Total
6432 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-33165 | 1 Ibm | 1 Security Directory Integrator | 2024-09-17 | 6.8 Medium |
IBM Security Directory Server 6.4.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 228582. | ||||
CVE-2023-43121 | 1 Extremenetworks | 1 Exos | 2024-09-17 | 7.5 High |
A Directory Traversal vulnerability discovered in Chalet application in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, before 22.7, and before 31.7.2 allows attackers to read arbitrary files. | ||||
CVE-2024-38878 | 1 Siemens | 1 Omnivise T3000 Application Server | 2024-09-17 | 7.2 High |
A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 R8.2 SP3 (All versions), Omnivise T3000 R8.2 SP4 (All versions). Affected devices allow authenticated users to export diagnostics data. The corresponding API endpoint is susceptible to path traversal and could allow an authenticated attacker to download arbitrary files from the file system. | ||||
CVE-2024-6791 | 1 Ni | 1 Veristand | 2024-09-17 | 7.8 High |
A directory path traversal vulnerability exists when loading a vsmodel file in NI VeriStand that may result in remote code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .vsmodel file. This vulnerability affects VeriStand 2024 Q2 and prior versions. | ||||
CVE-2021-26725 | 1 Nozominetworks | 2 Central Management Control, Guardian | 2024-09-17 | 7.2 High |
Path Traversal vulnerability when changing timezone using web GUI of Nozomi Networks Guardian, CMC allows an authenticated administrator to read-protected system files. This issue affects: Nozomi Networks Guardian 20.0.7.3 version 20.0.7.3 and prior versions. Nozomi Networks CMC 20.0.7.3 version 20.0.7.3 and prior versions. | ||||
CVE-2023-46122 | 1 Scala-sbt | 2 Io, Sbt | 2024-09-17 | 3.9 Low |
sbt is a build tool for Scala, Java, and others. Given a specially crafted zip or JAR file, `IO.unzip` allows writing of arbitrary file. This would have potential to overwrite `/root/.ssh/authorized_keys`. Within sbt's main code, `IO.unzip` is used in `pullRemoteCache` task and `Resolvers.remote`; however many projects use `IO.unzip(...)` directly to implement custom tasks. This vulnerability has been patched in version 1.9.7. | ||||
CVE-2023-37532 | 1 Hcltech | 1 Commerce | 2024-09-17 | 5.8 Medium |
HCL Commerce Remote Store server could allow a remote attacker, using a specially-crafted URL, to read arbitrary files on the system. | ||||
CVE-2022-38484 | 1 Agevolt | 1 Agevolt | 2024-09-17 | 8.8 High |
An arbitrary file upload and directory traversal vulnerability exist in the file upload functionality of the System Setup menu in AgeVolt Portal prior to version 0.1. A remote authenticated attacker could leverage this vulnerability to upload files to any location on the target operating system with web server privileges. | ||||
CVE-2022-38485 | 1 Agevolt | 1 Agevolt | 2024-09-17 | 6.5 Medium |
A directory traversal vulnerability exists in the AgeVolt Portal prior to version 0.1 that leads to Information Disclosure. A remote authenticated attacker could leverage this vulnerability to read files from any location on the target operating system with web server privileges. | ||||
CVE-2023-42488 | 1 Busbaer | 1 Eisbaer Scada | 2024-09-17 | 7.5 High |
EisBaer Scada - CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | ||||
CVE-2023-45855 | 1 Qdpm | 1 Qdpm | 2024-09-17 | 7.5 High |
qdPM 9.2 allows Directory Traversal to list files and directories by navigating to the /uploads URI. | ||||
CVE-2024-8865 | 2 Composio, Composiohq | 2 Composio, Composio | 2024-09-17 | 3.5 Low |
A vulnerability was found in composiohq composio up to 0.5.8 and classified as problematic. Affected by this issue is the function path of the file composio\server\api.py. The manipulation of the argument file leads to path traversal. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
CVE-2018-1000647 | 1 Librehealth | 1 Librehealth Ehr | 2024-09-17 | N/A |
LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Deletion vulnerability in Import template that can result in Denial of service. This attack appear to be exploitable via User controlled parameter. | ||||
CVE-2019-5624 | 1 Rapid7 | 1 Metasploit | 2024-09-17 | 7.3 High |
Rapid7 Metasploit Framework suffers from an instance of CWE-22, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in the Zip import function of Metasploit. Exploiting this vulnerability can allow an attacker to execute arbitrary code in Metasploit at the privilege level of the user running Metasploit. This issue affects: Rapid7 Metasploit Framework version 4.14.0 and prior versions. | ||||
CVE-2018-8041 | 2 Apache, Redhat | 2 Camel, Jboss Fuse | 2024-09-17 | N/A |
Apache Camel's Mail 2.20.0 through 2.20.3, 2.21.0 through 2.21.1 and 2.22.0 is vulnerable to path traversal. | ||||
CVE-2020-3252 | 1 Cisco | 2 Ucs Director, Ucs Director Express For Big Data | 2024-09-17 | 6.5 Medium |
Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | ||||
CVE-2018-9445 | 1 Google | 1 Android | 2024-09-17 | N/A |
In readMetadata of Utils.cpp, there is a possible path traversal bug due to a confused deputy. This could lead to local escalation of privilege when mounting a USB device with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-80436257. | ||||
CVE-2016-10561 | 1 Bitty Project | 1 Bitty | 2024-09-17 | N/A |
Bitty is a development web server tool that functions similar to `python -m SimpleHTTPServer`. Version 0.2.10 has a directory traversal vulnerability that is exploitable via the URL path in GET requests. | ||||
CVE-2011-2653 | 1 Novell | 1 Zenworks Asset Management | 2024-09-17 | N/A |
Directory traversal vulnerability in the rtrlet component in Novell ZENworks Asset Management (ZAM) 7.5 allows remote attackers to execute arbitrary code by uploading an executable file. | ||||
CVE-2018-0426 | 1 Cisco | 6 Rv110w Firmware, Rv110w Wireless-n Vpn Firewall, Rv130w and 3 more | 2024-09-17 | N/A |
A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of directory traversal character sequences within the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to the targeted device. A successful exploit could allow the attacker to gain access to arbitrary files on the affected device, resulting in the disclosure of sensitive information. |