3.4.7.
|
|||||
| CVE-2022-45093 | 1 Siemens | 1 Sinec Ins | 2024-11-21 | N/A | 8.5 HIGH |
|
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1). An authenticated remote attacker with access to the Web Based Management (443/tcp) of the affected product as well as with access to the SFTP server of the affected product (22/tcp), could potentially read and write arbitrary files from and to the device's file system. An attacker might leverage this to trigger remote code execution on the affected component.
|
|||||
| CVE-2022-45092 | 1 Siemens | 1 Sinec Ins | 2024-11-21 | N/A | 9.9 CRITICAL |
|
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1). An authenticated remote attacker with access to the Web Based Management (443/tcp) of the affected product, could potentially read and write arbitrary files from and to the device's file system. An attacker might leverage this to trigger remote code execution on the affected component.
|
|||||
| CVE-2022-44749 | 1 Knime | 1 Knime Analytics Platform | 2024-11-21 | N/A | 5.5 MEDIUM |
|
A directory traversal vulnerability in the ZIP archive extraction routines of KNIME Analytics Platform 3.2.0 and above can result in arbitrary files being overwritten on the user's system. This vulnerability is also known as 'Zip-Slip'.
An attacker can create a KNIME workflow that, when being opened by a user, can overwrite arbitrary files that the user has write access to. It's not necessary to execute the workflow, opening the workflow is sufficient. The user will notice that something is ...
Show More |
|||||
| CVE-2022-44748 | 1 Knime | 1 Knime Server | 2024-11-21 | N/A | 7.1 HIGH |
|
A directory traversal vulnerability in the ZIP archive extraction routines of KNIME Server since 4.3.0 can result in arbitrary files being overwritten on the server's file system. This vulnerability is also known as 'Zip-Slip'.
An attacker can create a KNIME workflow that, when being uploaded, can overwrite arbitrary files that the operating system user running the KNIME Server process has write access to. The user must be authenticated and have permissions to upload files to KNIME Server.
...
Show More |
|||||
| CVE-2022-43979 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | N/A | 5.9 MEDIUM |
|
There is a Path Traversal that leads to a Local File Inclusion in Pandora FMS v764. A function is called to check that the parameter that the user has inserted does not contain malicious characteres, but this check is insufficient. An attacker could insert an absolute path to overcome the heck, thus being able to incluse any PHP file that resides on the disk. The exploitation of this vulnerability could lead to a remote code execution.
|
|||||
| CVE-2022-43864 | 1 Ibm | 2 Business Automation Workflow, Business Monitor | 2024-11-21 | N/A | 7.5 HIGH |
|
IBM Business Automation Workflow 22.0.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 239427.
|
|||||
| CVE-2022-43858 | 1 Ibm | 1 I | 2024-11-21 | N/A | 4.3 MEDIUM |
|
IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to access the file system and download files they are authorized to but not while using this interface. The remote authenticated user can bypass the interface checks by modifying a parameter thereby gaining access to their files through this interface. IBM X-Force ID: 239303.
|
|||||
| CVE-2022-43857 | 1 Ibm | 1 I | 2024-11-21 | N/A | 4.3 MEDIUM |
|
IBM Navigator for i 7.3, 7.4 and 7.5 could allow an authenticated user to access IBM Navigator for i log files they are authorized to but not while using this interface. The remote authenticated user can bypass the interface checks and download log files by modifying servlet filter. IBM X-Force ID: 239301.
|
|||||
| CVE-2022-43771 | 1 Hitachi | 1 Vantara Pentaho Business Analytics Server | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.0 and 9.3.0.1, including 8.3.x, using the Pentaho Data Access plugin exposes a service endpoint for CSV import which allows a user supplied path to access resources that are out of bounds.
|
|||||
| CVE-2022-43753 | 2 Suse, Uyuni-project | 2 Manager Server, Uyuni | 2024-11-21 | N/A | 4.3 MEDIUM |
|
A Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterprise Module for SUSE Manager Server 4.3, SUSE Manager Server 4.2 allows remote attackers to read files available to the user running the process, typically tomcat. This issue affects: SUSE Linux Enterprise Module for SUSE Manager Server 4.2 hub-xmlrpc-api-0.7-150300.3.9.2, inter-server-sync-0.2.4-150300.8.2 ...
Show More |
|||||
| CVE-2022-43748 | 1 Synology | 1 Presto File Server | 2024-11-21 | N/A | 5.8 MEDIUM |
|
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in file operation management in Synology Presto File Server before 2.1.2-1601 allows remote attackers to write arbitrary files via unspecified vectors.
|
|||||
| CVE-2022-43514 | 1 Siemens | 1 Automation License Manager | 2024-11-21 | N/A | 7.7 HIGH |
|
A vulnerability has been identified in Automation License Manager V5 (All versions), Automation License Manager V6 (All versions < V6.0 SP9 Upd4), TeleControl Server Basic V3 (All versions < V3.1.2). The affected component does not correctly validate the root path on folder related operations, allowing to modify files and folders outside the intended root directory.
This could allow an unauthenticated remote attacker to execute file operations of files outside of the specified root folder. Chai ...
Show More |
|||||