Total
6458 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-6190 | 1 Ikcu | 1 University Information Management System | 2024-09-09 | 6.5 Medium |
Improper Input Validation vulnerability in İzmir Katip Çelebi University University Information Management System allows Absolute Path Traversal.This issue affects University Information Management System: before 30.11.2023. | ||||
CVE-2023-7114 | 1 Mattermost | 1 Mattermost | 2024-09-09 | 7.1 High |
Mattermost version 2.10.0 and earlier fails to sanitize deeplink paths, which allows an attacker to perform CSRF attacks against the server. | ||||
CVE-2024-40712 | 1 Veeam | 1 Backup \& Replication | 2024-09-09 | N/A |
A path traversal vulnerability allows an attacker with a low-privileged account and local access to the system to perform local privilege escalation (LPE). | ||||
CVE-2023-46863 | 1 Peppermint | 1 Peppermint | 2024-09-09 | 7.5 High |
Peppermint Ticket Management before 0.2.4 allows remote attackers to read arbitrary files via a /api/v1/users/file/download?filepath=./../ POST request. | ||||
CVE-2023-46864 | 1 Peppermint | 1 Peppermint | 2024-09-09 | 5.3 Medium |
Peppermint Ticket Management through 0.2.4 allows remote attackers to read arbitrary files via a /api/v1/ticket/1/file/download?filepath=../ POST request. | ||||
CVE-2023-1467 | 1 Oretnom23 | 1 Student Study Center Desk Management System | 2024-09-07 | 6.5 Medium |
A vulnerability classified as critical has been found in SourceCodester Student Study Center Desk Management System 1.0. Affected is an unknown function of the file Master.php?f=delete_img of the component POST Parameter Handler. The manipulation of the argument path with the input C%3A%2Ffoo.txt leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-223326 is the identifier assigned to this vulnerability. | ||||
CVE-2024-4885 | 1 Progress | 1 Whatsup Gold | 2024-09-06 | 9.8 Critical |
In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold. The WhatsUp.ExportUtilities.Export.GetFileWithoutZip allows execution of commands with iisapppool\nmconsole privileges. | ||||
CVE-2024-8165 | 1 Beikeshop | 1 Beikeshop | 2024-09-06 | 4.3 Medium |
A vulnerability, which was classified as problematic, was found in Chengdu Everbrite Network Technology BeikeShop up to 1.5.5. This affects the function exportZip of the file /admin/file_manager/export. The manipulation of the argument path leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
CVE-2024-8163 | 2 Beikeshop, Chengdu Everbrite Network Technology | 2 Beikeshop, Beike Shop | 2024-09-06 | 5.4 Medium |
A vulnerability classified as critical was found in Chengdu Everbrite Network Technology BeikeShop up to 1.5.5. Affected by this vulnerability is the function destroyFiles of the file /admin/file_manager/files. The manipulation of the argument files leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
CVE-2024-35474 | 2024-09-06 | 6.5 Medium | ||
A Directory Traversal vulnerability in iceice666 ResourcePack Server before v1.0.8 allows a remote attacker to disclose files on the server, via setPath in ResourcePackFileServer.kt. | ||||
CVE-2024-33274 | 2024-09-06 | 7.5 High | ||
Directory Traversal vulnerability in FME Modules customfields v.2.2.7 and before allows a remote attacker to obtain sensitive information via the Custom Checkout Fields, Add Custom Fields to Checkout parameter of the ajax.php | ||||
CVE-2023-47473 | 1 Fuwushe | 1 Ifair | 2024-09-06 | 7.5 High |
Directory Traversal vulnerability in fuwushe.org iFair versions 23.8_ad0 and before allows an attacker to obtain sensitive information via a crafted script. | ||||
CVE-2024-32005 | 2024-09-06 | 8.2 High | ||
NiceGUI is an easy-to-use, Python-based UI framework. A local file inclusion is present in the NiceUI leaflet component when requesting resource files under the `/_nicegui/{__version__}/resources/{key}/{path:path}` route. As a result any file on the backend filesystem which the web server has access to can be read by an attacker with access to the NiceUI leaflet website. This vulnerability has been addressed in version 1.4.21. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
CVE-2023-41780 | 1 Zte | 2 Zxcloud Irai, Zxcloud Irai Firmware | 2024-09-06 | 6.4 Medium |
There is an unsafe DLL loading vulnerability in ZTE ZXCLOUD iRAI. Due to the program failed to adequately validate the user's input, an attacker could exploit this vulnerability to escalate local privileges. | ||||
CVE-2024-7693 | 2 Raidenmaild, Team Johnlong | 2 Raidenmaild, Raiden Maild Remote Management System | 2024-09-06 | 7.5 High |
Raiden MAILD Remote Management System from Team Johnlong Software has a Relative Path Traversal vulnerability, allowing unauthenticated remote attackers to read arbitrary file on the remote server. | ||||
CVE-2024-45074 | 2 Ibm, Softwareag | 2 Webmethods Integration, Webmethods | 2024-09-06 | 6.5 Medium |
IBM webMethods Integration 10.15 could allow an authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. | ||||
CVE-2024-43248 | 1 Bitapps | 2 Bit Form, Bit Form Pro | 2024-09-06 | 8.6 High |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Bit Apps Bit Form Pro allows File Manipulation.This issue affects Bit Form Pro: from n/a through 2.6.4. | ||||
CVE-2024-34656 | 1 Samsung | 1 Notes | 2024-09-06 | 7.3 High |
Path traversal in Samsung Notes prior to version 4.4.21.62 allows local attackers to execute arbitrary code. | ||||
CVE-2023-34259 | 1 Kyocera | 2 D-copia253mf Plus, D-copia253mf Plus Firmware | 2024-09-06 | 4.9 Medium |
Kyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow /wlmdeu%2f%2e%2e%2f%2e%2e directory traversal to read arbitrary files on the filesystem, even files that require root privileges. NOTE: this issue exists because of an incomplete fix for CVE-2020-23575. | ||||
CVE-2022-45447 | 1 Prestashop | 1 M4 Pdf | 2024-09-06 | 6.5 Medium |
M4 PDF plugin for Prestashop sites, in its 3.2.3 version and before, is vulnerable to a directory traversal vulnerability. The “f” parameter is not properly checked in the resource /m4pdf/pdf.php, returning any file given its relative path. An attacker that exploits this vulnerability could download /etc/passwd from the server if the file exists. |