Total
6516 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2020-13158 | 1 Articatech | 1 Artica Proxy | 2024-08-04 | 7.5 High |
Artica Proxy before 4.30.000000 Community Edition allows Directory Traversal via the fw.progrss.details.php popup parameter. | ||||
CVE-2020-13093 | 1 Ispyconnect | 1 Agent Dvr | 2024-08-04 | 5.3 Medium |
iSpyConnect.com Agent DVR before 2.7.1.0 allows directory traversal. | ||||
CVE-2020-12851 | 1 Pydio | 1 Cells | 2024-08-04 | 8.1 High |
Pydio Cells 2.0.4 allows an authenticated user to write or overwrite existing files in another user’s personal and cells folders (repositories) by uploading a custom generated ZIP file and leveraging the file extraction feature present in the web application. The extracted files will be placed in the targeted user folders. | ||||
CVE-2020-12765 | 1 Solis | 1 Miolo | 2024-08-04 | 5.3 Medium |
Solis Miolo 2.0 allows index.php?module=install&action=view&item= Directory Traversal. | ||||
CVE-2020-12832 | 1 Simplefilelist | 1 Simple-file-list | 2024-08-04 | 9.8 Critical |
WordPress Plugin Simple File List before 4.2.8 is prone to a vulnerability that lets attackers delete arbitrary files because the application fails to properly verify user-supplied input. | ||||
CVE-2020-12764 | 1 Solis | 1 Gnuteca | 2024-08-04 | 5.3 Medium |
Gnuteca 3.8 allows file.php?folder=/&file= Directory Traversal. | ||||
CVE-2020-12827 | 1 Mjml | 1 Mjml | 2024-08-04 | 7.2 High |
MJML prior to 4.6.3 contains a path traversal vulnerability when processing the mj-include directive within an MJML document. | ||||
CVE-2020-12737 | 1 Maxum | 1 Rumpus | 2024-08-04 | 6.5 Medium |
An issue was discovered in Maxum Rumpus before 8.2.12 on macOS. Authenticated users can perform a path traversal using double escaped characters, enabling read access to arbitrary files on the server. | ||||
CVE-2020-12649 | 1 Gurbalib Project | 1 Gurbalib | 2024-08-04 | 7.5 High |
Gurbalib through 2020-04-30 allows lib/cmds/player/help.c directory traversal for reading administrative paths. | ||||
CVE-2020-12640 | 2 Opensuse, Roundcube | 3 Backports Sle, Leap, Webmail | 2024-08-04 | 9.8 Critical |
Roundcube Webmail before 1.4.4 allows attackers to include local files and execute code via directory traversal in a plugin name to rcube_plugin_api.php. | ||||
CVE-2020-12475 | 1 Tp-link | 1 Omada Controller | 2024-08-04 | 5.5 Medium |
TP-Link Omada Controller Software 3.2.6 allows Directory Traversal for reading arbitrary files via com.tp_link.eap.web.portal.PortalController.getAdvertiseFile in /opt/tplink/EAPController/lib/eap-web-3.2.6.jar. | ||||
CVE-2020-12509 | 1 Badgermeter | 1 Moni\ | 2024-08-04 | 7.5 High |
In s::can moni::tools in versions below 4.2 an unauthenticated attacker could get any file from the device by path traversal in the camera-file module. | ||||
CVE-2020-12479 | 1 Teampass | 1 Teampass | 2024-08-04 | 8.8 High |
TeamPass 2.1.27.36 allows any authenticated TeamPass user to trigger a PHP file include vulnerability via a crafted HTTP request with sources/users.queries.php newValue directory traversal. | ||||
CVE-2020-12448 | 1 Gitlab | 1 Gitlab | 2024-08-04 | 5.3 Medium |
GitLab EE 12.8 and later allows Exposure of Sensitive Information to an Unauthorized Actor via NuGet. | ||||
CVE-2020-12508 | 1 Badgermeter | 1 Moni\ | 2024-08-04 | 7.5 High |
In s::can moni::tools in versions below 4.2 an unauthenticated attacker could get any file from the device by path traversal in the image-relocator module. | ||||
CVE-2020-12443 | 1 Bigbluebutton | 1 Bigbluebutton | 2024-08-04 | 9.8 Critical |
BigBlueButton before 2.2.6 allows remote attackers to read arbitrary files because the presfilename (lowercase) value can be a .pdf filename while the presFilename (mixed case) value has a ../ sequence. This can be leveraged for privilege escalation via a directory traversal to bigbluebutton.properties. NOTE: this issue exists because of an ineffective mitigation to CVE-2020-12112 in which there was an attempted fix within an NGINX configuration file, without considering that the relevant part of NGINX is case-insensitive. | ||||
CVE-2020-12456 | 1 Mitel | 1 Mivoice Connect | 2024-08-04 | 8.8 High |
A remote code execution vulnerability in Mitel MiVoice Connect Client before 214.100.1223.0 could allow an attacker to execute arbitrary code in the chat notification window, due to improper rendering of chat messages. A successful exploit could allow an attacker to steal session cookies, perform directory traversal, and execute arbitrary scripts in the context of the Connect client. | ||||
CVE-2020-12447 | 1 Onkyo | 2 Tx-nr585, Tx-nr585 Firmware | 2024-08-04 | 7.5 High |
A Local File Inclusion (LFI) issue on Onkyo TX-NR585 1000-0000-000-0008-0000 devices allows remote unauthenticated users on the network to read sensitive files via %2e%2e%2f directory traversal, as demonstrated by reading /etc/shadow. | ||||
CVE-2020-12392 | 3 Canonical, Mozilla, Redhat | 7 Ubuntu Linux, Firefox, Firefox Esr and 4 more | 2024-08-04 | 5.5 Medium |
The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP POST data of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in the disclosure of local files. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0. | ||||
CVE-2020-12415 | 2 Mozilla, Opensuse | 2 Firefox, Leap | 2024-08-04 | 6.5 Medium |
When "%2F" was present in a manifest URL, Firefox's AppCache behavior may have become confused and allowed a manifest to be served from a subdirectory. This could cause the appcache to be used to service requests for the top level directory. This vulnerability affects Firefox < 78. |