Total
5025 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-38346 | 1 Brizy | 1 Brizy-page Builder | 2022-07-05 | 6.5 MEDIUM | 8.8 HIGH |
| The Brizy Page Builder plugin <= 2.3.11 for WordPress allowed authenticated users to upload executable files to a location of their choice using the brizy_create_block_screenshot AJAX action. The file would be named using the id parameter, which could be prepended with "../" to perform directory traversal, and the file contents were populated via the ibsf parameter, which would be base64-decoded and written to the file. While the plugin added a .jpg extension to all uploaded filenames, a double extension attack was still possible, e.g. a file named shell.php would be saved as shell.php.jpg, and would be executable on a number of common configurations. | |||||
| CVE-2021-41636 | 1 Melag | 1 Ftp Server | 2022-07-05 | 6.8 MEDIUM | 6.5 MEDIUM |
| MELAG FTP Server 2.2.0.4 allows an attacker to use the CWD command to break out of the FTP servers root directory and operate on the entire operating system, while the access restrictions of the user running the FTP server apply. | |||||
| CVE-2021-32507 | 1 Qsan | 1 Storage Manager | 2022-07-02 | 4.0 MEDIUM | 6.5 MEDIUM |
| Absolute Path Traversal vulnerability in FileDownload in QSAN Storage Manager allows remote authenticated attackers download arbitrary files via the Url path parameter. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3. | |||||
| CVE-2021-32954 | 1 Advantech | 1 Webaccess\/scada | 2022-07-02 | 6.8 MEDIUM | 6.5 MEDIUM |
| Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to a directory traversal, which may allow an attacker to remotely read arbitrary files on the file system. | |||||
| CVE-2022-1518 | 1 Illumina | 8 Iseq 100, Local Run Manager, Miniseq and 5 more | 2022-07-01 | 7.5 HIGH | 9.8 CRITICAL |
| LRM contains a directory traversal vulnerability that can allow a malicious actor to upload outside the intended directory structure. | |||||
| CVE-2022-26960 | 1 Std42 | 1 Elfinder | 2022-06-30 | 5.8 MEDIUM | 9.1 CRITICAL |
| connector.minimal.php in std42 elFinder through 2.1.60 is affected by path traversal. This allows unauthenticated remote attackers to read, write, and browse files outside the configured document root. This is due to improper handling of absolute file paths. | |||||
| CVE-2022-31395 | 1 Algosolutions | 2 8373 Ip Zone Paging Adapter, 8373 Ip Zone Paging Adapter Firmware | 2022-06-30 | 9.0 HIGH | 8.8 HIGH |
| Algo Communication Products Ltd. 8373 IP Zone Paging Adapter Firmware 1.7.6 allows attackers to perform a directory traversal via a web request sent to /fm-data.lua. | |||||
| CVE-2019-9948 | 6 Canonical, Debian, Fedoraproject and 3 more | 11 Ubuntu Linux, Debian Linux, Fedora and 8 more | 2022-06-30 | 6.4 MEDIUM | 9.1 CRITICAL |
| urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call. | |||||
| CVE-2020-25248 | 1 Hyland | 1 Onbase | 2022-06-30 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Hyland OnBase through 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. Directory traversal exists for reading files, as demonstrated by the FileName parameter. | |||||
| CVE-2020-13550 | 1 Advantech | 1 Webaccess\/scada | 2022-06-29 | 4.0 MEDIUM | 7.7 HIGH |
| A local file inclusion vulnerability exists in the installation functionality of Advantech WebAccess/SCADA 9.0.1. A specially crafted application can lead to information disclosure. An attacker can send an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2022-34177 | 1 Jenkins | 1 Pipeline\ | 2022-06-29 | 5.0 MEDIUM | 7.5 HIGH |
| Jenkins Pipeline: Input Step Plugin 448.v37cea_9a_10a_70 and earlier archives files uploaded for `file` parameters for Pipeline `input` steps on the controller as part of build metadata, using the parameter name without sanitization as a relative path inside a build-related directory, allowing attackers able to configure Pipelines to create or replace arbitrary files on the Jenkins controller file system with attacker-specified content. | |||||
| CVE-2022-34179 | 1 Jenkins | 1 Embeddable Build Status | 2022-06-29 | 5.0 MEDIUM | 7.5 HIGH |
| Jenkins Embeddable Build Status Plugin 2.0.3 and earlier allows specifying a `style` query parameter that is used to choose a different SVG image style without restricting possible values, resulting in a relative path traversal vulnerability that allows attackers without Overall/Read permission to specify paths to other SVG images on the Jenkins controller file system. | |||||
| CVE-2022-33995 | 1 Devolutions | 1 Remote Desktop Manager | 2022-06-28 | 5.0 MEDIUM | 7.5 HIGH |
| A path traversal issue in entry attachments in Devolutions Remote Desktop Manager before 2022.2 allows attackers to create or overwrite files in an arbitrary location. | |||||
| CVE-2022-31062 | 1 Glpi-project | 1 Glpi Inventory | 2022-06-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| ### Impact A plugin public script can be used to read content of system files. ### Patches Upgrade to version 1.0.2. ### Workarounds `b/deploy/index.php` file can be deleted if deploy feature is not used. | |||||
| CVE-2022-31372 | 1 Wiris | 1 Mathtype | 2022-06-28 | 5.0 MEDIUM | 7.5 HIGH |
| Wiris Mathtype v7.28.0 was discovered to contain a path traversal vulnerability in the resourceFile parameter. This vulnerability is exploited via a crafted request to the resource handler. | |||||
| CVE-2022-25856 | 1 Argo Events Project | 1 Argo Events | 2022-06-28 | 5.0 MEDIUM | 7.5 HIGH |
| The package github.com/argoproj/argo-events/sensors/artifacts before 1.7.1 are vulnerable to Directory Traversal in the (g *GitArtifactReader).Read() API in git.go. This could allow arbitrary file reads if the GitArtifactReader is provided a pathname containing a symbolic link or an implicit directory name such as ... | |||||
| CVE-2022-29509 | 1 Tandd | 3 T\&d Server, Thermo Recorder Data Server, Thermo Recorder Data Server Firmware | 2022-06-27 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in T&D Data Server (Japanese Edition) Ver.2.22 and earlier, T&D Data Server (English Edition) Ver.2.30 and earlier, THERMO RECORDER DATA SERVER (Japanese Edition) Ver.2.13 and earlier, and THERMO RECORDER DATA SERVER (English Edition) Ver.2.13 and earlier allows a remote attacker to view an arbitrary file on the server via unspecified vectors. | |||||
| CVE-2014-4650 | 2 Python, Redhat | 3 Python, Enterprise Linux, Software Collections | 2022-06-27 | 7.5 HIGH | 9.8 CRITICAL |
| The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demonstrated by a %2f separator. | |||||
| CVE-2018-1271 | 2 Oracle, Vmware | 28 Application Testing Suite, Big Data Discovery, Communications Converged Application Server and 25 more | 2022-06-23 | 4.3 MEDIUM | 5.9 MEDIUM |
| Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack. | |||||
| CVE-2022-1657 | 1 Artbees | 2 Jupiter, Jupiterx | 2022-06-21 | 6.5 MEDIUM | 8.8 HIGH |
| Vulnerable versions of the Jupiter (<= 6.10.1) and JupiterX (<= 2.0.6) Themes allow logged-in users, including subscriber-level users, to perform Path Traversal and Local File inclusion. In the JupiterX theme, the jupiterx_cp_load_pane_action AJAX action present in the lib/admin/control-panel/control-panel.php file calls the load_control_panel_pane function. It is possible to use this action to include any local PHP file via the slug parameter. The Jupiter theme has a nearly identical vulnerability which can be exploited via the mka_cp_load_pane_action AJAX action present in the framework/admin/control-panel/logic/functions.php file, which calls the mka_cp_load_pane_action function. | |||||