Total
6518 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-5804 | 1 Marvell | 1 Qconvergeconslole Gui | 2024-08-04 | 8.1 High |
| Marvell QConvergeConsole GUI <= 5.5.0.74 is affected by a path traversal vulnerability. The deleteEventLogFile method of the GWTTestServiceImpl class lacks proper validation of a user-supplied path prior to using it in file deletion operations. An authenticated, remote attacker can leverage this vulnerability to delete arbitrary remote files as SYSTEM or root. | ||||
| CVE-2020-5840 | 1 Hashbrowncms | 1 Hashbrown Cms | 2024-08-04 | 7.5 High |
| An issue was discovered in HashBrown CMS before 1.3.2. Server/Entity/Resource/Connection.js allows an attacker to reach a parent directory via a crafted name or ID field. | ||||
| CVE-2020-5788 | 1 Teltonika-networks | 2 Trb245, Trb245 Firmware | 2024-08-04 | 6.5 Medium |
| Relative Path Traversal in Teltonika firmware TRB2_R_00.02.04.3 allows a remote, authenticated attacker to delete arbitrary files on disk via the admin/system/admin/certificates/delete action. | ||||
| CVE-2020-5787 | 1 Teltonika-networks | 2 Trb245, Trb245 Firmware | 2024-08-04 | 6.5 Medium |
| Relative Path Traversal in Teltonika firmware TRB2_R_00.02.04.3 allows a remote, authenticated attacker to delete arbitrary files on disk via the admin/services/packages/remove action. | ||||
| CVE-2020-5811 | 1 Umbraco | 1 Umbraco Cms | 2024-08-04 | 6.5 Medium |
| An authenticated path traversal vulnerability exists during package installation in Umbraco CMS <= 8.9.1 or current, which could result in arbitrary files being written outside of the site home and expected paths when installing an Umbraco package. | ||||
| CVE-2020-5789 | 1 Teltonika-networks | 2 Trb245, Trb245 Firmware | 2024-08-04 | 6.5 Medium |
| Relative Path Traversal in Teltonika firmware TRB2_R_00.02.04.3 allows a remote, authenticated attacker to read the contents of arbitrary files on disk. | ||||
| CVE-2020-5803 | 1 Marvell | 1 Qconvergeconsole | 2024-08-04 | 8.1 High |
| Relative Path Traversal in Marvell QConvergeConsole GUI 5.5.0.74 allows a remote, authenticated attacker to delete arbitrary files on disk as SYSTEM or root. | ||||
| CVE-2020-5764 | 1 Mxplayer | 1 Mx Player | 2024-08-04 | 8.8 High |
| MX Player Android App versions prior to v1.24.5, are vulnerable to a directory traversal vulnerability when user is using the MX Transfer feature in "Receive" mode. An attacker can exploit this by connecting to the MX Transfer session as a "sender" and sending a MessageType of "FILE_LIST" with a "name" field containing directory traversal characters (../). This will result in the file being transferred to the victim's phone, but being saved outside of the intended "/sdcard/MXshare" directory. In some instances, an attacker can achieve remote code execution by writing ".odex" and ".vdex" files in the "oat" directory of the MX Player application. | ||||
| CVE-2020-5834 | 1 Symantec | 1 Endpoint Protection Manager | 2024-08-04 | 5.3 Medium |
| Symantec Endpoint Protection Manager, prior to 14.3, may be susceptible to a directory traversal attack that could allow a remote actor to determine the size of files in the directory. | ||||
| CVE-2020-5752 | 1 Druva | 1 Insync Client | 2024-08-04 | 7.8 High |
| Relative path traversal in Druva inSync Windows Client 6.6.3 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges. | ||||
| CVE-2020-5683 | 1 Weseek | 1 Growi | 2024-08-04 | 7.5 High |
| Directory traversal vulnerability in GROWI versions prior to v4.2.3 (v4.2 Series), GROWI versions prior to v4.1.12 (v4.1 Series), and GROWI v3 series and earlier GROWI versions prior to v4.2.3 (v4.2 Series), GROWI versions prior to v4.1.12 (v4.1 Series), and GROWI v3 series and earlier allows remote attackers to alter the data by uploading a specially crafted file. | ||||
| CVE-2020-5744 | 1 Tecnick | 1 Tcexam | 2024-08-04 | 4.9 Medium |
| Relative Path Traversal in TCExam 14.2.2 allows a remote, authenticated attacker to read the contents of arbitrary files on disk. | ||||
| CVE-2020-5720 | 1 Mikrotik | 1 Winbox | 2024-08-04 | 5.9 Medium |
| MikroTik WinBox before 3.21 is vulnerable to a path traversal vulnerability that allows creation of arbitrary files wherevere WinBox has write permissions. WinBox is vulnerable to this attack if it connects to a malicious endpoint or if an attacker mounts a man in the middle attack. | ||||
| CVE-2020-5639 | 1 Soliton | 1 Filezen | 2024-08-04 | 9.8 Critical |
| Directory traversal vulnerability in FileZen versions from V3.0.0 to V4.2.2 allows remote attackers to upload an arbitrary file in a specific directory via unspecified vectors. As a result, an arbitrary OS command may be executed. | ||||
| CVE-2020-5581 | 1 Cybozu | 1 Garoon | 2024-08-04 | 6.5 Medium |
| Path traversal vulnerability in Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to obtain unintended information via unspecified vectors. | ||||
| CVE-2020-5554 | 1 Shihonkanri Plus Goout Project | 1 Shihonkanri Plus Goout | 2024-08-04 | 9.1 Critical |
| Directory traversal vulnerability in Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers to read and write arbitrary files via unspecified vectors. | ||||
| CVE-2020-5609 | 1 Yokogawa | 8 B\/m9000cs, B\/m9000cs Firmware, B\/m9000vp and 5 more | 2024-08-04 | 9.8 Critical |
| Directory traversal vulnerability in CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to create or overwrite arbitrary files and run arbitrary commands via unspecified vectors. | ||||
| CVE-2020-5588 | 1 Cybozu | 1 Garoon | 2024-08-04 | 4.9 Medium |
| Path traversal vulnerability in Cybozu Garoon 5.0.0 to 5.0.1 allows attacker with administrator rights to obtain unintended information via unspecified vectors. | ||||
| CVE-2020-5605 | 1 Buffalo | 2 Airstation Whr-g54s, Airstation Whr-g54s Firmware | 2024-08-04 | 4.3 Medium |
| Directory traversal vulnerability in WHR-G54S firmware 1.43 and earlier allows an attacker to access sensitive information such as setting values via unspecified vectors. | ||||
| CVE-2020-5614 | 1 Kujirahand | 1 Konawiki | 2024-08-04 | 5.3 Medium |
| Directory traversal vulnerability in KonaWiki 3.1.0 and earlier allows remote attackers to read arbitrary files via unspecified vectors. | ||||