Total
5025 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-24689 | 1 Mojoportal | 1 Mojoportal | 2023-02-16 | N/A | 4.3 MEDIUM |
| An issue in Mojoportal v2.7.0.0 and below allows an authenticated attacker to list all css files inside the root path of the webserver via manipulation of the "s" parameter in /DesignTools/ManageSkin.aspx | |||||
| CVE-2022-1721 | 1 Diagrams | 1 Drawio | 2023-02-16 | 5.0 MEDIUM | 7.5 HIGH |
| Path Traversal in WellKnownServlet in GitHub repository jgraph/drawio prior to 18.0.5. Read local files of the web application. | |||||
| CVE-2021-36471 | 1 Adminlte.io | 1 Adminlte | 2023-02-15 | N/A | 9.8 CRITICAL |
| Directory Traversal vulnerability in AdminLTE 3.1.0 allows remote attackers to gain escalated privilege and view sensitive information via /admin/index2.html, /admin/index3.html URIs. | |||||
| CVE-2023-0159 | 1 Wprealize | 1 Extensive Vc Addons For Wpbakery Page Builder | 2023-02-15 | N/A | 7.5 HIGH |
| The Extensive VC Addons for WPBakery page builder WordPress plugin before 1.9.1 does not validate a parameter passed to the php extract function when loading templates, allowing an unauthenticated attacker to override the template path to read arbitrary files from the hosts file system. | |||||
| CVE-2017-9833 | 1 Boa | 1 Boa | 2023-02-14 | 7.8 HIGH | 7.5 HIGH |
| ** DISPUTED ** /cgi-bin/wapopen in Boa 0.94.14rc21 allows the injection of "../.." using the FILECAMERA variable (sent by GET) to read files with root privileges. NOTE: multiple third parties report that this is a system-integrator issue (e.g., a vulnerability on one type of camera) because Boa does not include any wapopen program or any code to read a FILECAMERA variable. | |||||
| CVE-2022-45783 | 1 Dotcms | 1 Dotcms | 2023-02-14 | N/A | 6.5 MEDIUM |
| An issue was discovered in dotCMS core 4.x through 22.10.2. An authenticated directory traversal vulnerability in the dotCMS API can lead to Remote Code Execution. | |||||
| CVE-2021-37317 | 1 Asus | 2 Rt-ac68u, Rt-ac68u Firmware | 2023-02-13 | N/A | 9.1 CRITICAL |
| Directory Traversal vulnerability in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634 allows remote attackers to write arbitrary files via improper sanitation on the target for COPY and MOVE operations. | |||||
| CVE-2018-1047 | 1 Redhat | 3 Enterprise Linux Server, Jboss Enterprise Application Platform, Jboss Wildfly Application Server | 2023-02-12 | 2.1 LOW | 5.5 MEDIUM |
| A flaw was found in Wildfly 9.x. A path traversal vulnerability through the org.wildfly.extension.undertow.deployment.ServletResourceManager.getResource method could lead to information disclosure of arbitrary local files. | |||||
| CVE-2018-14654 | 2 Debian, Redhat | 6 Debian Linux, Enterprise Linux Server, Enterprise Linux Virtualization and 3 more | 2023-02-12 | 8.5 HIGH | 6.5 MEDIUM |
| The Gluster file system through version 4.1.4 is vulnerable to abuse of the 'features/index' translator. A remote attacker with access to mount volumes could exploit this via the 'GF_XATTROP_ENTRY_IN_KEY' xattrop to create arbitrary, empty files on the target server. | |||||
| CVE-2016-6321 | 1 Gnu | 1 Tar | 2023-02-12 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER. | |||||
| CVE-2013-6397 | 1 Apache | 1 Solr | 2023-02-12 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) or full pathname in the tr parameter to solr/select/, when the response writer (wt parameter) is set to XSLT. NOTE: this can be leveraged using a separate XXE (XML eXternal Entity) vulnerability to allow access to files across restricted network boundaries. | |||||
| CVE-2013-0262 | 1 Rack Project | 1 Rack | 2023-02-12 | 4.3 MEDIUM | N/A |
| rack/file.rb (Rack::File) in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATH_INFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka "symlink path traversals." | |||||
| CVE-2011-2718 | 1 Phpmyadmin | 1 Phpmyadmin | 2023-02-12 | 6.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in the relational schema implementation in phpMyAdmin 3.4.x before 3.4.3.2 allow remote authenticated users to include and execute arbitrary local files via directory traversal sequences in an export type field, related to (1) libraries/schema/User_Schema.class.php and (2) schema_export.php. | |||||
| CVE-2010-0013 | 2 Adium, Pidgin | 2 Adium, Pidgin | 2023-02-12 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. NOTE: it could be argued that this is resultant from a vulnerability in which an emoticon download request is processed even without a preceding text/x-mms-emoticon message that announced availability of the emoticon. | |||||
| CVE-2009-3625 | 1 Sahana | 1 Sahana | 2023-02-12 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in www/index.php in Sahana 0.6.2.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the mod parameter. | |||||
| CVE-2009-5067 | 1 Html2ps Project | 1 Html2ps | 2023-02-12 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in html2ps before 1.0b6 allows remote attackers to read arbitrary files via a .. (dot dot) in the "include file" SSI directive. NOTE: this issue only might be a vulnerability in limited scenarios, such as if html2ps is invoked by a web application, or if a user-assisted attacker provides filenames whose contents could cause a denial of service, such as certain devices. | |||||
| CVE-2008-2938 | 1 Apache | 1 Tomcat | 2023-02-12 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version. | |||||
| CVE-2008-5515 | 1 Apache | 1 Tomcat | 2023-02-12 | 5.0 MEDIUM | N/A |
| Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request. | |||||
| CVE-2008-2370 | 1 Apache | 1 Tomcat | 2023-02-12 | 5.0 MEDIUM | N/A |
| Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter. | |||||
| CVE-2007-5960 | 1 Mozilla | 2 Firefox, Seamonkey | 2023-02-12 | 4.3 MEDIUM | N/A |
| Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 sets the Referer header to the window or frame in which script is running, instead of the address of the content that initiated the script, which allows remote attackers to spoof HTTP Referer headers and bypass Referer-based CSRF protection schemes by setting window.location and using a modal alert dialog that causes the wrong Referer to be sent. | |||||