Total
5025 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-25842 | 1 Alibabagroup | 1 One-java-agent | 2022-05-11 | 7.5 HIGH | 9.8 CRITICAL |
| All versions of package com.alibaba.oneagent:one-java-agent-plugin are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) using a specially crafted archive that holds directory traversal filenames (e.g. ../../evil.exe). The attacker can overwrite executable files and either invoke them remotely or wait for the system or user to call them, thus achieving remote command execution on the victim’s machine. | |||||
| CVE-2022-28451 | 1 Nopcommerce | 1 Nopcommerce | 2022-05-10 | 5.0 MEDIUM | 7.5 HIGH |
| nopCommerce 4.50.1 is vulnerable to Directory Traversal via the backup file in the Maintenance feature. | |||||
| CVE-2022-1166 | 1 Nootheme | 1 Jobmonster | 2022-05-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| The JobMonster Theme was vulnerable to Directory Listing in the /wp-content/uploads/jobmonster/ folder, as it did not include a default PHP file, or .htaccess file. This could expose personal data such as people's resumes. Although Directory Listing can be prevented by securely configuring the web server, vendors can also take measures to make it less likely to happen. | |||||
| CVE-2022-29967 | 1 Glewlwyd Project | 1 Glewlwyd | 2022-05-10 | 5.0 MEDIUM | 7.5 HIGH |
| static_compressed_inmemory_website_callback.c in Glewlwyd through 2.6.2 allows directory traversal. | |||||
| CVE-2022-1554 | 1 Clinical-genomics | 1 Scout | 2022-05-10 | 5.0 MEDIUM | 7.5 HIGH |
| Path Traversal due to `send_file` call in GitHub repository clinical-genomics/scout prior to 4.52. | |||||
| CVE-2021-46421 | 1 Franklinfueling | 2 Ts-550 Evo, Ts-550 Evo Firmware | 2022-05-09 | 5.0 MEDIUM | 7.5 HIGH |
| Franklin Fueling Systems FFS T5 Series 1.8.7.7299 is affected by an unauthenticated directory traversal vulnerability, which allows an attacker to obtain sensitive information. | |||||
| CVE-2021-43930 | 1 Smartptt | 1 Smartptt Scada | 2022-05-09 | 4.0 MEDIUM | 4.9 MEDIUM |
| Elcomplus SmartPTT is vulnerable as the backup and restore system does not adequately validate download requests, enabling malicious users to perform path traversal attacks and potentially download arbitrary files from the system. | |||||
| CVE-2021-26629 | 2 Microsoft, Tobesoft | 2 Windows, Xplatform | 2022-05-06 | 6.8 MEDIUM | 8.8 HIGH |
| A path traversal vulnerability in XPLATFORM's runtime archive function could lead to arbitrary file creation. When the .xzip archive file is decompressed, an arbitrary file can be d in the parent path by using the path traversal pattern ‘..\’. | |||||
| CVE-2022-29806 | 1 Zoneminder | 1 Zoneminder | 2022-05-06 | 7.5 HIGH | 9.8 CRITICAL |
| ZoneMinder before 1.36.13 allows remote code execution via an invalid language. Ability to create a debug log file at an arbitrary pathname contributes to exploitability. | |||||
| CVE-2021-46420 | 1 Franklinfueling | 2 Ts-550 Evo, Ts-550 Evo Firmware | 2022-05-06 | 5.0 MEDIUM | 7.5 HIGH |
| Franklin Fueling Systems FFS TS-550 evo 2.23.4.8936 is affected by an unauthenticated directory traversal vulnerability, which allows an attacker to obtain sensitive information. | |||||
| CVE-2021-35250 | 1 Solarwinds | 1 Serv-u | 2022-05-05 | 5.0 MEDIUM | 7.5 HIGH |
| A researcher reported a Directory Transversal Vulnerability in Serv-U 15.3. This may allow access to files relating to the Serv-U installation and server files. This issue has been resolved in Serv-U 15.3 Hotfix 1. | |||||
| CVE-2022-28527 | 1 Dhcms Project | 1 Dhcms | 2022-05-05 | 5.5 MEDIUM | 8.1 HIGH |
| dhcms v20170919 was discovered to contain an arbitrary folder deletion vulnerability via /admin.php?r=admin/AdminBackup/del. | |||||
| CVE-2022-28523 | 1 Hongcms Project | 1 Hongcms | 2022-05-05 | 5.5 MEDIUM | 8.1 HIGH |
| HongCMS 3.0.0 allows arbitrary file deletion via the component /admin/index.php/template/ajax?action=delete. | |||||
| CVE-2022-28058 | 1 Verydows | 1 Verydows | 2022-05-04 | 5.5 MEDIUM | 8.1 HIGH |
| Verydows v2.0 was discovered to contain an arbitrary file deletion vulnerability via \backend\file_controller.php. | |||||
| CVE-2022-28059 | 1 Verydows | 1 Verydows | 2022-05-04 | 5.5 MEDIUM | 8.1 HIGH |
| Verydows v2.0 was discovered to contain an arbitrary file deletion vulnerability via \backend\database_controller.php. | |||||
| CVE-2021-40680 | 1 Articatech | 1 Web Proxy | 2022-05-04 | 5.5 MEDIUM | 8.1 HIGH |
| There is a Directory Traversal vulnerability in Artica Proxy (4.30.000000 SP206 through SP255, and VMware appliance 4.30.000000 through SP273) via the filename parameter to /cgi-bin/main.cgi. | |||||
| CVE-2022-1390 | 1 Admin Word Count Column Project | 1 Admin Word Count Column | 2022-05-04 | 7.5 HIGH | 9.8 CRITICAL |
| The Admin Word Count Column WordPress plugin through 2.2 does not validate the path parameter given to readfile(), which could allow unauthenticated attackers to read arbitrary files on server running old version of PHP susceptible to the null byte technique. This could also lead to RCE by using a Phar Deserialization technique | |||||
| CVE-2022-1392 | 1 Commoninja | 1 Videos Sync Pdf | 2022-05-04 | 5.0 MEDIUM | 7.5 HIGH |
| The Videos sync PDF WordPress plugin through 1.7.4 does not validate the p parameter before using it in an include statement, which could lead to Local File Inclusion issues | |||||
| CVE-2022-24424 | 1 Dell | 1 Emc Appsync | 2022-05-03 | 5.0 MEDIUM | 7.5 HIGH |
| Dell EMC AppSync versions from 3.9 to 4.3 contain a path traversal vulnerability in AppSync server. A remote unauthenticated attacker may potentially exploit this vulnerability to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application. | |||||
| CVE-2021-37023 | 1 Huawei | 1 Harmonyos | 2022-05-03 | 6.4 MEDIUM | 6.5 MEDIUM |
| There is a Improper Access Control vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause media files which can be reads and writes in non-distributed directories on any device on the network.. | |||||