Total
8266 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-46381 | 1 Dlink | 2 Dap-1620, Dap-1620 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Local File Inclusion due to path traversal in D-Link DAP-1620 leads to unauthorized internal files reading [/etc/passwd] and [/etc/shadow].
|
|||||
| CVE-2021-46203 | 1 Taogogo | 1 Taocms | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Taocms v3.0.2 was discovered to contain an arbitrary file read vulnerability via the path parameter.
|
|||||
| CVE-2021-46104 | 1 Webp | 1 Webp Server Go | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in webp_server_go 0.4.0. There is a directory traversal vulnerability that can read arbitrary file information on the server.
|
|||||
| CVE-2021-45967 | 2 Igniterealtime, Pascom | 2 Openfire, Cloud Phone System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.
|
|||||
| CVE-2021-45887 | 1 Ponton | 1 X\/p Messenger | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in PONTON X/P Messenger before 3.11.2. Due to path traversal in private/SchemaSetUpload.do for uploaded ZIP files, an executable script can be uploaded by web application administrators, giving the attacker remote code execution on the underlying server via an imgs/*.jsp URI.
|
|||||
| CVE-2021-45783 | 1 Bookeen | 2 Notea, Notea Firmware | 2024-11-21 | 2.1 LOW | 4.6 MEDIUM |
|
Bookeen Notea Firmware BK_R_1.0.5_20210608 is affected by a directory traversal vulnerability that allows an attacker to obtain sensitive information.
|
|||||
| CVE-2021-45746 | 1 Webank | 1 Wecube | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A Directory Traversal vulnerability exists in WeBankPartners wecube-platform 3.2.1 via the file variable in PluginPackageController.java.
|
|||||
| CVE-2021-45712 | 1 Rust-embed Project | 1 Rust-embed | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in the rust-embed crate before 6.3.0 for Rust. A ../ directory traversal can sometimes occur in debug mode.
|
|||||
| CVE-2021-45452 | 2 Djangoproject, Fedoraproject | 2 Django, Fedora | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1 allows directory traversal if crafted filenames are directly passed to it.
|
|||||
| CVE-2021-45448 | 1 Hitachi | 1 Vantara Pentaho | 2024-11-21 | N/A | 7.1 HIGH |
|
Pentaho Business Analytics
Server versions before 9.2.0.2 and 8.3.0.25 using the Pentaho
Analyzer plugin exposes a service endpoint for templates which allows a
user-supplied path to access resources that are out of bounds.
The software uses external input to construct a pathname that is intended to identify a file or
directory that is located underneath a restricted parent directory, but the software does not
properly neutralize special elements within the pathname that can cause the pat ...
Show More |
|||||
| CVE-2021-45427 | 1 Emerson | 2 Xweb300d Evo, Xweb300d Evo Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Emerson XWEB 300D EVO 3.0.7--3ee403 is affected by: unauthenticated arbitrary file deletion due to path traversal. An attacker can browse and delete files without any authentication due to incorrect access control and directory traversal.
|
|||||
| CVE-2021-45418 | 1 Starcharge | 4 Nova 360 Cabinet, Nova 360 Cabinet Firmware, Titan 180 Premium and 1 more | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
Certain Starcharge products are vulnerable to Directory Traversal via main.cgi. The affected products include: Nova 360 Cabinet <=1.3.0.0.6 - Fixed: 1.3.0.0.9 and Titan 180 Premium <=1.3.0.0.7b102 - Fixed: Beta1.3.0.1.0.
|
|||||
| CVE-2021-45286 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Directory Traversal vulnerability exists in ZZCMS 2021 via the skin parameter in 1) index.php, 2) bottom.php, and 3) top_index.php.
|
|||||
| CVE-2021-45043 | 1 Hd-network Real-time Monitoring System Project | 1 Hd-network Real-time Monitoring System | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
HD-Network Real-time Monitoring System 2.0 allows ../ directory traversal to read /etc/shadow via the /language/lang s_Language parameter.
|
|||||
| CVE-2021-45015 | 1 Taogogo | 1 Taocms | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
|
taocms 3.0.2 is vulnerable to arbitrary file deletion via taocms\include\Model\file.php from line 60 to line 72.
|
|||||
| CVE-2021-44977 | 1 Idreamsoft | 1 Icms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In iCMS <=8.0.0, a directory traversal vulnerability allows an attacker to read arbitrary files.
|
|||||
| CVE-2021-44965 | 1 Phpgurukul | 1 Employee Record Management System | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
Directory traversal vulnerability in /admin/includes/* directory for PHPGURUKUL Employee Record Management System 1.2 The attacker can retrieve and download sensitive information from the vulnerable server.
|
|||||
| CVE-2021-44737 | 1 Lexmark | 467 6500e, 6500e Firmware, B2236 and 464 more | 2024-11-21 | 8.3 HIGH | 8.8 HIGH |
|
PJL directory traversal vulnerability in Lexmark devices through 2021-12-07 that can be leveraged to overwrite internal configuration files.
|
|||||
| CVE-2021-44725 | 1 Knime | 1 Knime Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
KNIME Server before 4.13.4 allows directory traversal in a request for a client profile.
|
|||||
| CVE-2021-44674 | 1 Opmantek | 1 Open-audit | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
An information exposure issue has been discovered in Opmantek Open-AudIT 4.2.0. The vulnerability allows an authenticated attacker to read file outside of the restricted directory.
|
|||||
| CVE-2021-44665 | 1 Xerte | 1 Xerte | 2024-11-21 | 3.5 LOW | 6.5 MEDIUM |
|
A Directory Traversal vulnerability exists in the Xerte Project Xerte through 3.10.3 when downloading a project file via download.php.
|
|||||
| CVE-2021-44664 | 1 Xerte | 1 Xerte | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
An Authenticated Remote Code Exection (RCE) vulnerability exists in Xerte through 3.9 in website_code/php/import/fileupload.php by uploading a maliciously crafted PHP file though the project interface disguised as a language file to bypasses the upload filters. Attackers can manipulate the files destination by abusing path traversal in the 'mediapath' variable.
|
|||||
| CVE-2021-44586 | 1 Dst-admin Project | 1 Dst-admin | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in dst-admin v1.3.0. The product has an unauthorized arbitrary file download vulnerability that can expose sensitive information.
|
|||||
| CVE-2021-44548 | 2 Apache, Microsoft | 2 Solr, Windows | 2024-11-21 | 6.8 MEDIUM | 9.8 CRITICAL |
|
An Improper Input Validation vulnerability in DataImportHandler of Apache Solr allows an attacker to provide a Windows UNC path resulting in an SMB network call being made from the Solr host to another host on the network. If the attacker has wider access to the network, this may lead to SMB attacks, which may result in: * The exfiltration of sensitive data such as OS user hashes (NTLM/LM hashes), * In case of misconfigured systems, SMB Relay Attacks which can lead to user impersonation on SMB S ...
Show More |
|||||
| CVE-2021-44519 | 1 Citrix | 1 Xenmobile Server | 2024-11-21 | 6.0 MEDIUM | 8.8 HIGH |
|
In Citrix XenMobile Server through 10.12 RP9, there is an Authenticated Directory Traversal vulnerability, leading to remote code execution.
|
|||||
| CVE-2021-44351 | 1 Naviwebs | 1 Navigate Cms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An arbitrary file read vulnerability exists in NavigateCMS 2.9 via /navigate/navigate_download.php id parameter.
|
|||||
| CVE-2021-44278 | 1 Librenms | 1 Librenms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Librenms 21.11.0 is affected by a path manipulation vulnerability in includes/html/pages/device/showconfig.inc.php.
|
|||||
| CVE-2021-44232 | 1 Sap | 1 Saf-t Framework | 2024-11-21 | 4.0 MEDIUM | 7.7 HIGH |
|
SAF-T Framework Transaction SAFTN_G allows an attacker to exploit insufficient validation of path information provided by normal user, leading to full server directory access. The attacker can see the whole filesystem structure but cannot overwrite, delete, or corrupt arbitrary files on the server.
|
|||||
| CVE-2021-44162 | 1 Chinasea | 1 Qb Smart Service Robot | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Chain Sea ai chatbot system’s specific file download function has path traversal vulnerability. The function has improper filtering of special characters in URL parameters, which allows a remote attacker to download arbitrary system files without authentication.
|
|||||
| CVE-2021-44138 | 1 Caucho | 1 Resin | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
There is a Directory traversal vulnerability in Caucho Resin, as distributed in Resin 4.0.52 - 4.0.56, which allows remote attackers to read files in arbitrary directories via a ; in a pathname within an HTTP request.
|
|||||
| CVE-2021-44124 | 1 Hiby | 2 R3 Pro, R3 Pro Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Hiby Music Hiby OS R3 Pro 1.5 and 1.6 is vulnerable to Directory Traversal. The HTTP Server does not have enough input data sanitization when shown data from SD Card, an attacker can navigate through the device's File System over HTTP.
|
|||||
| CVE-2021-44111 | 1 S-cart | 1 S-cart | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
|
A Directory Traversal vulnerability exists in S-Cart 6.7 via download in sc-admin/backup.
|
|||||
| CVE-2021-43988 | 1 Fanuc | 1 Roboguide | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The affected product is vulnerable to a network-based attack by threat actors utilizing crafted naming conventions of files to gain unauthorized access rights.
|
|||||
| CVE-2021-43930 | 1 Smartptt | 1 Smartptt Scada | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
|
Elcomplus SmartPTT is vulnerable as the backup and restore system does not adequately validate download requests, enabling malicious users to perform path traversal attacks and potentially download arbitrary files from the system.
|
|||||
| CVE-2021-43840 | 1 Discourse | 1 Message Bus | 2024-11-21 | 3.5 LOW | 4.4 MEDIUM |
|
message_bus is a messaging bus for Ruby processes and web clients. In versions prior to 3.3.7 users who deployed message bus with diagnostics features enabled (default off) are vulnerable to a path traversal bug, which could lead to disclosure of secret information on a machine if an unintended user were to gain access to the diagnostic route. The impact is also greater if there is no proxy for your web application as the number of steps up the directories is not bounded. For deployments which u ...
Show More |
|||||
| CVE-2021-43836 | 1 Sulu | 1 Sulu | 2024-11-21 | 6.5 MEDIUM | 8.5 HIGH |
|
Sulu is an open-source PHP content management system based on the Symfony framework. In affected versions an attacker can read arbitrary local files via a PHP file include. In a default configuration this also leads to remote code execution. The problem is patched with the Versions 1.6.44, 2.2.18, 2.3.8, 2.4.0. For users unable to upgrade overwrite the service `sulu_route.generator.expression_token_provider` and wrap the translator before passing it to the expression language.
|
|||||
| CVE-2021-43831 | 1 Gradio Project | 1 Gradio | 2024-11-21 | 3.5 LOW | 7.7 HIGH |
|
Gradio is an open source framework for building interactive machine learning models and demos. In versions prior to 2.5.0 there is a vulnerability that affects anyone who creates and publicly shares Gradio interfaces. File paths are not restricted and users who receive a Gradio link can access any files on the host computer if they know the file names or file paths. This is limited only by the host operating system. Paths are opened in read only mode. The problem has been patched in gradio 2.5.0 ...
Show More |
|||||
| CVE-2021-43815 | 1 Grafana | 1 Grafana | 2024-11-21 | 3.5 LOW | 4.3 MEDIUM |
|
Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 has a directory traversal for arbitrary .csv files. It only affects instances that have the developer testing tool called TestData DB data source enabled and configured. The vulnerability is limited in scope, and only allows access to files with the extension .csv to authenticated users only. Grafana Cloud instances have not been affected by the vulnerability. Versions 8.3.2 and 7.5.12 ...
Show More |
|||||
| CVE-2021-43813 | 1 Grafana | 1 Grafana | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 contains a directory traversal vulnerability for fully lowercase or fully uppercase .md files. The vulnerability is limited in scope, and only allows access to files with the extension .md to authenticated users only. Grafana Cloud instances have not been affected by the vulnerability. Users should upgrade to patched versions 8.3.2 or 7.5.12. For users who cannot upgrade, running a rev ...
Show More |
|||||
| CVE-2021-43800 | 2 Microsoft, Requarks | 2 Windows, Wiki.js | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
|
Wiki.js is a wiki app built on Node.js. Prior to version 2.5.254, directory traversal outside of Wiki.js context is possible when a storage module with local asset cache fetching is enabled on a Windows host. A malicious user can potentially read any file on the file system by crafting a special URL that allows for directory traversal. This is only possible on a Wiki.js server running on Windows, when a storage module implementing local asset cache (e.g Local File System or Git) is enabled and t ...
Show More |
|||||