Total
5025 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-11439 | 1 Librehealth | 1 Librehealth Ehr | 2021-07-21 | 9.0 HIGH | 8.8 HIGH |
| LibreHealth EMR v2.0.0 is affected by a Local File Inclusion issue allowing arbitrary PHP to be included and executed within the EMR application. | |||||
| CVE-2020-18665 | 1 Webport | 1 Web Port | 2021-07-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| Directory Traversal vulnerability in WebPort <=1.19.1 in tags of system settings. | |||||
| CVE-2021-33211 | 1 Element-it | 1 Http Commander | 2021-07-16 | 4.0 MEDIUM | 6.5 MEDIUM |
| A Directory Traversal vulnerability in the Unzip feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to write files to arbitrary directories via relative paths in ZIP archives. | |||||
| CVE-2021-22440 | 1 Huawei | 12 Hima-l29c, Hima-l29c Firmware, Laya-al00ep and 9 more | 2021-07-15 | 2.1 LOW | 4.6 MEDIUM |
| There is a path traversal vulnerability in some Huawei products. The vulnerability is due to that the software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly validate the pathname. Successful exploit could allow the attacker to access a location that is outside of the restricted directory by a crafted filename. Affected product versions include:HUAWEI Mate 20 9.0.0.195(C01E195R2P1), 9.1.0.139(C00E133R3P1);HUAWEI Mate 20 Pro 9.0.0.187(C432E10R1P16), 9.0.0.188(C185E10R2P1), 9.0.0.245(C10E10R2P1), 9.0.0.266(C432E10R1P16), 9.0.0.267(C636E10R2P1), 9.0.0.268(C635E12R1P16), 9.0.0.278(C185E10R2P1); Hima-L29C 9.0.0.105(C10E9R1P16), 9.0.0.105(C185E9R1P16), 9.0.0.105(C636E9R1P16); Laya-AL00EP 9.1.0.139(C786E133R3P1); OxfordS-AN00A 10.1.0.223(C00E210R5P1); Tony-AL00B 9.1.0.257(C00E222R2P1). | |||||
| CVE-2021-32746 | 1 Icinga | 1 Icinga | 2021-07-15 | 3.5 LOW | 5.3 MEDIUM |
| Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Between versions 2.3.0 and 2.8.2, the `doc` module of Icinga Web 2 allows to view documentation directly in the UI. It must be enabled manually by an administrator and users need explicit access permission to use it. Then, by visiting a certain route, it is possible to gain access to arbitrary files readable by the web-server user. The issue has been fixed in the 2.9.0, 2.8.3, and 2.7.5 releases. As a workaround, an administrator may disable the `doc` module or revoke permission to use it from all users. | |||||
| CVE-2021-24013 | 1 Fortinet | 1 Fortimail | 2021-07-13 | 4.0 MEDIUM | 6.5 MEDIUM |
| Multiple Path traversal vulnerabilities in the Webmail of FortiMail before 6.4.4 may allow a regular user to obtain unauthorized access to files and data via specifically crafted web requests. | |||||
| CVE-2020-24146 | 1 Cminds | 1 Cm Download Manager | 2021-07-12 | 5.5 MEDIUM | 8.1 HIGH |
| Directory traversal in the CM Download Manager (aka cm-download-manager) plugin 2.7.0 for WordPress allows authorized users to delete arbitrary files and possibly cause a denial of service via the fileName parameter in a deletescreenshot action. | |||||
| CVE-2020-24144 | 1 Media File Organizer Project | 1 Media File Organizer | 2021-07-10 | 5.0 MEDIUM | 8.6 HIGH |
| Directory traversal in the Media File Organizer (aka media-file-organizer) plugin 1.0.1 for WordPress lets an attacker get access to files that are stored outside the web root folder via the items[] parameter in a move operation. | |||||
| CVE-2021-33215 | 1 Commscope | 1 Ruckus Iot Controller | 2021-07-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. The API allows Directory Traversal. | |||||
| CVE-2021-24375 | 1 Stockware | 1 Motor | 2021-07-09 | 7.5 HIGH | 9.8 CRITICAL |
| Lack of authentication or validation in motor_load_more, motor_gallery_load_more, motor_quick_view and motor_project_quick_view AJAX handlers of the Motor WordPress theme before 3.1.0 allows an unauthenticated attacker access to arbitrary files in the server file system, and to execute arbitrary php scripts found on the server file system. We found no vulnerability for uploading files with this theme, so any scripts to be executed must already be on the server file system. | |||||
| CVE-2021-28584 | 1 Magento | 1 Magento | 2021-07-06 | 6.5 MEDIUM | 7.2 HIGH |
| Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are affected by a Path Traversal vulnerability when creating a store with child theme.Successful exploitation could lead to arbitrary file system write by an authenticated attacker. Access to the admin console is required for successful exploitation. | |||||
| CVE-2001-0925 | 2 Apache, Debian | 2 Http Server, Debian Linux | 2021-07-06 | 5.0 MEDIUM | N/A |
| The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex. | |||||
| CVE-2021-21102 | 2 Adobe, Microsoft | 2 Illustrator, Windows | 2021-07-06 | 9.3 HIGH | 8.8 HIGH |
| Adobe Illustrator version 25.2 (and earlier) is affected by a Path Traversal vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-21090 | 2 Adobe, Microsoft | 2 Incopy, Windows | 2021-07-06 | 9.3 HIGH | 8.8 HIGH |
| Adobe InCopy version 16.0 (and earlier) is affected by an path traversal vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve remote code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2020-23715 | 1 Webport Cms Project | 1 Webport Cms | 2021-07-02 | 5.0 MEDIUM | 8.6 HIGH |
| Directory Traversal vulnerability in Webport CMS 1.19.10.17121 via the file parameter to file/download. | |||||
| CVE-2021-28588 | 1 Adobe | 1 Robohelp Server | 2021-07-02 | 9.0 HIGH | 8.8 HIGH |
| Adobe RoboHelp Server version 2019.0.9 (and earlier) is affected by a Path Traversal vulnerability when parsing a crafted HTTP POST request. An authenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. | |||||
| CVE-2018-6409 | 1 Machform | 1 Machform | 2021-07-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Appnitro MachForm before 4.2.3. The module in charge of serving stored files gets the path from the database. Modifying the name of the file to serve on the corresponding ap_form table leads to a path traversal vulnerability via the download.php q parameter. | |||||
| CVE-2021-29087 | 1 Synology | 2 Diskstation Manager, Diskstation Manager Unified Controller | 2021-06-29 | 5.0 MEDIUM | 7.5 HIGH |
| Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to write arbitrary files via unspecified vectors. | |||||
| CVE-2011-4675 | 1 Widelands | 1 Widelands | 2021-06-25 | 6.4 MEDIUM | N/A |
| The pathname canonicalization functionality in io/filesystem/filesystem.cc in Widelands before 15.1 expands leading ~ (tilde) characters to home-directory pathnames but does not restrict use of these characters in strings received from the network, which might allow remote attackers to conduct absolute path traversal attacks and overwrite arbitrary files via a ~ in a pathname that is used for a file transfer in an Internet game, a different vulnerability than CVE-2011-1932. | |||||
| CVE-2011-1932 | 1 Widelands | 1 Widelands | 2021-06-25 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in io/filesystem/filesystem.cc in Widelands before 15.1 might allow remote attackers to overwrite arbitrary files via . (dot) characters in a pathname that is used for a file transfer in an Internet game. | |||||