Total
5025 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-32427 | 1 Printerlogic | 1 Windows Client | 2023-02-10 | N/A | 8.8 HIGH |
| PrinterLogic Windows Client through 25.0.0.676 allows attackers to execute directory traversal. Authenticated users with prior knowledge of the driver filename could exploit this to escalate privileges or distribute malicious content. This issue has been resolved in PrinterLogic Windows Client 25.0.0688 and all affected are advised to upgrade. | |||||
| CVE-2022-3560 | 3 Fedoraproject, Pesign Project, Redhat | 3 Fedora, Pesign, Enterprise Linux | 2023-02-10 | N/A | 5.5 MEDIUM |
| A flaw was found in pesign. The pesign package provides a systemd service used to start the pesign daemon. This service unit runs a script to set ACLs for /etc/pki/pesign and /run/pesign directories to grant access privileges to users in the 'pesign' group. However, the script doesn't check for symbolic links. This could allow an attacker to gain access to privileged files and directories via a path traversal attack. | |||||
| CVE-2021-36425 | 1 Phpwcms | 1 Phpwcms | 2023-02-09 | N/A | 5.4 MEDIUM |
| Directory traversal vulnerability in phpcms 1.9.25 allows remote attackers to delete arbitrary files via unfiltered $file parameter to unlink method in include/inc_act/act_ftptakeover.php file. | |||||
| CVE-2019-3720 | 1 Dell | 1 Emc Openmanage Server Administrator | 2023-02-09 | 4.0 MEDIUM | 4.9 MEDIUM |
| Dell EMC Open Manage System Administrator (OMSA) versions prior to 9.3.0 contain a Directory Traversal Vulnerability. A remote authenticated malicious user with admin privileges could potentially exploit this vulnerability to gain unauthorized access to the file system by exploiting insufficient sanitization of input parameters. | |||||
| CVE-2016-15023 | 1 Sitefusion | 1 Application Server | 2023-02-08 | N/A | 5.3 MEDIUM |
| A vulnerability, which was classified as problematic, was found in SiteFusion Application Server up to 6.6.6. This affects an unknown part of the file getextension.php of the component Extension Handler. The manipulation leads to path traversal. Upgrading to version 6.6.7 is able to address this issue. The name of the patch is 49fff155c303d6cd06ce8f97bba56c9084bf08ac. It is recommended to upgrade the affected component. The identifier VDB-219765 was assigned to this vulnerability. | |||||
| CVE-2023-23136 | 1 Lmxcms | 1 Lmxcms | 2023-02-08 | N/A | 6.5 MEDIUM |
| lmxcms v1.41 was discovered to contain an arbitrary file deletion vulnerability via BackdbAction.class.php. | |||||
| CVE-2023-0593 | 1 Yaffshiv Project | 1 Yaffshiv | 2023-02-08 | N/A | 5.5 MEDIUM |
| A path traversal vulnerability affects yaffshiv YAFFS filesystem extractor. By crafting a malicious YAFFS file, an attacker could force yaffshiv to write outside of the extraction directory. This issue affects yaffshiv up to version 0.1 included, which is the most recent at time of publication. | |||||
| CVE-2023-0592 | 1 Jefferson Project | 1 Jefferson | 2023-02-08 | N/A | 5.5 MEDIUM |
| A path traversal vulnerability affects jefferson's JFFS2 filesystem extractor. By crafting malicious JFFS2 files, attackers could force jefferson to write outside of the extraction directory.This issue affects jefferson: before 0.4.1. | |||||
| CVE-2022-46835 | 1 Sailpoint | 1 Identityiq | 2023-02-07 | N/A | 7.5 HIGH |
| IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p2, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p5, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6 allow access to arbitrary files in the application server filesystem due to a path traversal vulnerability in JavaServer Faces (JSF) 2.2.20 documented in CVE-2020-6950. | |||||
| CVE-2022-47768 | 1 Serinf | 1 Fast Checkin | 2023-02-07 | N/A | 7.5 HIGH |
| Serenissima Informatica Fast Checkin 1.0 is vulnerable to Directory Traversal. | |||||
| CVE-2023-0454 | 1 Orangescrum | 1 Orangescrum | 2023-02-07 | N/A | 8.1 HIGH |
| OrangeScrum version 2.0.11 allows an authenticated external attacker to delete arbitrary local files from the server. This is possible because the application uses an unsanitized attacker-controlled parameter to construct an internal path. | |||||
| CVE-2022-25936 | 1 Servst Project | 1 Servst | 2023-02-07 | N/A | 7.5 HIGH |
| Versions of the package servst before 2.0.3 are vulnerable to Directory Traversal due to improper sanitization of the filePath variable. | |||||
| CVE-2022-39812 | 1 Italtel | 1 Netmatch-s Ci | 2023-02-07 | N/A | 7.5 HIGH |
| Italtel NetMatch-S CI 5.2.0-20211008 allows Absolute Path Traversal under NMSCI-WebGui/SaveFileUploader. An unauthenticated user can upload files to an arbitrary path. An attacker can change the uploadDir parameter in a POST request (not possible using the GUI) to an arbitrary directory. Because the application does not check in which directory a file will be uploaded, an attacker can perform a variety of attacks that can result in unauthorized access to the server. | |||||
| CVE-2023-0591 | 1 Ubi Reader Project | 1 Ubi Reader | 2023-02-07 | N/A | 5.5 MEDIUM |
| ubireader_extract_files is vulnerable to path traversal when run against specifically crafted UBIFS files, allowing the attacker to overwrite files outside of the extraction directory (provided the process has write access to that file or directory). This is due to the fact that a node name (dent_node.name) is considered trusted and joined to the extraction directory path during processing, then the node content is written to that joined path. By crafting a malicious UBIFS file with node names holding path traversal payloads (e.g. ../../tmp/outside.txt), it's possible to force ubi_reader to write outside of the extraction directory. This issue affects ubi-reader before 0.8.5. | |||||
| CVE-2022-39059 | 1 Changingtec | 1 Megaservisignadapter | 2023-02-07 | N/A | 7.5 HIGH |
| ChangingTech MegaServiSignAdapter component has a path traversal vulnerability within its file reading function. An unauthenticated remote attacker can exploit this vulnerability to access arbitrary system files. | |||||
| CVE-2022-22731 | 1 Schneider-electric | 1 Ecostruxure Power Commission | 2023-02-06 | N/A | 9.8 CRITICAL |
| A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in a function that could allow an attacker to create or overwrite critical files that are used to execute code, such as programs or libraries and cause path traversal attacks. Affected Products: EcoStruxure Power Commission (Versions prior to V2.22) | |||||
| CVE-2022-0223 | 1 Schneider-electric | 1 Ecostruxure Power Commission | 2023-02-06 | N/A | 9.8 CRITICAL |
| A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could allow an attacker to create or overwrite critical files that are used to execute code, such as programs or libraries and cause unauthenticated code execution. Affected Products: EcoStruxure Power Commission (Versions prior to V2.22) | |||||
| CVE-2022-38451 | 2 Freshtomato, Siretta | 3 Freshtomato, Quartz-gold, Quartz-gold Firmware | 2023-02-06 | N/A | 7.5 HIGH |
| A directory traversal vulnerability exists in the httpd update.cgi functionality of FreshTomato 2022.5. A specially crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2019-25053 | 1 Sage | 1 Sage Frp 1000 | 2023-02-06 | N/A | 7.5 HIGH |
| A path traversal vulnerability exists in Sage FRP 1000 before November 2019. This allows remote unauthenticated attackers to access files outside of the web tree via a crafted URL. | |||||
| CVE-2022-2712 | 1 Eclipse | 1 Glassfish | 2023-02-06 | N/A | 7.5 HIGH |
| In Eclipse GlassFish versions 5.1.0 to 6.2.5, there is a vulnerability in relative path traversal because it does not filter request path starting with './'. Successful exploitation could allow an remote unauthenticated attacker to access critical data, such as configuration files and deployed application source code. | |||||