Total
5025 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-26265 | 1 Borg Project | 1 Borg | 2023-03-02 | N/A | 5.3 MEDIUM |
| The Borg theme before 1.1.19 for Backdrop CMS does not sufficiently sanitize path arguments that are passed in via a URL. The function borg_preprocess_page in the file template.php does not properly sanitize incoming path arguments before using them. | |||||
| CVE-2022-41216 | 1 Hybridsoftware | 1 Cloudflow | 2023-03-02 | N/A | 8.8 HIGH |
| Local File Inclusion vulnerability within Cloudflow allows attackers to retrieve confidential information from the system. | |||||
| CVE-2023-0947 | 1 Flatpress | 1 Flatpress | 2023-03-02 | N/A | 9.8 CRITICAL |
| Path Traversal in GitHub repository flatpressblog/flatpress prior to 1.3. | |||||
| CVE-2023-1002 | 1 Muyucms | 1 Muyucms | 2023-03-02 | N/A | 6.5 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in MuYuCMS 2.2. This issue affects some unknown processing of the file index.php. The manipulation of the argument file_path leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221735. | |||||
| CVE-2019-10985 | 1 Advantech | 1 Webaccess | 2023-03-02 | 6.4 MEDIUM | 9.1 CRITICAL |
| In WebAccess/SCADA, Versions 8.3.5 and prior, a path traversal vulnerability is caused by a lack of proper validation of a user-supplied path prior to use in file operations. An attacker can leverage this vulnerability to delete files while posing as an administrator. | |||||
| CVE-2019-1785 | 1 Clamav | 1 Clamav | 2023-03-01 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability in the RAR file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and 0.101.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a lack of proper error-handling mechanisms when processing nested RAR files sent to an affected device. An attacker could exploit this vulnerability by sending a crafted RAR file to an affected device. An exploit could allow the attacker to view or create arbitrary files on the targeted system. | |||||
| CVE-2022-31703 | 1 Vmware | 1 Vrealize Log Insight | 2023-03-01 | N/A | 7.5 HIGH |
| The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution. | |||||
| CVE-2018-18809 | 1 Tibco | 4 Jasperreports Library, Jasperreports Server, Jaspersoft and 1 more | 2023-03-01 | 4.0 MEDIUM | 6.5 MEDIUM |
| The default server implementation of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports Library Community Edition, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a directory-traversal vulnerability that may theoretically allow web server users to access contents of the host system. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Library: versions up to and including 6.3.4; 6.4.1; 6.4.2; 6.4.21; 7.1.0; 7.2.0, TIBCO JasperReports Library Community Edition: versions up to and including 6.7.0, TIBCO JasperReports Library for ActiveMatrix BPM: versions up to and including 6.4.21, TIBCO JasperReports Server: versions up to and including 6.3.4; 6.4.0; 6.4.1; 6.4.2; 6.4.3; 7.1.0, TIBCO JasperReports Server Community Edition: versions up to and including 6.4.3; 7.1.0, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.3, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 7.1.0, TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 7.1.0. | |||||
| CVE-2019-0887 | 1 Microsoft | 10 Remote Desktop, Windows 10, Windows 11 21h2 and 7 more | 2023-03-01 | 8.5 HIGH | 8.0 HIGH |
| A remote code execution vulnerability exists in Remote Desktop Services - formerly known as Terminal Services - when an authenticated attacker abuses clipboard redirection, aka 'Remote Desktop Services Remote Code Execution Vulnerability'. | |||||
| CVE-2020-3187 | 1 Cisco | 26 Adaptive Security Appliance, Asa 5505, Asa 5505 Firmware and 23 more | 2023-03-01 | 7.5 HIGH | 9.1 CRITICAL |
| A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and obtain read and delete access to sensitive files on a targeted system. The vulnerability is due to a lack of proper input validation of the HTTP URL. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences. An exploit could allow the attacker to view or delete arbitrary files on the targeted system. When the device is reloaded after exploitation of this vulnerability, any files that were deleted are restored. The attacker can only view and delete files within the web services file system. This file system is enabled when the affected device is configured with either WebVPN or AnyConnect features. This vulnerability can not be used to obtain access to ASA or FTD system files or underlying operating system (OS) files. Reloading the affected device will restore all files within the web services file system. | |||||
| CVE-2021-30048 | 1 Novel Boutique House-plus Project | 1 Novel Boutique House-plus | 2023-03-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| Directory Traversal in the fileDownload function in com/java2nb/common/controller/FileController.java in Novel-plus (?????-plus) 3.5.1 allows attackers to read arbitrary files via the filePath parameter. | |||||
| CVE-2019-13241 | 2 Canonical, Flightcrew Project | 2 Ubuntu Linux, Flightcrew | 2023-02-28 | 6.8 MEDIUM | 7.8 HIGH |
| FlightCrew v0.9.2 and older are vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a ZIP archive entry that is mishandled during extraction. | |||||
| CVE-2019-1010257 | 1 Article2pdf Project | 1 Article2pdf | 2023-02-28 | 7.5 HIGH | 9.1 CRITICAL |
| An Information Disclosure / Data Modification issue exists in article2pdf_getfile.php in the article2pdf Wordpress plugin 0.24, 0.25, 0.26, 0.27. A URL can be constructed which allows overriding the PDF file's path leading to any PDF whose path is known and which is readable to the web server can be downloaded. The file will be deleted after download if the web server has permission to do so. For PHP versions before 5.3, any file can be read by null terminating the string left of the file extension. | |||||
| CVE-2019-0207 | 1 Apache | 1 Tapestry | 2023-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Tapestry processes assets `/assets/ctx` using classes chain `StaticFilesFilter -> AssetDispatcher -> ContextResource`, which doesn't filter the character `\`, so attacker can perform a path traversal attack to read any files on Windows platform. | |||||
| CVE-2023-23778 | 1 Fortinet | 1 Fortiweb | 2023-02-28 | N/A | 6.5 MEDIUM |
| A relative path traversal vulnerability [CWE-23] in FortiWeb version 7.0.1 and below, 6.4 all versions, 6.3 all versions, 6.2 all versions may allow an authenticated user to obtain unauthorized access to files and data via specifically crafted web requests. | |||||
| CVE-2023-23784 | 1 Fortinet | 1 Fortiweb | 2023-02-28 | N/A | 6.5 MEDIUM |
| A relative path traversal in Fortinet FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.3.6 through 6.3.20, FortiWeb 6.4 all versions allows attacker to information disclosure via specially crafted web requests. | |||||
| CVE-2019-5484 | 1 Bower | 1 Bower | 2023-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Bower before 1.8.8 has a path traversal vulnerability permitting file write in arbitrary locations via install command, which allows attackers to write arbitrary files when a malicious package is extracted. | |||||
| CVE-2023-24960 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2023-02-28 | N/A | 7.5 HIGH |
| IBM InfoSphere Information Server 11.7 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 246333 | |||||
| CVE-2018-3714 | 1 Node-srv Project | 1 Node-srv | 2023-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| node-srv node module suffers from a Path Traversal vulnerability due to lack of validation of url, which allows a malicious user to read content of any file with known path. | |||||
| CVE-2018-3713 | 1 Angular-http-server Project | 1 Angular-http-server | 2023-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| angular-http-server node module suffers from a Path Traversal vulnerability due to lack of validation of possibleFilename, which allows a malicious user to read content of any file with known path. | |||||