Total
6517 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2020-21522 | 1 Halo | 1 Halo | 2024-08-04 | 9.8 Critical |
An issue was discovered in halo V1.1.3. A Zip Slip Directory Traversal Vulnerability in the backend,the attacker can overwrite some files, such as ftl files, .bashrc files in the user directory, and finally get the permissions of the operating system. | ||||
CVE-2020-21642 | 1 Zohocorp | 1 Manageengine Analytics Plus | 2024-08-04 | 9.8 Critical |
Directory Traversal vulnerability ZDBQAREFSUBDIR parameter in /zropusermgmt API in Zoho ManageEngine Analytics Plus before 4350 allows remote attackers to run arbitrary code. | ||||
CVE-2020-21526 | 1 Halo | 1 Halo | 2024-08-04 | 9.8 Critical |
An Arbitrary file writing vulnerability in halo v1.1.3. In an interface to write files in the background, a directory traversal check is performed on the input path parameter, but the startsWith function can be used to bypass it. | ||||
CVE-2020-21527 | 1 Halo | 1 Halo | 2024-08-04 | 7.7 High |
There is an Arbitrary file deletion vulnerability in halo v1.1.3. A backup function in the background allows a user, when deleting their backup files, to delete any files on the system through directory traversal. | ||||
CVE-2020-21525 | 1 Halo | 1 Halo | 2024-08-04 | 7.5 High |
Halo V1.1.3 is affected by: Arbitrary File reading. In an interface that reads files in halo v1.1.3, a directory traversal check is performed on the input path parameter, but the startsWith function can be used to bypass it. | ||||
CVE-2020-21365 | 2 Debian, Wkhtmltopdf | 2 Debian Linux, Wkhtmltopdf | 2024-08-04 | 7.5 High |
Directory traversal vulnerability in wkhtmltopdf through 0.12.5 allows remote attackers to read local files and disclose sensitive information via a crafted html file running with the default configurations. | ||||
CVE-2020-21057 | 1 Fusionpbx | 1 Fusionpbx | 2024-08-04 | 8.1 High |
Directory Traversal vulnerability in FusionPBX 4.5.7, which allows a remote malicious user to delete folders on the system via the folder variable to app/edit/folderdelete.php. | ||||
CVE-2020-21244 | 1 Frontaccounting | 1 Frontaccounting | 2024-08-04 | 4.9 Medium |
An issue was discovered in FrontAccounting 2.4.7. There is a Directory Traversal vulnerability that can empty folder via admin/inst_lang.php. | ||||
CVE-2020-21056 | 1 Fusionpbx | 1 Fusionpbx | 2024-08-04 | 4.3 Medium |
Directory Traversal vulnerability exists in FusionPBX 4.5.7, which allows a remote malicious user to create folders via the folder variale to app\edit\foldernew.php. | ||||
CVE-2020-21055 | 1 Fusionpbx | 1 Fusionpbx | 2024-08-04 | 6.5 Medium |
A Directory Traversal vulnerability exists in FusionPBX 4.5.7 allows malicoius users to rename any file of the system.via the (1) folder, (2) filename, and (3) newfilename variables in app\edit\filerename.php. | ||||
CVE-2020-20907 | 2 Metinfo, Microsoft | 2 Metinfo, Windows | 2024-08-04 | 9.1 Critical |
MetInfo 7.0 beta is affected by a file modification vulnerability. Attackers can delete and modify ini files in app/system/language/admin/language_general.class.php and app/system/include/function/file.func.php. | ||||
CVE-2020-20944 | 1 Qibosoft | 1 Qibosoft | 2024-08-04 | 9.1 Critical |
An issue in /admin/index.php?lfj=mysql&action=del of Qibosoft v7 allows attackers to arbitrarily delete files. | ||||
CVE-2020-20277 | 1 Troglobit | 1 Uftpd | 2024-08-04 | 9.8 Critical |
There are multiple unauthenticated directory traversal vulnerabilities in different FTP commands in uftpd FTP server versions 2.7 to 2.10 due to improper implementation of a chroot jail in common.c's compose_abspath function that can be abused to read or write to arbitrary files on the filesystem, leak process memory, or potentially lead to remote code execution. | ||||
CVE-2020-20290 | 1 Yccms | 1 Yccms | 2024-08-04 | 7.5 High |
Directory traversal vulnerability in the yccms 3.3 project. The delete, deletesite, and deleteAll functions' improper judgment of the request parameters, triggers a directory traversal vulnerability. | ||||
CVE-2020-19877 | 1 Dbhcms Project | 1 Dbhcms | 2024-08-04 | 5.3 Medium |
DBHcms v1.2.0 has a directory traversal vulnerability as there is no directory control function in directory /dbhcms/. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information. | ||||
CVE-2020-20012 | 1 Sudytech | 1 Webplus Pro | 2024-08-04 | 9.8 Critical |
WebPlus Pro v1.4.7.8.4-01 is vulnerable to Incorrect Access Control. | ||||
CVE-2020-19902 | 1 Wcms | 1 Wcms | 2024-08-04 | 9.8 Critical |
Directory Traversal vulnerability found in Cryptoprof WCMS v.0.3.2 allows a remote attacker to execute arbitrary code via the wex/cssjs.php parameter. | ||||
CVE-2020-19858 | 1 Plutinosoft | 1 Platinum | 2024-08-04 | 7.5 High |
Platinum Upnp SDK through 1.2.0 has a directory traversal vulnerability. The attack could remote attack victim by sending http://ip:port/../privacy.avi URL to compromise a victim's privacy. | ||||
CVE-2020-19678 | 2 Oisf, Pfsense | 3 Suricata, Pfsense, Suricata Package | 2024-08-04 | 7.5 High |
Directory Traversal vulnerability found in Pfsense v.2.1.3 and Pfsense Suricata v.1.4.6 pkg v.1.0.1 allows a remote attacker to obtain sensitive information via the file parameter to suricata/suricata_logs_browser.php. | ||||
CVE-2020-19547 | 1 Popojicms | 1 Popojicms | 2024-08-04 | 6.5 Medium |
Directory Traversal vulnerability exists in PopojiCMS 2.0.1 via the id parameter in admin.php. |