Total
6553 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-34298 | 2024-08-02 | N/A | ||
| Pulse Secure Client SetupService Directory Traversal Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Pulse Secure Client. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within SetupService. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service. Was ZDI-CAN-17687. | ||||
| CVE-2023-34238 | 1 Gatsbyjs | 1 Gatsby | 2024-08-02 | 4.3 Medium |
| Gatsby is a free and open source framework based on React. The Gatsby framework prior to versions 4.25.7 and 5.9.1 contain a Local File Inclusion vulnerability in the `__file-code-frame` and `__original-stack-frame` paths, exposed when running the Gatsby develop server (`gatsby develop`). Any file in scope of the development server could potentially be exposed. It should be noted that by default `gatsby develop` is only accessible via the localhost `127.0.0.1`, and one would need to intentionally expose the server to other interfaces to exploit this vulnerability by using server options such as `--host 0.0.0.0`, `-H 0.0.0.0`, or the `GATSBY_HOST=0.0.0.0` environment variable. A patch has been introduced in `gatsby@5.9.1` and `gatsby@4.25.7` which mitigates the issue. Users are advised to upgrade. Users unable to upgrade should avoid exposing their development server to the internet. | ||||
| CVE-2023-34135 | 1 Sonicwall | 2 Analytics, Global Management System | 2024-08-02 | 6.5 Medium |
| Path Traversal vulnerability in SonicWall GMS and Analytics allows a remote authenticated attacker to read arbitrary files from the underlying file system via web service. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions. | ||||
| CVE-2023-34129 | 1 Sonicwall | 2 Analytics, Global Management System | 2024-08-02 | 8.8 High |
| Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in SonicWall GMS and Analytics allows an authenticated remote attacker to traverse the directory and extract arbitrary files using Zip Slip method to any location on the underlying filesystem with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions. | ||||
| CVE-2023-34125 | 1 Sonicwall | 2 Analytics, Global Management System | 2024-08-02 | 6.5 Medium |
| Path Traversal vulnerability in GMS and Analytics allows an authenticated attacker to read arbitrary files from the underlying filesystem with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions. | ||||
| CVE-2023-34096 | 1 Thruk | 1 Thruk | 2024-08-02 | 6.5 Medium |
| Thruk is a multibackend monitoring webinterface which currently supports Naemon, Icinga, Shinken and Nagios as backends. In versions 3.06 and prior, the file `panorama.pm` is vulnerable to a Path Traversal vulnerability which allows an attacker to upload a file to any folder which has write permissions on the affected system. The parameter location is not filtered, validated or sanitized and it accepts any kind of characters. For a path traversal attack, the only characters required were the dot (`.`) and the slash (`/`). A fix is available in version 3.06.2. | ||||
| CVE-2023-33989 | 1 Sap | 1 Netweaver Bi Content | 2024-08-02 | 8.7 High |
| An attacker with non-administrative authorizations in SAP NetWeaver (BI CONT ADD ON) - versions 707, 737, 747, 757, can exploit a directory traversal flaw to over-write system files. Data from confidential files cannot be read but potentially some OS files can be over-written leading to system compromise. | ||||
| CVE-2023-33747 | 1 Mgt-commerce | 1 Cloudpanel | 2024-08-02 | 7.8 High |
| CloudPanel v2.2.2 allows attackers to execute a path traversal. | ||||
| CVE-2023-33777 | 1 Prestashop | 1 Amazon | 2024-08-02 | 5.3 Medium |
| An issue in /functions/fbaorder.php of Prestashop amazon before v5.2.24 allows attackers to execute a directory traversal attack. | ||||
| CVE-2023-33690 | 1 Sonicjs | 1 Sonicjs | 2024-08-02 | 6.5 Medium |
| SonicJS up to v0.7.0 allows attackers to execute an authenticated path traversal when an attacker injects special characters into the filename of a backup CMS. | ||||
| CVE-2023-33544 | 1 Hawt | 1 Hawtio | 2024-08-02 | 5.5 Medium |
| hawtio 2.17.2 is vulnerable to Path Traversal. it is possible to input malicious zip files, which can result in the high-risk files after decompression being stored in any location, even leading to file overwrite. | ||||
| CVE-2023-33524 | 1 Advent | 1 Tamale Rms | 2024-08-02 | 5.3 Medium |
| Advent/SSC Inc. Tamale RMS < 23.1 is vulnerable to Directory Traversal. If one traverses to the affected URL, one enumerates Contact information on the host which contains usernames, e-mail addresses, and other internal information stored within the web app. | ||||
| CVE-2023-33411 | 1 Supermicro | 724 B12dpe-6, B12dpe-6 Firmware, B12dpt-6 and 721 more | 2024-08-02 | 7.5 High |
| A web server in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions up to 3.17.02, allows remote unauthenticated users to perform directory traversal, potentially disclosing sensitive information. | ||||
| CVE-2023-33310 | 2024-08-02 | 6 Medium | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Valiano Unite Gallery Lite allows PHP Local File Inclusion.This issue affects Unite Gallery Lite: from n/a through 1.7.59. | ||||
| CVE-2023-33277 | 1 Gira | 2 Knx Ip Router, Knx Ip Router Firmware | 2024-08-02 | 7.5 High |
| The web interface of Gira Giersiepen Gira KNX/IP-Router 3.1.3683.0 and 3.3.8.0 allows a remote attacker to read sensitive files via directory-traversal sequences in the URL. | ||||
| CVE-2023-33177 | 1 Xibosignage | 1 Xibo | 2024-08-02 | 8.8 High |
| Xibo is a content management system (CMS). A path traversal vulnerability exists in the Xibo CMS whereby a specially crafted zip file can be uploaded to the CMS via the layout import function by an authenticated user which would allow creation of files outside of the CMS library directory as the webserver user. This can be used to upload a PHP webshell inside the web root directory and achieve remote code execution as the webserver user. Users should upgrade to version 2.3.17 or 3.3.5, which fix this issue. Customers who host their CMS with Xibo Signage have already received an upgrade or patch to resolve this issue regardless of the CMS version that they are running. | ||||
| CVE-2023-32985 | 1 Jenkins | 1 Sidebar Link | 2024-08-02 | 4.3 Medium |
| Jenkins Sidebar Link Plugin 2.2.1 and earlier does not restrict the path of files in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. | ||||
| CVE-2023-32767 | 1 Symcon | 1 Ip Symcon | 2024-08-02 | 7.5 High |
| The web interface of Symcon IP-Symcon before 6.3 (i.e., before 2023-05-12) allows a remote attacker to read sensitive files via .. directory-traversal sequences in the URL. | ||||
| CVE-2023-32623 | 1 2inc | 1 Snow Monkey Forms | 2024-08-02 | 9.1 Critical |
| Directory traversal vulnerability in Snow Monkey Forms v5.1.1 and earlier allows a remote unauthenticated attacker to delete arbitrary files on the server. | ||||
| CVE-2023-32608 | 1 Pleasanter | 1 Pleasanter | 2024-08-02 | 6.5 Medium |
| Directory traversal vulnerability in Pleasanter (Community Edition and Enterprise Edition) 1.3.39.2 and earlier versions allows a remote authenticated attacker to alter an arbitrary file on the server. | ||||