Total
8266 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-24143 | 1 Ninjateam | 1 Video Downloader For Tiktok | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Directory traversal in the Video Downloader for TikTok (aka downloader-tiktok) plugin 1.3 for WordPress lets an attacker get access to files that are stored outside the web root folder via the njt-tk-download-video parameter.
|
|||||
| CVE-2020-24137 | 1 Wcms | 1 Wcms | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Directory traversal vulnerability in Wcms 0.3.2 allows an attacker to read arbitrary files on the server that is running an application via the path parameter to wex/cssjs.php.
|
|||||
| CVE-2020-24136 | 1 Wcms | 1 Wcms | 2024-11-21 | 7.8 HIGH | 8.6 HIGH |
|
Directory traversal in Wcms 0.3.2 allows an attacker to read arbitrary files on the server that is running an application via the pagename parameter to wex/html.php.
|
|||||
| CVE-2020-24113 | 1 Yealink | 2 W60b, W60b Firmware | 2024-11-21 | N/A | 9.1 CRITICAL |
|
Directory Traversal vulnerability in Contacts File Upload Interface in Yealink W60B version 77.83.0.85, allows attackers to gain sensitive information and cause a denial of service (DoS).
|
|||||
| CVE-2020-24102 | 2024-11-21 | N/A | 7.6 HIGH | ||
|
Directory Traversal vulnerability in Punkbuster pbsv.d64 2.351, allows remote attackers to execute arbitrary code.
|
|||||
| CVE-2020-23766 | 1 Htmly | 1 Htmly | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
|
An arbitrary file deletion vulnerability was discovered on htmly v2.7.5 which allows remote attackers to use any absolute path to delete any file in the server should they gain Administrator privileges.
|
|||||
| CVE-2020-23715 | 1 Webport Cms Project | 1 Webport Cms | 2024-11-21 | 5.0 MEDIUM | 8.6 HIGH |
|
Directory Traversal vulnerability in Webport CMS 1.19.10.17121 via the file parameter to file/download.
|
|||||
| CVE-2020-23575 | 1 Kyocera | 2 D-copia253mf Plus, D-copia253mf Plus Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A directory traversal vulnerability exists in Kyocera Printer d-COPIA253MF plus. Successful exploitation of this vulnerability could allow an attacker to retrieve or view arbitrary files from the affected server.
|
|||||
| CVE-2020-23172 | 1 Kuba Project | 1 Kuba | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
A vulnerability in all versions of Kuba allows attackers to overwrite arbitrary files in arbitrary directories with crafted Zip files due to improper validation of file paths in .zip archives.
|
|||||
| CVE-2020-23161 | 1 Pyres | 2 Termod4, Termod4 Firmware | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Local file inclusion in Pyrescom Termod4 time management devices before 10.04k allows authenticated remote attackers to traverse directories and read sensitive files via the Maintenance > Logs menu and manipulating the file-path in the URL.
|
|||||
| CVE-2020-23069 | 1 Webtareas Project | 1 Webtareas | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Path Traversal vulneraility exists in webTareas 2.0 via the extpath parameter in general_serv.php, which could let a malicious user read arbitrary files.
|
|||||
| CVE-2020-23061 | 1 Dropouts | 1 Super Backup | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Dropouts Technologies LLP Super Backup v2.0.5 was discovered to contain an issue in the path parameter of the `list` and `download` module which allows attackers to perform a directory traversal via a change to the path variable to request the local list command.
|
|||||
| CVE-2020-23040 | 1 Sky File Project | 1 Sky File | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Sky File v2.1.0 contains a directory traversal vulnerability in the FTP server which allows attackers to access sensitive data and files via 'null' path commands.
|
|||||
| CVE-2020-23038 | 1 Kumilabs | 1 Swift File Transfer | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Swift File Transfer Mobile v1.1.2 and below was discovered to contain an information disclosure vulnerability in the path parameter. This vulnerability is exploited via an error caused by including non-existent path environment variables.
|
|||||
| CVE-2020-22623 | 1 Insightsoftware | 1 Jreport | 2024-11-21 | N/A | 7.5 HIGH |
|
Directory traversal vulnerability in Jinfornet Jreport 15.6 allows unauthenticated attackers to gain sensitive information.
|
|||||
| CVE-2020-22550 | 1 Veno File Manager Project | 1 Veno File Manager | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Veno File Manager 3.5.6 is affected by a directory traversal vulnerability. Using the traversal allows an attacker to download sensitive files from the server.
|
|||||
| CVE-2020-22200 | 1 Phpcms | 1 Phpcms | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Directory Traversal vulnerability in phpCMS 9.1.13 via the q parameter to public_get_suggest_keyword.
|
|||||
| CVE-2020-21862 | 1 Duxcms Project | 1 Duxcms | 2024-11-21 | N/A | 8.1 HIGH |
|
Directory traversal vulnerability in DuxCMS 2.1 allows attackers to delete arbitrary files via /admin/AdminBackup/del.
|
|||||
| CVE-2020-21642 | 1 Zohocorp | 1 Manageengine Analytics Plus | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Directory Traversal vulnerability ZDBQAREFSUBDIR parameter in /zropusermgmt API in Zoho ManageEngine Analytics Plus before 4350 allows remote attackers to run arbitrary code.
|
|||||
| CVE-2020-21590 | 1 Wuzhicms | 1 Wuzhicms | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
Directory traversal in coreframe/app/template/admin/index.php in WUZHI CMS 4.1.0 allows attackers to list files in arbitrary directories via the dir parameter.
|
|||||
| CVE-2020-21527 | 1 Halo | 1 Halo | 2024-11-21 | 8.5 HIGH | 7.7 HIGH |
|
There is an Arbitrary file deletion vulnerability in halo v1.1.3. A backup function in the background allows a user, when deleting their backup files, to delete any files on the system through directory traversal.
|
|||||
| CVE-2020-21526 | 1 Halo | 1 Halo | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An Arbitrary file writing vulnerability in halo v1.1.3. In an interface to write files in the background, a directory traversal check is performed on the input path parameter, but the startsWith function can be used to bypass it.
|
|||||
| CVE-2020-21525 | 1 Halo | 1 Halo | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Halo V1.1.3 is affected by: Arbitrary File reading. In an interface that reads files in halo v1.1.3, a directory traversal check is performed on the input path parameter, but the startsWith function can be used to bypass it.
|
|||||
| CVE-2020-21522 | 1 Halo | 1 Halo | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in halo V1.1.3. A Zip Slip Directory Traversal Vulnerability in the backend,the attacker can overwrite some files, such as ftl files, .bashrc files in the user directory, and finally get the permissions of the operating system.
|
|||||
| CVE-2020-21365 | 2 Debian, Wkhtmltopdf | 2 Debian Linux, Wkhtmltopdf | 2024-11-21 | N/A | 7.5 HIGH |
|
Directory traversal vulnerability in wkhtmltopdf through 0.12.5 allows remote attackers to read local files and disclose sensitive information via a crafted html file running with the default configurations.
|
|||||
| CVE-2020-21244 | 1 Frontaccounting | 1 Frontaccounting | 2024-11-21 | 5.5 MEDIUM | 4.9 MEDIUM |
|
An issue was discovered in FrontAccounting 2.4.7. There is a Directory Traversal vulnerability that can empty folder via admin/inst_lang.php.
|
|||||
| CVE-2020-21057 | 1 Fusionpbx | 1 Fusionpbx | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
|
Directory Traversal vulnerability in FusionPBX 4.5.7, which allows a remote malicious user to delete folders on the system via the folder variable to app/edit/folderdelete.php.
|
|||||
| CVE-2020-21056 | 1 Fusionpbx | 1 Fusionpbx | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
Directory Traversal vulnerability exists in FusionPBX 4.5.7, which allows a remote malicious user to create folders via the folder variale to app\edit\foldernew.php.
|
|||||
| CVE-2020-21055 | 1 Fusionpbx | 1 Fusionpbx | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
A Directory Traversal vulnerability exists in FusionPBX 4.5.7 allows malicoius users to rename any file of the system.via the (1) folder, (2) filename, and (3) newfilename variables in app\edit\filerename.php.
|
|||||
| CVE-2020-20944 | 1 Qibosoft | 1 Qibosoft | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
|
An issue in /admin/index.php?lfj=mysql&action=del of Qibosoft v7 allows attackers to arbitrarily delete files.
|
|||||
| CVE-2020-20907 | 2 Metinfo, Microsoft | 2 Metinfo, Windows | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
|
MetInfo 7.0 beta is affected by a file modification vulnerability. Attackers can delete and modify ini files in app/system/language/admin/language_general.class.php and app/system/include/function/file.func.php.
|
|||||
| CVE-2020-20290 | 1 Yccms | 1 Yccms | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
|
Directory traversal vulnerability in the yccms 3.3 project. The delete, deletesite, and deleteAll functions' improper judgment of the request parameters, triggers a directory traversal vulnerability.
|
|||||
| CVE-2020-20277 | 1 Troglobit | 1 Uftpd | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
There are multiple unauthenticated directory traversal vulnerabilities in different FTP commands in uftpd FTP server versions 2.7 to 2.10 due to improper implementation of a chroot jail in common.c's compose_abspath function that can be abused to read or write to arbitrary files on the filesystem, leak process memory, or potentially lead to remote code execution.
|
|||||
| CVE-2020-20012 | 1 Sudytech | 1 Webplus Pro | 2024-11-21 | N/A | 9.8 CRITICAL |
|
WebPlus Pro v1.4.7.8.4-01 is vulnerable to Incorrect Access Control.
|
|||||
| CVE-2020-1904 | 1 Whatsapp | 2 Whatsapp, Whatsapp Business | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
A path validation issue in WhatsApp for iOS prior to v2.20.61 and WhatsApp Business for iOS prior to v2.20.61 could have allowed for directory traversal overwriting files when sending specially crafted docx, xlsx, and pptx files as attachments to messages.
|
|||||
| CVE-2020-1853 | 1 Huawei | 1 Gaussdb 200 | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
GaussDB 200 with version of 6.5.1 have a path traversal vulnerability. Due to insufficient input path validation, an authenticated attacker can traverse directories and download files to a specific directory. Successful exploit may cause information leakage.
|
|||||
| CVE-2020-1737 | 1 Redhat | 2 Ansible Engine, Ansible Tower | 2024-11-21 | 4.6 MEDIUM | 7.5 HIGH |
|
A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by crafting an archive anywhere in the file system, using a path traversal. This issue is fixed in 2.10.
|
|||||
| CVE-2020-1735 | 3 Debian, Fedoraproject, Redhat | 6 Debian Linux, Fedora, Ansible and 3 more | 2024-11-21 | 3.6 LOW | 4.2 MEDIUM |
|
A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.
|
|||||
| CVE-2020-1699 | 2 Linuxfoundation, Redhat | 2 Ceph, Ceph Storage | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A path traversal flaw was found in the Ceph dashboard implemented in upstream versions v14.2.5, v14.2.6, v15.0.0 of Ceph storage and has been fixed in versions 14.2.7 and 15.1.0. An unauthenticated attacker could use this flaw to cause information disclosure on the host machine running the Ceph dashboard.
|
|||||
| CVE-2020-1606 | 1 Juniper | 24 Junos, Qfx5110, Qfx5200 and 21 more | 2024-11-21 | 6.5 MEDIUM | 5.4 MEDIUM |
|
A path traversal vulnerability in the Juniper Networks Junos OS device may allow an authenticated J-web user to read files with 'world' readable permission and delete files with 'world' writeable permission. This issue does not affect system files that can be accessed only by root user. This issue affects Juniper Networks Junos OS: 12.3 versions prior to 12.3R12-S13; 12.3X48 versions prior to 12.3X48-D85 on SRX Series; 14.1X53 versions prior to 14.1X53-D51; 15.1F6 versions prior to 15.1F6-S13; 1 ...
Show More |
|||||