Home
Bugtraq
Full List
Only Bugs
Only Tricks
Only Exploits
Only Dorks
Only CVE
Only CWE
Fake Notes
Ranking
CVEMAP
Full List
Show Vendors
Show Products
CWE Dictionary
Check CVE Id
Check CWE Id
Search
Bugtraq
CVEMAP
By author
CVE Id
CWE Id
By vendors
By products
RSS
Bugtraq
CVEMAP
CVE Products
Bugs
Exploits
Dorks
More
cIFrex
Facebook
Twitter
Donate
About
Submit
CWE
:
Topic
Date
Author
Med.
Artica Proxy 4.40 / 4.50 Local File Inclusion / Traversal
06.03.2024
Jaggar Henry
Low
WordPress User Meta Lite / Pro 2.4.3 Path Traversal
31.05.2022
Julien Ahrens
Med.
SAP Solution Manager 7.2 File Disclosure / Denial Of Service
15.06.2021
Pablo Artuso
Med.
WordPress 5.1.1 Liberator Themes Arbitrary File Download
18.03.2019
KingSkrupellos
Med.
WordPress 5.1.1 Green_Farming_New Themes Arbitrary File Download
18.03.2019
KingSkrupellos
Med.
WordPress 4.8.9 Rowe Themes Arbitrary File Download
18.03.2019
KingSkrupellos
High
D-Link DWR-116 Arbitrary File Download
07.04.2017
Smash_
High
Wordpress Plugin Membership Simplified v1.58 - Arbitrary File Download
16.03.2017
Munir Njiru
Med.
QNAP QTS 4.2.1 Build 20160601 Arbitrary File Overwrite
19.08.2016
Sebastian Nerz
High
MiCasaVerde VeraLite 1.5.408 Traversal & Authorization & CSRF & Disclosure
02.08.2013
Daniel Crowley
CVEMAP Search Results
CVE
Details
Description
2024-04-16
CVE-2024-0549
Updating...
mintplex-labs/anything-llm is vulnerable to a relative path traversal attack, allowing unauthorized attackers with a default role account to delete files and folders within the filesystem, including critical database files such as 'anythingllm.db'. The vulnerability stems from insufficient input validation and normalization in the handling of file and folder deletion requests. Successful exploitation results in the compromise of data integrity and availability.
2024-04-10
CVE-2024-3025
Updating...
mintplex-labs/anything-llm is vulnerable to path traversal attacks due to insufficient validation of user-supplied input in the logo filename functionality. Attackers can exploit this vulnerability by manipulating the logo filename to reference files outside of the restricted directory. This can lead to unauthorized reading or deletion of files by utilizing the `/api/system/upload-logo` and `/api/system/logo` endpoints. The issue stems from the lack of filtering or validation on the logo filename, allowing attackers to target sensitive files such as the application's database.
2024-03-29
CVE-2024-25944
Updating...
Dell OpenManage Enterprise, v4.0 and prior, contain(s) a path traversal vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, to gain unauthorized access to the files stored on the server filesystem, with the privileges of the running web application.
2024-03-18
CVE-2024-27770
Updating...
Unitronics Unistream Unilogic �?? Versions prior to 1.35.227 - CWE-23: Relative Path Traversal
2024-02-28
CVE-2024-0550
Updating...
A user who is privileged already `manager` or `admin` can set their profile picture via the frontend API using a relative filepath to then user the PFP GET API to download any valid files. The attacker would have to have been granted privileged permissions to the system before executing this attack.
2024-02-20
CVE-2023-42791
Updating...
A relative path traversal in Fortinet FortiManager version 7.4.0 and 7.2.0 through 7.2.3 and 7.0.0 through 7.0.8 and 6.4.0 through 6.4.12 and 6.2.0 through 6.2.11 allows attacker to execute unauthorized code or commands via crafted HTTP requests.
2024-02-14
CVE-2024-1485
Updating...
A vulnerability was found in the decompression function of registry-support. This issue can be triggered by an unauthenticated remote attacker when tricking a user into opening a specially modified .tar archive, leading to the cleanup process following relative paths to overwrite or delete files outside the intended scope.
2024-02-02
CVE-2021-22281
Updating...
: Relative Path Traversal vulnerability in B&R Industrial Automation Automation Studio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Automation Studio: from 4.0 through 4.12.
2023-12-13
CVE-2023-6722
Updating...
A path traversal vulnerability has been detected in Repox, which allows an attacker to read arbitrary files on the running server, resulting in a disclosure of sensitive information. An attacker could access files such as application code or data, backend credentials, operating system files...
2023-10-05
CVE-2023-44386
Updating...
Vapor is an HTTP web framework for Swift. There is a denial of service vulnerability impacting all users of affected versions of Vapor. The HTTP1 error handler closed connections when HTTP parse errors occur instead of passing them on. The issue is fixed as of Vapor release 4.84.2.
Copyright
2024
, cxsecurity.com
Back to Top
