Total
6520 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2021-45783 | 1 Bookeen | 2 Notea, Notea Firmware | 2024-08-04 | 4.6 Medium |
Bookeen Notea Firmware BK_R_1.0.5_20210608 is affected by a directory traversal vulnerability that allows an attacker to obtain sensitive information. | ||||
CVE-2021-45746 | 1 Webank | 1 Wecube | 2024-08-04 | 7.5 High |
A Directory Traversal vulnerability exists in WeBankPartners wecube-platform 3.2.1 via the file variable in PluginPackageController.java. | ||||
CVE-2021-45452 | 3 Djangoproject, Fedoraproject, Redhat | 4 Django, Fedora, Satellite and 1 more | 2024-08-04 | 5.3 Medium |
Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1 allows directory traversal if crafted filenames are directly passed to it. | ||||
CVE-2021-45448 | 1 Hitachi | 1 Vantara Pentaho | 2024-08-04 | 7.1 High |
Pentaho Business Analytics Server versions before 9.2.0.2 and 8.3.0.25 using the Pentaho Analyzer plugin exposes a service endpoint for templates which allows a user-supplied path to access resources that are out of bounds. The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. By using special elements such as ".." and "/" separators, attackers can escape outside of the restricted location to access files or directories that are elsewhere on the system. | ||||
CVE-2021-45427 | 1 Emerson | 2 Xweb300d Evo, Xweb300d Evo Firmware | 2024-08-04 | 9.8 Critical |
Emerson XWEB 300D EVO 3.0.7--3ee403 is affected by: unauthenticated arbitrary file deletion due to path traversal. An attacker can browse and delete files without any authentication due to incorrect access control and directory traversal. | ||||
CVE-2021-45418 | 1 Starcharge | 4 Nova 360 Cabinet, Nova 360 Cabinet Firmware, Titan 180 Premium and 1 more | 2024-08-04 | 8.8 High |
Certain Starcharge products are vulnerable to Directory Traversal via main.cgi. The affected products include: Nova 360 Cabinet <=1.3.0.0.6 - Fixed: 1.3.0.0.9 and Titan 180 Premium <=1.3.0.0.7b102 - Fixed: Beta1.3.0.1.0. | ||||
CVE-2021-45286 | 1 Zzcms | 1 Zzcms | 2024-08-04 | 5.3 Medium |
Directory Traversal vulnerability exists in ZZCMS 2021 via the skin parameter in 1) index.php, 2) bottom.php, and 3) top_index.php. | ||||
CVE-2021-45015 | 1 Taogogo | 1 Taocms | 2024-08-04 | 9.1 Critical |
taocms 3.0.2 is vulnerable to arbitrary file deletion via taocms\include\Model\file.php from line 60 to line 72. | ||||
CVE-2021-45010 | 1 Tiny File Manager Project | 1 Tiny File Manager | 2024-08-04 | 8.8 High |
A path traversal vulnerability in the file upload functionality in tinyfilemanager.php in Tiny File Manager before 2.4.7 allows remote attackers (with valid user accounts) to upload malicious PHP files to the webroot, leading to code execution. | ||||
CVE-2021-45043 | 1 Hd-network Real-time Monitoring System Project | 1 Hd-network Real-time Monitoring System | 2024-08-04 | 7.5 High |
HD-Network Real-time Monitoring System 2.0 allows ../ directory traversal to read /etc/shadow via the /language/lang s_Language parameter. | ||||
CVE-2021-44977 | 1 Idreamsoft | 1 Icms | 2024-08-04 | 7.5 High |
In iCMS <=8.0.0, a directory traversal vulnerability allows an attacker to read arbitrary files. | ||||
CVE-2021-44965 | 1 Phpgurukul | 1 Employee Record Management System | 2024-08-04 | 7.5 High |
Directory traversal vulnerability in /admin/includes/* directory for PHPGURUKUL Employee Record Management System 1.2 The attacker can retrieve and download sensitive information from the vulnerable server. | ||||
CVE-2021-44737 | 1 Lexmark | 467 6500e, 6500e Firmware, B2236 and 464 more | 2024-08-04 | 8.8 High |
PJL directory traversal vulnerability in Lexmark devices through 2021-12-07 that can be leveraged to overwrite internal configuration files. | ||||
CVE-2021-44725 | 1 Knime | 1 Knime Server | 2024-08-04 | 7.5 High |
KNIME Server before 4.13.4 allows directory traversal in a request for a client profile. | ||||
CVE-2021-44548 | 2 Apache, Microsoft | 2 Solr, Windows | 2024-08-04 | 9.8 Critical |
An Improper Input Validation vulnerability in DataImportHandler of Apache Solr allows an attacker to provide a Windows UNC path resulting in an SMB network call being made from the Solr host to another host on the network. If the attacker has wider access to the network, this may lead to SMB attacks, which may result in: * The exfiltration of sensitive data such as OS user hashes (NTLM/LM hashes), * In case of misconfigured systems, SMB Relay Attacks which can lead to user impersonation on SMB Shares or, in a worse-case scenario, Remote Code Execution This issue affects all Apache Solr versions prior to 8.11.1. This issue only affects Windows. | ||||
CVE-2021-44665 | 1 Xerte | 1 Xerte | 2024-08-04 | 6.5 Medium |
A Directory Traversal vulnerability exists in the Xerte Project Xerte through 3.10.3 when downloading a project file via download.php. | ||||
CVE-2021-44674 | 1 Opmantek | 1 Open-audit | 2024-08-04 | 6.5 Medium |
An information exposure issue has been discovered in Opmantek Open-AudIT 4.2.0. The vulnerability allows an authenticated attacker to read file outside of the restricted directory. | ||||
CVE-2021-44664 | 1 Xerte | 1 Xerte | 2024-08-04 | 8.8 High |
An Authenticated Remote Code Exection (RCE) vulnerability exists in Xerte through 3.9 in website_code/php/import/fileupload.php by uploading a maliciously crafted PHP file though the project interface disguised as a language file to bypasses the upload filters. Attackers can manipulate the files destination by abusing path traversal in the 'mediapath' variable. | ||||
CVE-2021-44519 | 1 Citrix | 1 Xenmobile Server | 2024-08-04 | 8.8 High |
In Citrix XenMobile Server through 10.12 RP9, there is an Authenticated Directory Traversal vulnerability, leading to remote code execution. | ||||
CVE-2021-44586 | 1 Dst-admin Project | 1 Dst-admin | 2024-08-04 | 7.5 High |
An issue was discovered in dst-admin v1.3.0. The product has an unauthorized arbitrary file download vulnerability that can expose sensitive information. |