Total
8266 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-11314 | 1 Trcore | 1 Dvc | 2024-11-20 | N/A | 9.8 CRITICAL |
|
The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells.
|
|||||
| CVE-2024-11315 | 1 Trcore | 1 Dvc | 2024-11-20 | N/A | 9.8 CRITICAL |
|
The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells.
|
|||||
| CVE-2024-41784 | 1 Ibm | 1 Sterling Secure Proxy | 2024-11-20 | N/A | 7.5 HIGH |
|
IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, and 6.1.0.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot dot" sequences (/.../) to view arbitrary files on the system.
|
|||||
| CVE-2024-52600 | 2024-11-19 | N/A | 5.3 MEDIUM | ||
|
Statmatic is a Laravel and Git powered content management system (CMS). Prior to version 5.17.0, assets uploaded with appropriately crafted filenames may result in them being placed in a location different than what was configured. The issue affects front-end forms with `assets` fields and other places where assets can be uploaded, although users would need upload permissions anyway. Files can be uploaded so they would be located on the server in a different location, and potentially override ex ...
Show More |
|||||
| CVE-2024-11238 | 1 Landray | 1 Landray Ekp | 2024-11-19 | 6.4 MEDIUM | 5.3 MEDIUM |
|
A vulnerability, which was classified as critical, was found in Landray EKP up to 16.0. This affects the function delPreviewFile of the file /sys/ui/sys_ui_component/sysUiComponent.do?method=delPreviewFile. The manipulation of the argument directoryPath leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2024-11239 | 1 Landray | 1 Landray Ekp | 2024-11-19 | 5.5 MEDIUM | 4.3 MEDIUM |
|
A vulnerability has been found in Landray EKP up to 16.0 and classified as critical. This vulnerability affects the function deleteFile of the file /sys/common/import.do?method=deleteFile of the component API Interface. The manipulation of the argument folder leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2024-11210 | 1 Eyoucms | 1 Eyoucms | 2024-11-19 | 5.5 MEDIUM | 5.4 MEDIUM |
|
A vulnerability was found in EyouCMS 1.51. It has been rated as critical. This issue affects the function editFile of the file application/admin/logic/FilemanagerLogic.php. The manipulation of the argument activepath leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2024-52292 | 1 Craftcms | 1 Craft Cms | 2024-11-19 | N/A | 6.5 MEDIUM |
|
Craft is a content management system (CMS). The dataUrl function can be exploited if an attacker has write permissions on system notification templates. This function accepts an absolute file path, reads the file's content, and converts it into a Base64-encoded string. By embedding this function within a system notification template, the attacker can exfiltrate the Base64-encoded file content through a triggered system email notification. Once the email is received, the Base64 payload can be dec ...
Show More |
|||||
| CVE-2024-52291 | 1 Craftcms | 1 Craft Cms | 2024-11-19 | N/A | 7.2 HIGH |
|
Craft is a content management system (CMS). A vulnerability in CraftCMS allows an attacker to bypass local file system validation by utilizing a double file:// scheme (e.g., file://file:////). This enables the attacker to specify sensitive folders as the file system, leading to potential file overwriting through malicious uploads, unauthorized access to sensitive files, and, under certain conditions, remote code execution (RCE) via Server-Side Template Injection (SSTI) payloads. Note that this w ...
Show More |
|||||
| CVE-2024-52293 | 1 Craftcms | 1 Craft Cms | 2024-11-19 | N/A | 7.2 HIGH |
|
Craft is a content management system (CMS). Prior to 4.12.2 and 5.4.3, Craft is missing normalizePath in the function FileHelper::absolutePath could lead to Remote Code Execution on the server via twig SSTI. This is a sequel to CVE-2023-40035. This vulnerability is fixed in 4.12.2 and 5.4.3.
|
|||||
| CVE-2024-11150 | 1 Vanquish | 1 User Extra Fields | 2024-11-19 | N/A | 9.8 CRITICAL |
|
The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_tmp_uploaded_file() function in all versions up to, and including, 16.6. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
|
|||||
| CVE-2024-44761 | 1 Gzequan | 1 Eq Enterprise Management System | 2024-11-18 | N/A | 9.8 CRITICAL |
|
An issue in EQ Enterprise Management System before v2.0.0 allows attackers to execute a directory traversal via crafted requests.
|
|||||
| CVE-2024-50329 | 1 Ivanti | 1 Endpoint Manager | 2024-11-18 | N/A | 8.8 HIGH |
|
Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote unauthenticated attacker to achieve remote code execution. User interaction is required.
|
|||||
| CVE-2024-9935 | 2024-11-18 | N/A | 7.5 HIGH | ||
|
The PDF Generator Addon for Elementor Page Builder plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.7.5 via the rtw_pgaepb_dwnld_pdf() function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.
|
|||||
| CVE-2024-50324 | 1 Ivanti | 1 Endpoint Manager | 2024-11-18 | N/A | 7.2 HIGH |
|
Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
|
|||||
| CVE-2024-42499 | 2024-11-18 | N/A | 5.3 MEDIUM | ||
|
Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in FitNesse releases prior to 20241026. If this vulnerability is exploited, an attacker may be able to know whether a file exists at a specific path, and/or obtain some part of the file contents under specific conditions.
|
|||||
| CVE-2024-50322 | 1 Ivanti | 1 Endpoint Manager | 2024-11-18 | N/A | 7.8 HIGH |
|
Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction is required.
|
|||||
| CVE-2024-21799 | 2024-11-15 | N/A | 7.1 HIGH | ||
|
Path traversal for some Intel(R) Extension for Transformers software before version 1.5 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2024-45253 | 2024-11-15 | N/A | 7.5 HIGH | ||
|
Avigilon – CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
|
|||||
| CVE-2024-47916 | 2024-11-15 | N/A | 7.5 HIGH | ||
|
Boa web server - CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
|
|||||
| CVE-2024-52371 | 2024-11-15 | N/A | 8.6 HIGH | ||
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in DonnellC Global Gateway e4 | Payeezy Gateway.This issue affects Global Gateway e4 | Payeezy Gateway: from n/a through 2.0.
|
|||||
| CVE-2024-52378 | 2024-11-15 | N/A | 7.5 HIGH | ||
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Labs64 DigiPass allows Absolute Path Traversal.This issue affects DigiPass: from n/a through 0.3.0.
|
|||||
| CVE-2024-49381 | 1 Plenti | 1 Plenti | 2024-11-14 | N/A | 7.5 HIGH |
|
Plenti, a static site generator, has an arbitrary file deletion vulnerability in versions prior to 0.7.2. The `/postLocal` endpoint is vulnerable to an arbitrary file write deletion when a plenti user serves their website. This issue may lead to information loss. Version 0.7.2 fixes the vulnerability.
|
|||||
| CVE-2024-45309 | 1 Onedev Project | 1 Onedev | 2024-11-14 | N/A | 7.5 HIGH |
|
OneDev is a Git server with CI/CD, kanban, and packages. A vulnerability in versions prior to 11.0.9 allows unauthenticated users to read arbitrary files accessible by the OneDev server process. This issue has been fixed in version 11.0.9.
|
|||||
| CVE-2024-5982 | 1 Gaizhenbiao | 1 Chuanhuchatgpt | 2024-11-14 | N/A | 9.8 CRITICAL |
|
A path traversal vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The vulnerability arises from unsanitized input handling in multiple features, including user upload, directory creation, and template loading. Specifically, the load_chat_history function in modules/models/base_model.py allows arbitrary file uploads, potentially leading to remote code execution (RCE). The get_history_names function in utils.py permits arbitrary directory creation. Additionally, the load_t ...
Show More |
|||||
| CVE-2024-10672 | 1 Themeisle | 1 Multiple Page Generator | 2024-11-14 | N/A | 2.7 LOW |
|
The Multiple Page Generator Plugin – MPG plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the mpg_upsert_project_source_block() function in all versions up to, and including, 4.0.2. This makes it possible for authenticated attackers, with editor-level access and above, to delete limited files on the server.
|
|||||
| CVE-2024-46888 | 1 Siemens | 1 Sinec Ins | 2024-11-13 | N/A | 9.9 CRITICAL |
|
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly sanitize user provided paths for SFTP-based file up- and downloads. This could allow an authenticated remote attacker to manipulate arbitrary files on the filesystem and achieve arbitrary code execution on the device.
|
|||||
| CVE-2024-50559 | 1 Siemens | 52 Ruggedcom Rm1224 Lte\(4g\) Eu, Ruggedcom Rm1224 Lte\(4g\) Eu Firmware, Ruggedcom Rm1224 Lte\(4g\) Nam and 49 more | 2024-11-13 | N/A | 4.3 MEDIUM |
|
A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA ...
Show More |
|||||
| CVE-2024-10816 | 2024-11-13 | N/A | 7.5 HIGH | ||
|
The LUNA RADIO PLAYER plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 6.24.01.24 via the js/fallback.php file. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.
|
|||||
| CVE-2024-47769 | 1 Idurarapp | 1 Idurar | 2024-11-13 | N/A | 7.5 HIGH |
|
IDURAR is open source ERP CRM accounting invoicing software. The vulnerability exists in the corePublicRouter.js file. Using the reference usage here, it is identified that the public endpoint is accessible to an unauthenticated user. The user's input is directly appended to the join statement without additional checks. This allows an attacker to send URL encoded malicious payload. The directory structure can be escaped to read system files by adding an encoded string (payload) at subpath locati ...
Show More |
|||||
| CVE-2024-39226 | 1 Gl-inet | 56 A1300, A1300 Firmware, Ap1300 and 53 more | 2024-11-12 | N/A | 9.8 CRITICAL |
|
GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a vulnerability can be exploited to manipulate routers by passing malicious shell commands through the s2s API.
|
|||||
| CVE-2024-51990 | 2024-11-08 | N/A | N/A | ||
|
jj, or Jujutsu, is a Git-compatible VCS written in rust. In affected versions specially crafted Git repositories can cause `jj` to write files outside the clone. This issue has been addressed in version 0.23.0. Users are advised to upgrade. Users unable to upgrade should avoid cloning repos from unknown sources.
|
|||||
| CVE-2024-51998 | 2024-11-08 | N/A | 8.6 HIGH | ||
|
changedetection.io is a free open source web page change detection tool. The validation for the file URI scheme falls short, and results in an attacker being able to read any file on the system. This issue only affects instances with a webdriver enabled, and `ALLOW_FILE_URI` false or not defined. The check used for URL protocol, `is_safe_url`, allows `file:` as a URL scheme. It later checks if local files are permitted, but one of the preconditions for the check is that the URL starts with `file ...
Show More |
|||||
| CVE-2024-0129 | 4 Apple, Linux, Microsoft and 1 more | 4 Macos, Linux Kernel, Windows and 1 more | 2024-11-08 | N/A | 7.8 HIGH |
|
NVIDIA NeMo contains a vulnerability in SaveRestoreConnector where a user may cause a path traversal issue via an unsafe .tar file extraction. A successful exploit of this vulnerability may lead to code execution and data tampering.
|
|||||
| CVE-2024-0067 | 2024-11-08 | N/A | 4.3 MEDIUM | ||
|
Marinus Pfund, member of the AXIS OS Bug Bounty Program,
has found the VAPIX API ledlimit.cgi was vulnerable for path traversal attacks allowing to list folder/file names on the local file system of the Axis device.
Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.
|
|||||
| CVE-2024-49366 | 1 Nginxui | 1 Nginx Ui | 2024-11-07 | N/A | 7.5 HIGH |
|
Nginx UI is a web user interface for the Nginx web server. Nginx UI v2.0.0-beta.35 and earlier gets the value from the json field without verification, and can construct a value value in the form of `../../`. Arbitrary files can be written to the server, which may result in loss of permissions. Version 2.0.0-beta.26 fixes the issue.
|
|||||
| CVE-2024-47253 | 1 2n | 1 Access Commander | 2024-11-07 | N/A | 7.2 HIGH |
|
In 2N Access Commander versions 3.1.1.2 and prior, a Path Traversal vulnerability could allow an attacker with administrative privileges to write files on the filesystem and potentially achieve arbitrary remote code execution. This vulnerability cannot be exploited by users with lower privilege roles.
|
|||||
| CVE-2024-47464 | 2024-11-06 | N/A | 6.8 MEDIUM | ||
|
An authenticated Path Traversal vulnerability exists in Instant AOS-8 and AOS-10. Successful exploitation of this vulnerability allows an attacker to copy arbitrary files to a user readable location from the command line interface of the underlying operating system, which could lead to a remote unauthorized access to files.
|
|||||
| CVE-2024-10011 | 1 Buddypress | 1 Buddypress | 2024-11-06 | N/A | 8.1 HIGH |
|
The BuddyPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 14.1.0 via the id parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform actions on files outside of the originally intended directory and enables file uploads to directories outside of the web root. Depending on server configuration it may be possible to upload files with double extensions. This vulnerability only affects Windo ...
Show More |
|||||
| CVE-2024-51582 | 1 Thimpress | 1 Wp Hotel Booking | 2024-11-06 | N/A | 8.8 HIGH |
|
Path Traversal: '.../...//' vulnerability in ThimPress WP Hotel Booking allows PHP Local File Inclusion.This issue affects WP Hotel Booking: from n/a through 2.1.4.
|
|||||