Total
5025 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-8074 | 1 Adobe | 1 Coldfusion | 2020-09-04 | 10.0 HIGH | 9.8 CRITICAL |
| ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Path Traversal vulnerability. Successful exploitation could lead to Access Control Bypass in the context of the current user. | |||||
| CVE-2020-15858 | 1 Thalesgroup | 18 Bgs5, Bgs5 Firmware, Ehs5 and 15 more | 2020-09-03 | 3.6 LOW | 6.4 MEDIUM |
| Some devices of Thales DIS (formerly Gemalto, formerly Cinterion) allow Directory Traversal by physically proximate attackers. The directory path access check of the internal flash file system can be circumvented. This flash file system can store application-specific data and data needed for customer Java applications, TLS and OTAP (Java over-the-air-provisioning) functionality. The affected products and releases are: BGS5 up to and including SW RN 02.000 / ARN 01.001.06 EHSx and PDSx up to and including SW RN 04.003 / ARN 01.000.04 ELS61 up to and including SW RN 02.002 / ARN 01.000.04 ELS81 up to and including SW RN 05.002 / ARN 01.000.04 PLS62 up to and including SW RN 02.000 / ARN 01.000.04 | |||||
| CVE-2020-15639 | 1 Marvell | 1 Qconvergeconsole | 2020-09-03 | 10.0 HIGH | 9.8 CRITICAL |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Authentication is not required to exploit this vulnerability. The specific flaw exists within the decryptFile method of the FlashValidatorServiceImpl class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-10496. | |||||
| CVE-2020-3440 | 1 Cisco | 1 Webex Meetings | 2020-09-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| A vulnerability in Cisco Webex Meetings Desktop App for Windows could allow an unauthenticated, remote attacker to overwrite arbitrary files on an end-user system. The vulnerability is due to improper validation of URL parameters that are sent from a website to the affected application. An attacker could exploit this vulnerability by persuading a user to follow a URL to a website that is designed to submit crafted input to the affected application. A successful exploit could allow the attacker to overwrite arbitrary files on the affected system, possibly corrupting or deleting critical system files. | |||||
| CVE-2020-7376 | 1 Rapid7 | 1 Metasploit | 2020-09-02 | 10.0 HIGH | 9.8 CRITICAL |
| The Metasploit Framework module "post/osx/gather/enum_osx module" is affected by a relative path traversal vulnerability in the get_keychains method which can be exploited to write arbitrary files to arbitrary locations on the host filesystem when the module is run on a malicious host. | |||||
| CVE-2020-7377 | 1 Rapid7 | 1 Metasploit | 2020-09-01 | 5.0 MEDIUM | 7.5 HIGH |
| The Metasploit Framework module "auxiliary/admin/http/telpho10_credential_dump" module is affected by a relative path traversal vulnerability in the untar method which can be exploited to write arbitrary files to arbitrary locations on the host file system when the module is run on a malicious HTTP server. | |||||
| CVE-2020-12456 | 1 Mitel | 1 Mivoice Connect | 2020-09-01 | 6.5 MEDIUM | 8.8 HIGH |
| A remote code execution vulnerability in Mitel MiVoice Connect Client before 214.100.1223.0 could allow an attacker to execute arbitrary code in the chat notification window, due to improper rendering of chat messages. A successful exploit could allow an attacker to steal session cookies, perform directory traversal, and execute arbitrary scripts in the context of the Connect client. | |||||
| CVE-2020-16245 | 1 Advantech | 1 Iview | 2020-08-31 | 7.5 HIGH | 9.8 CRITICAL |
| Advantech iView, Versions 5.7 and prior. The affected product is vulnerable to path traversal vulnerabilities that could allow an attacker to create/download arbitrary files, limit system availability, and remotely execute code. | |||||
| CVE-2020-15640 | 1 Marvell | 1 Qconvergeconsole | 2020-08-28 | 5.0 MEDIUM | 7.5 HIGH |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole 5.5.0.64. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getFileUploadBytes method of the FlashValidatorServiceImpl class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-10497. | |||||
| CVE-2020-15641 | 1 Marvell | 1 Qconvergeconsole | 2020-08-28 | 5.0 MEDIUM | 7.5 HIGH |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole 5.5.0.64. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getFileUploadBytes method of the FlashValidatorServiceImpl class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-10499. | |||||
| CVE-2020-17387 | 1 Marvell | 1 Qconvergeconsole | 2020-08-28 | 9.0 HIGH | 8.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the writeObjectToConfigFile method of the GWTTestServiceImpl class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-10565. | |||||
| CVE-2020-17389 | 1 Marvell | 1 Qconvergeconsole | 2020-08-28 | 9.0 HIGH | 8.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the decryptFile method of the GWTTestServiceImpl class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-10502. | |||||
| CVE-2020-17385 | 1 Cellopoint | 1 Cellos | 2020-08-27 | 5.0 MEDIUM | 7.5 HIGH |
| Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL inputted properly, which allows unauthorized user to launch Path Traversal attack and access arbitrate file on the system. | |||||
| CVE-2020-24571 | 1 Nexusdb | 1 Nexusdb | 2020-08-26 | 5.0 MEDIUM | 7.5 HIGH |
| NexusQA NexusDB before 4.50.23 allows the reading of files via ../ directory traversal. | |||||
| CVE-2017-5541 | 1 Getsymphony | 1 Symphony | 2020-08-25 | 5.0 MEDIUM | 5.3 MEDIUM |
| Directory traversal vulnerability in template/usererror.missing_extension.php in Symphony CMS before 2.6.10 allows remote attackers to rename arbitrary files via a .. (dot dot) in the existing-folder and new-folder parameters. | |||||
| CVE-2010-2143 | 1 Getsymphony | 1 Symphony | 2020-08-25 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in index.php in Symphony CMS 2.0.7 allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the mode parameter. | |||||
| CVE-2020-19877 | 1 Dbhcms Project | 1 Dbhcms | 2020-08-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| DBHcms v1.2.0 has a directory traversal vulnerability as there is no directory control function in directory /dbhcms/. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information. | |||||
| CVE-2019-9960 | 1 Limesurvey | 1 Limesurvey | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| The downloadZip function in application/controllers/admin/export.php in LimeSurvey through 3.16.1+190225 allows a relative path. | |||||
| CVE-2018-16367 | 1 Qduoj | 1 Onlinejudge | 2020-08-24 | 9.0 HIGH | 9.9 CRITICAL |
| In OnlineJudge 2.0, the sandbox has an incorrect access control vulnerability that can write a file anywhere. A user can write a directory listing to /tmp, and can leak file data with a #include. | |||||
| CVE-2019-9854 | 6 Canonical, Debian, Fedoraproject and 3 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2020-08-24 | 6.8 MEDIUM | 7.8 HIGH |
| LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice install. Protection was added, to address CVE-2019-9852, to avoid a directory traversal attack where scripts in arbitrary locations on the file system could be executed by employing a URL encoding attack to defeat the path verification step. However this protection could be bypassed by taking advantage of a flaw in how LibreOffice assembled the final script URL location directly from components of the passed in path as opposed to solely from the sanitized output of the path verification step. This issue affects: Document Foundation LibreOffice 6.2 versions prior to 6.2.7; 6.3 versions prior to 6.3.1. | |||||