Total
6853 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-33502 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2025-01-21 | 6.4 Medium |
An improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiManager, FortiAnalyzer versions 7.4.0 through 7.4.2 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.12 and 6.4.0 through 6.4.14 and 6.2.0 through 6.2.12 and 6.0.0 through 6.0.12 allows attacker to execute unauthorized code or commands via crafted HTTP or HTTPs requests. | ||||
CVE-2021-26102 | 1 Fortinet | 1 Fortiwan | 2025-01-21 | 9.8 Critical |
A relative path traversal vulnerability (CWE-23) in FortiWAN version 4.5.7 and below, 4.4 all versions may allow a remote non-authenticated attacker to delete files on the system by sending a crafted POST request. In particular, deleting specific configuration files will reset the Admin password to its default value. | ||||
CVE-2024-45652 | 1 Ibm | 1 Maximo Asset Management | 2025-01-21 | 6.5 Medium |
IBM Maximo MXAPIASSET API 7.6.1.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. | ||||
CVE-2023-31904 | 1 Savysoda | 1 Wifi Hd Wireless Disk Drive | 2025-01-21 | 7.5 High |
savysoda Wifi HD Wireless Disk Drive 11 is vulnerable to Local File Inclusion. | ||||
CVE-2023-30199 | 1 Webbax | 1 Customexporter | 2025-01-21 | 7.5 High |
Prestashop customexporter <= 1.7.20 is vulnerable to Incorrect Access Control via modules/customexporter/downloads/download.php. | ||||
CVE-2024-49082 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-01-21 | 6.8 Medium |
Windows File Explorer Information Disclosure Vulnerability | ||||
CVE-2024-25154 | 1 Fortra | 1 Filecatalyst Direct | 2025-01-21 | 5.3 Medium |
Improper URL validation leads to path traversal in FileCatalyst Direct 3.8.8 and earlier allowing an encoded payload to cause the web server to return files located outside of the web root which may lead to data leakage. | ||||
CVE-2023-6825 | 1 Mndpsingh287 | 1 File Manager | 2025-01-21 | 9.9 Critical |
The File Manager and File Manager Pro plugins for WordPress are vulnerable to Directory Traversal in versions up to, and including version 7.2.1 (free version) and 8.3.4 (Pro version) via the target parameter in the mk_file_folder_manager_action_callback_shortcode function. This makes it possible for attackers to read the contents of arbitrary files on the server, which can contain sensitive information and to upload files into directories other than the intended directory for file uploads. The free version requires Administrator access for this vulnerability to be exploitable. The Pro version allows a file manager to be embedded via a shortcode and also allows admins to grant file handling privileges to other user levels, which could lead to this vulnerability being exploited by lower-level users. | ||||
CVE-2024-28976 | 1 Dell | 1 Repository Manager | 2025-01-21 | 8.8 High |
Dell Repository Manager, versions prior to 3.4.5, contains a Path Traversal vulnerability in API module. A local attacker with low privileges could potentially exploit this vulnerability to gain unauthorized write access to the files stored on the server filesystem with the privileges of the running web application. | ||||
CVE-2024-28977 | 1 Dell | 1 Repository Manager | 2025-01-21 | 3.3 Low |
Dell Repository Manager, versions 3.4.2 through 3.4.4,contains a Path Traversal vulnerability in logger module. A local attacker with low privileges could potentially exploit this vulnerability to gain unauthorized read access to the files stored on the server filesystem with the privileges of the running web application. | ||||
CVE-2024-27764 | 1 Jeewms | 1 Jeewms | 2025-01-21 | 9.8 Critical |
An issue in Jeewms v.3.7 and before allows a remote attacker to escalate privileges via the AuthInterceptor component. | ||||
CVE-2024-22723 | 1 Webtrees | 1 Webtrees | 2025-01-21 | 4.9 Medium |
Webtrees 2.1.18 is vulnerable to Directory Traversal. By manipulating the "media_folder" parameter in the URL, an attacker (in this case, an administrator) can navigate beyond the intended directory (the 'media/' directory) to access sensitive files in other parts of the application's file system. | ||||
CVE-2024-28222 | 1 Veritas | 2 Netbackup, Netbackup Appliance | 2025-01-21 | 9.8 Critical |
In Veritas NetBackup before 8.1.2 and NetBackup Appliance before 3.1.2, the BPCD process inadequately validates the file path, allowing an unauthenticated attacker to upload and execute a custom file. | ||||
CVE-2025-24019 | 2025-01-21 | 7.1 High | ||
YesWiki is a wiki system written in PHP. In versions up to and including 4.4.5, it is possible for any authenticated user, through the use of the filemanager to delete any file owned by the user running the FastCGI Process Manager (FPM) on the host without any limitation on the filesystem's scope. This vulnerability allows any authenticated user to arbitrarily remove content from the Wiki resulting in partial loss of data and defacement/deterioration of the website. In the context of a container installation of YesWiki without any modification, the `yeswiki` files (for example .php) are not owned by the same user (root) as the one running the FPM process (www-data). However in a standard installation, www-data may also be the owner of the PHP files, allowing a malicious user to completely cut the access to the wiki by deleting all important PHP files (like index.php or core files of YesWiki). Version 4.5.0 contains a patch for this issue. | ||||
CVE-2024-3484 | 1 Microfocus | 1 Imanager | 2025-01-21 | 5.7 Medium |
Path Traversal found in OpenText™ iManager 3.2.6.0200. This can lead to privilege escalation or file disclosure. | ||||
CVE-2010-0481 | 1 Microsoft | 3 Windows 7, Windows Server 2008, Windows Vista | 2025-01-21 | 5.5 Medium |
The kernel in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly translate a registry key's virtual path to its real path, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Virtual Path Parsing Vulnerability." | ||||
CVE-2024-27765 | 1 Jeewms | 1 Jeewms | 2025-01-21 | 7.5 High |
Directory Traversal vulnerability in Jeewms v.3.7 and before allows a remote attacker to obtain sensitive information via the cgformTemplateController component. | ||||
CVE-2009-1936 | 1 Cpcommerce Project | 1 Cpcommerce | 2025-01-21 | 9.8 Critical |
_functions.php in cpCommerce 1.2.x, possibly including 1.2.9, sends a redirect but does not exit when it is called directly, which allows remote attackers to bypass a protection mechanism to conduct remote file inclusion and directory traversal attacks, execute arbitrary PHP code, or read arbitrary files via the GLOBALS[prefix] parameter, a different vector than CVE-2003-1500. | ||||
CVE-2020-20012 | 1 Sudytech | 1 Webplus Pro | 2025-01-21 | 9.8 Critical |
WebPlus Pro v1.4.7.8.4-01 is vulnerable to Incorrect Access Control. | ||||
CVE-2025-0614 | 2025-01-21 | 5.3 Medium | ||
Input validation vulnerability in Qualifio's Wheel of Fortune. This vulnerability could allow an attacker to modify a single email to contain upper and lower case characters in order to access the application and win prizes as many times as wanted. |