Total
5025 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-19290 | 1 Siemens | 2 Sinvr 3 Central Control Server, Sinvr 3 Video Server | 2021-04-22 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The DOWNLOADS section in the web interface of the Control Center Server (CCS) contains a path traversal vulnerability that could allow an authenticated remote attacker to access and download arbitrary files from the server where CCS is installed. | |||||
| CVE-2017-15363 | 1 Luracast | 1 Restler | 2021-04-21 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in public/examples/resources/getsource.php in Luracast Restler through 3.0.0, as used in the restler extension before 1.7.1 for TYPO3, allows remote attackers to read arbitrary files via the file parameter. | |||||
| CVE-2010-4931 | 1 Php-fusion | 1 Php-fusion | 2021-04-21 | 10.0 HIGH | N/A |
| ** DISPUTED ** Directory traversal vulnerability in maincore.php in PHP-Fusion allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the folder_level parameter. NOTE: this issue has been disputed by a reliable third party. | |||||
| CVE-2017-12637 | 1 Sap | 1 Netweaver Application Server Java | 2021-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS in SAP NetWeaver Application Server Java 7.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the query string, as exploited in the wild in August 2017, aka SAP Security Note 2486657. | |||||
| CVE-2021-22190 | 1 Gitlab | 1 Gitlab | 2021-04-19 | 4.0 MEDIUM | 6.5 MEDIUM |
| A path traversal vulnerability via the GitLab Workhorse in all versions of GitLab could result in the leakage of a JWT token | |||||
| CVE-2020-24136 | 1 Wcms | 1 Wcms | 2021-04-19 | 7.8 HIGH | 8.6 HIGH |
| Directory traversal in Wcms 0.3.2 allows an attacker to read arbitrary files on the server that is running an application via the pagename parameter to wex/html.php. | |||||
| CVE-2021-28209 | 1 Asus | 88 Asmb9-ikvm, Asmb9-ikvm Firmware, E700 G4 and 85 more | 2021-04-14 | 6.8 MEDIUM | 4.9 MEDIUM |
| The specific function in ASUS BMC’s firmware Web management page (Delete video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files. | |||||
| CVE-2021-28208 | 1 Asus | 88 Asmb9-ikvm, Asmb9-ikvm Firmware, E700 G4 and 85 more | 2021-04-14 | 6.8 MEDIUM | 4.9 MEDIUM |
| The specific function in ASUS BMC’s firmware Web management page (Get video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files. | |||||
| CVE-2021-28207 | 1 Asus | 88 Asmb9-ikvm, Asmb9-ikvm Firmware, E700 G4 and 85 more | 2021-04-14 | 6.8 MEDIUM | 4.9 MEDIUM |
| The specific function in ASUS BMC’s firmware Web management page (Get Help file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files. | |||||
| CVE-2021-28206 | 1 Asus | 88 Asmb9-ikvm, Asmb9-ikvm Firmware, E700 G4 and 85 more | 2021-04-14 | 6.8 MEDIUM | 4.9 MEDIUM |
| The specific function in ASUS BMC’s firmware Web management page (Record video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files. | |||||
| CVE-2021-28205 | 1 Asus | 6 Asmb8-ikvm, Asmb8-ikvm Firmware, Z10pe-d16 Ws and 3 more | 2021-04-14 | 6.8 MEDIUM | 4.9 MEDIUM |
| The specific function in ASUS BMC’s firmware Web management page (Delete SOL video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files. | |||||
| CVE-2020-24137 | 1 Wcms | 1 Wcms | 2021-04-13 | 5.0 MEDIUM | 5.3 MEDIUM |
| Directory traversal vulnerability in Wcms 0.3.2 allows an attacker to read arbitrary files on the server that is running an application via the path parameter to wex/cssjs.php. | |||||
| CVE-2014-3460 | 1 Microfocus | 2 Sentinel, Sentinel Agent Manager | 2021-04-13 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in the DumpToFile method in the NQMcsVarSet ActiveX control in Agent Manager in NetIQ Sentinel allows remote attackers to create arbitrary files, and consequently execute arbitrary code, via a crafted pathname. | |||||
| CVE-2012-5931 | 1 Microfocus | 1 Privileged User Manager | 2021-04-13 | 5.5 MEDIUM | N/A |
| Directory traversal vulnerability in the set_log_config function in regclnt.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 allows remote authenticated users to create or overwrite arbitrary files via directory traversal sequences in a log pathname. | |||||
| CVE-2021-20692 | 1 Eikisoft | 1 Archive Collectively Operation Utility | 2021-04-12 | 5.8 MEDIUM | 7.1 HIGH |
| Directory traversal vulnerability in Archive collectively operation utility Ver.2.10.1.0 and earlier allows an attacker to create or overwrite files by leading a user to expand a malicious ZIP archives. | |||||
| CVE-2011-1654 | 1 Broadcom | 1 Total Defense | 2021-04-12 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in the Heartbeat Web Service in CA.Itm.Server.ManagementWS.dll in the Management Server in CA Total Defense (TD) r12 before SE2 allows remote attackers to execute arbitrary code via directory traversal sequences in the GUID parameter in an upload request to FileUploadHandler.ashx. | |||||
| CVE-2008-2241 | 2 Broadcom, Ca | 4 Brightstor Arcserve Backup, Server Protection Suite, Brightstor Arcserve Backup and 1 more | 2021-04-09 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in caloggerd in CA BrightStor ARCServe Backup 11.0, 11.1, and 11.5 allows remote attackers to append arbitrary data to arbitrary files via directory traversal sequences in unspecified input fields, which are used in log messages. NOTE: this can be leveraged for code execution in many installation environments by writing to a startup file or configuration file. | |||||
| CVE-2008-4397 | 2 Broadcom, Ca | 5 Arcserve Backup, Business Protection Suite, Server Protection Suite and 2 more | 2021-04-09 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in the RPC interface (asdbapi.dll) in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to execute arbitrary commands via a .. (dot dot) in an RPC call with opnum 0x10A. | |||||
| CVE-2021-28172 | 1 Deltaflow Project | 1 Deltaflow | 2021-04-09 | 5.0 MEDIUM | 7.5 HIGH |
| There is a Path Traversal vulnerability in the file download function of Vangene deltaFlow E-platform. Remote attackers can access credential data with this leakage. | |||||
| CVE-2020-13419 | 1 Openiam | 1 Openiam | 2021-04-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| OpenIAM before 4.2.0.3 allows Directory Traversal in the Batch task. | |||||