Total
5025 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-14766 | 1 Dimo-crm | 1 Yellowbox Crm | 2020-01-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| Path Traversal in the file browser of DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to browse the server filesystem. | |||||
| CVE-2019-9195 | 1 Grin | 1 Grin | 2020-01-28 | 7.5 HIGH | 9.8 CRITICAL |
| util/src/zip.rs in Grin before 1.0.2 mishandles suspicious files. An attacker can execute arbitrary code via directory traversal in a ZIP archive. | |||||
| CVE-2019-15855 | 1 Maarch | 1 Maarch Rm | 2020-01-28 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in Maarch RM before 2.5. A path traversal vulnerability allows an unauthenticated remote attacker to overwrite any files with a crafted POST request if the default installation procedure was followed. This results in a permanent Denial of Service. | |||||
| CVE-2013-1597 | 1 Vivotek | 2 Pt7135, Pt7135 Firmware | 2020-01-27 | 4.0 MEDIUM | 6.5 MEDIUM |
| A Directory Traversal vulnerability exists in Vivotek PT7135 IP Cameras 0300a and 0400a via a specially crafted GET request, which could let a malicious user obtain user credentials. | |||||
| CVE-2015-9275 | 1 Arc Project | 1 Arc | 2020-01-25 | 5.0 MEDIUM | 5.3 MEDIUM |
| ARC 5.21q allows directory traversal via a full pathname in an archive file. | |||||
| CVE-2020-7211 | 3 Libslirp Project, Microsoft, Qemu | 3 Libslirp, Windows, Qemu | 2020-01-23 | 5.0 MEDIUM | 7.5 HIGH |
| tftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent ..\ directory traversal on Windows. | |||||
| CVE-2019-19834 | 1 Ruckuswireless | 17 C110, E510, H320 and 14 more | 2020-01-23 | 6.5 MEDIUM | 7.2 HIGH |
| Directory Traversal in ruckus_cli2 in Ruckus Wireless Unleashed through 200.7.10.102.64 allows a remote attacker to jailbreak the CLI via enable->debug->script->exec with ../../../bin/sh as the parameter. | |||||
| CVE-2016-8211 | 1 Dell | 1 Emc Data Protection Advisor | 2020-01-23 | 5.0 MEDIUM | 7.5 HIGH |
| EMC Data Protection Advisor 6.1.x, EMC Data Protection Advisor 6.2, EMC Data Protection Advisor 6.2.1, EMC Data Protection Advisor 6.2.2, EMC Data Protection Advisor 6.2.3 prior to patch 446 has a path traversal vulnerability that may potentially be exploited by malicious users to compromise the affected system. | |||||
| CVE-2015-5952 | 1 Thomsonreuters | 1 Fatca | 2020-01-22 | 10.0 HIGH | 9.8 CRITICAL |
| Directory traversal vulnerability in Thomson Reuters for FATCA before 5.2 allows remote attackers to execute arbitrary files via the item parameter. | |||||
| CVE-2016-8204 | 1 Broadcom | 1 Brocade Network Advisor | 2020-01-21 | 10.0 HIGH | 9.8 CRITICAL |
| A Directory Traversal vulnerability in FileReceiveServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to upload a malicious file in a section of the file system where it can be executed. | |||||
| CVE-2014-5006 | 1 Zohocorp | 1 Manageengine Desktop Central | 2020-01-17 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) before 9 build 90055 allows remote attackers to execute arbitrary code via a .. (dot dot) in the fileName parameter to mdm/mdmLogUploader. | |||||
| CVE-2014-5005 | 1 Zohocorp | 1 Manageengine Desktop Central | 2020-01-17 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) before 9 build 90055 allows remote attackers to execute arbitrary code via a .. (dot dot) in the fileName parameter in an LFU action to statusUpdate. | |||||
| CVE-2019-11994 | 1 Hp | 16 Simplivity 2600 Gen10, Simplivity 2600 Gen10 Firmware, Simplivity 380 Gen10 and 13 more | 2020-01-17 | 7.5 HIGH | 9.8 CRITICAL |
| A security vulnerability has been identified in HPE SimpliVity 380 Gen 9, HPE SimpliVity 380 Gen 10, HPE SimpliVity 380 Gen 10 G, HPE SimpliVity 2600 Gen 10, SimpliVity OmniCube, SimpliVity OmniStack for Cisco, SimpliVity OmniStack for Lenovo and SimpliVity OmniStack for Dell nodes. An API is used to execute a command manifest file during upgrade does not correctly prevent directory traversal and so can be used to execute manifest files in arbitrary locations on the node. The API does not require user authentication and is accessible over the management network, resulting in the potential for unauthenticated remote execution of manifest files. For all customers running HPE OmniStack version 3.7.9 and earlier. HPE recommends upgrading the OmniStack software to version 3.7.10 or later, which contains a permanent resolution. Customers and partners who can upgrade to 3.7.10 should upgrade at the earliest convenience. For all customers and partners unable to upgrade their environments to the recommended version 3.7.10, HPE has created a Temporary Workaround https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=mmr_sf-EN_US000061901&withFrame for you to implement. All customer should upgrade to the recommended 3.7.10 or later version at the earliest convenience. | |||||
| CVE-2013-6225 | 1 Livezilla | 1 Livezilla | 2020-01-17 | 7.5 HIGH | 9.8 CRITICAL |
| LiveZilla 5.0.1.4 has a Remote Code Execution vulnerability | |||||
| CVE-2015-6591 | 1 Freereprintables | 1 Articlefr | 2020-01-16 | 2.1 LOW | 5.5 MEDIUM |
| Directory traversal vulnerability in application/templates/amelia/loadjs.php in Free Reprintables ArticleFR 3.0.7 and earlier allows local users to read arbitrary files via the s parameter. | |||||
| CVE-2019-17180 | 2 Microsoft, Valvesoftware | 2 Windows, Steam Client | 2020-01-16 | 7.2 HIGH | 7.8 HIGH |
| Valve Steam Client before 2019-09-12 allows placing or appending partially controlled filesystem content, as demonstrated by file modifications on Windows in the context of NT AUTHORITY\SYSTEM. This could lead to denial of service, elevation of privilege, or unspecified other impact. | |||||
| CVE-2017-17309 | 1 Huawei | 2 Hg255s-10, Hg255s-10 Firmware | 2020-01-15 | 7.8 HIGH | 7.5 HIGH |
| Huawei HG255s-10 V100R001C163B025SP02 has a path traversal vulnerability due to insufficient validation of the received HTTP requests, a remote attacker may access the local files on the device without authentication. | |||||
| CVE-2020-5840 | 1 Hashbrowncms | 1 Hashbrown Cms | 2020-01-14 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in HashBrown CMS before 1.3.2. Server/Entity/Resource/Connection.js allows an attacker to reach a parent directory via a crafted name or ID field. | |||||
| CVE-2019-20354 | 1 Pisignage | 1 Pisignage | 2020-01-14 | 4.0 MEDIUM | 4.3 MEDIUM |
| The web application component of piSignage before 2.6.4 allows a remote attacker (authenticated as a low-privilege user) to download arbitrary files from the Raspberry Pi via api/settings/log?file=../ path traversal. In other words, this issue is in the player API for log download. | |||||
| CVE-2019-7751 | 1 Ricoh | 1 Fusionpro Vdp | 2020-01-14 | 5.0 MEDIUM | 7.5 HIGH |
| A directory traversal and local file inclusion vulnerability in FPProducerInternetServer.exe in Ricoh MarcomCentral, formerly PTI Marketing, FusionPro VDP before 10.0 allows a remote attacker to list or enumerate sensitive contents of files. Furthermore, this could allow for privilege escalation by dumping the local machine's SAM and SYSTEM database files, and possibly remote code execution. | |||||