Total
6516 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2020-10977 | 1 Gitlab | 1 Gitlab | 2024-08-04 | 5.5 Medium |
GitLab EE/CE 8.5 to 12.9 is vulnerable to a an path traversal when moving an issue between projects. | ||||
CVE-2020-9353 | 1 Smartclient | 1 Smartclient | 2024-08-04 | 7.5 High |
An issue was discovered in SmartClient 12.0. The Remote Procedure Call (RPC) loadFile provided by the console functionality on the /tools/developerConsoleOperations.jsp (or /isomorphic/IDACall) URL is affected by unauthenticated Local File Inclusion via directory-traversal sequences in the elem XML element in the _transaction parameter. NOTE: the documentation states "These tools are, by default, available to anyone ... so they should only be deployed into a trusted environment. Alternately, the tools can easily be restricted to administrators or end users by protecting the tools path with normal authentication and authorization mechanisms on the web server." | ||||
CVE-2020-10875 | 1 Zebra | 2 Fx9500, Fx9500 Firmware | 2024-08-04 | 7.5 High |
Motorola FX9500 devices allow remote attackers to conduct absolute path traversal attacks, as demonstrated by PL/SQL Server Pages files such as /include/viewtagdb.psp. | ||||
CVE-2020-10859 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-08-04 | 6.5 Medium |
Zoho ManageEngine Desktop Central before 10.0.484 allows authenticated arbitrary file writes during ZIP archive extraction via Directory Traversal in a crafted AppDependency API request. | ||||
CVE-2020-10794 | 1 Gira | 2 Tks-ip-gateway, Tks-ip-gateway Firmware | 2024-08-04 | 9.8 Critical |
Gira TKS-IP-Gateway 4.0.7.7 is vulnerable to unauthenticated path traversal that allows an attacker to download the application database. This can be combined with CVE-2020-10795 for remote root access. | ||||
CVE-2020-10696 | 2 Buildah Project, Redhat | 5 Buildah, Enterprise Linux, Openshift and 2 more | 2024-08-04 | 8.8 High |
A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user's system anywhere that the user has permissions. | ||||
CVE-2020-10691 | 1 Redhat | 2 Ansible Engine, Ansible Tower | 2024-08-04 | 5.2 Medium |
An archive traversal flaw was found in all ansible-engine versions 2.9.x prior to 2.9.7, when running ansible-galaxy collection install. When extracting a collection .tar.gz file, the directory is created without sanitizing the filename. An attacker could take advantage to overwrite any file within the system. | ||||
CVE-2020-10634 | 1 Sae-it | 2 Net-line Fw-50, Net-line Fw-50 Firmware | 2024-08-04 | 9.1 Critical |
SAE IT-systems FW-50 Remote Telemetry Unit (RTU). A specially crafted request could allow an attacker to view the file structure of the affected device and access files that should be inaccessible. | ||||
CVE-2020-10631 | 1 Advantech | 1 Webaccess\/nms | 2024-08-04 | 9.8 Critical |
An attacker could use a specially crafted URL to delete or read files outside the WebAccess/NMS's (versions prior to 3.0.2) control. | ||||
CVE-2020-10584 | 1 Invigo | 1 Automatic Device Management | 2024-08-04 | 7.5 High |
A directory traversal on the /admin/search_by.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote attackers to read arbitrary server files accessible to the user running the application. | ||||
CVE-2020-10619 | 1 Advantech | 1 Webaccess\/nms | 2024-08-04 | 9.1 Critical |
An attacker could use a specially crafted URL to delete files outside the WebAccess/NMS's (versions prior to 3.0.2) control. | ||||
CVE-2020-10564 | 1 Iptanus | 1 Wordpress File Upload | 2024-08-04 | 9.8 Critical |
An issue was discovered in the File Upload plugin before 4.13.0 for WordPress. A directory traversal can lead to remote code execution by uploading a crafted txt file into the lib directory, because of a wfu_include_lib call. | ||||
CVE-2020-10579 | 1 Invigo | 1 Automatic Device Management | 2024-08-04 | 7.5 High |
A directory traversal on the /admin/sysmon.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote attackers to list the content of arbitrary server directories accessible to the user running the application. | ||||
CVE-2020-10457 | 1 Chadhaajay | 1 Phpkb | 2024-08-04 | 2.7 Low |
Path Traversal in admin/imagepaster/image-renaming.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to rename any file on the webserver using a dot-dot-slash sequence (../) via the POST parameter imgName (for the new name) and imgUrl (for the current file to be renamed). | ||||
CVE-2020-10459 | 1 Chadhaajay | 1 Phpkb | 2024-08-04 | 2.7 Low |
Path Traversal in admin/assetmanager/assetmanager.php (vulnerable function saved in admin/assetmanager/functions.php) in Chadha PHPKB Standard Multi-Language 9 allows attackers to list the files that are stored on the webserver using a dot-dot-slash sequence (../) via the POST parameter inpCurrFolder. | ||||
CVE-2020-10458 | 1 Chadhaajay | 1 Phpkb | 2024-08-04 | 6.5 Medium |
Path Traversal in admin/imagepaster/operations.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete any folder on the webserver using a dot-dot-slash sequence (../) via the GET parameter crdir, when the GET parameter action is set to df, causing a Denial of Service. | ||||
CVE-2020-10366 | 1 Logicaldoc | 1 Logicaldoc | 2024-08-04 | 7.5 High |
LogicalDoc before 8.3.3 allows /servlet.gupld Directory Traversal, a different vulnerability than CVE-2020-9423 and CVE-2020-10365. | ||||
CVE-2020-10387 | 1 Chadhaajay | 1 Phpkb | 2024-08-04 | 4.9 Medium |
Path Traversal in admin/download.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to download files from the server using a dot-dot-slash sequence (../) via the GET parameter file. | ||||
CVE-2020-10086 | 1 Gitlab | 1 Gitlab | 2024-08-04 | 5.3 Medium |
GitLab 10.4 through 12.8.1 allows Directory Traversal. A particular endpoint was vulnerable to a directory traversal vulnerability, leading to arbitrary file read. | ||||
CVE-2020-10010 | 1 Apple | 5 Ipados, Iphone Os, Mac Os X and 2 more | 2024-08-04 | 7.8 High |
A path handling issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. A local attacker may be able to elevate their privileges. |