CWE:
 

Tytuł
Data
Autor
High
Aviatrix Controller 6.x Path Traversal / Code Execution
11.10.2021
0xJoyGhosh
Med.
Apache HTTP Server 2.4.49 Path Traversal
06.10.2021
Lucas Souza
Med.
ECOA Building Automation System Directory Traversal
13.09.2021
Neurogenesia
Med.
Umbraco CMS 8.9.1 Path traversal and Arbitrary File Write (Authenticated)
13.09.2021
BitTheByte
Med.
Artica Proxy VMWare Appliance 4.30.000000 SP273 Path Traversal
06.09.2021
Heiko Feldhusen
Med.
OpenSIS 8.0 modname Directory/Path Traversal
05.09.2021
Eric Salario
Med.
OpenSIS 8.0 Directory Traversal
04.09.2021
Eric Salario
High
KevinLAB BEMS 1.0 Authenticated File Path Traversal / Information Disclosure
21.07.2021
LiquidWorm
Med.
WordPress Plugin Anti-Malware Security and Bruteforce Firewall 4.20.59 Directory Traversal
07.07.2021
TheSmuggler
Med.
Pallets Werkzeug 0.15.4 Path Traversal
07.07.2021
faisalfs10x
Med.
OpenEMR 5.0.1.7 fileName Path Traversal (Authenticated)
29.06.2021
Ron Jost
Med.
Trixbox 2.8.0.4 Path Traversal
30.05.2021
Ron Jost
High
Schlix CMS 2.2.6-6 Shell Upload / Directory Traversal
25.05.2021
Emir Polat
Med.
Mini Mouse 9.2.0 Path Traversal
05.04.2021
gosh
Med.
WordPress Delightful Downloads Jquery File Tree 1.6.6 Path Traversal
22.03.2021
Nicholas Ferreira
Med.
Fluig 1.7.0 Path Traversal
05.03.2021
Lucas Souza
Med.
Yeastar TG400 GSM Gateway 91.3.0.3 Path Traversal
27.02.2021
SQSamir
Med.
orart Remote File Inculsion Vulnerability [ RFI ]
22.02.2021
h4shur
Med.
SolarWinds Serv-U FTP Server 15.2.1 Path Traversal
13.02.2021
Jack Misiura
Med.
Home Assistant Community Store 1.10.0 Path Traversal
29.01.2021
Lyghtnox
High
Selea Targa IP OCR-ANPR Camera Directory Traversal
22.01.2021
LiquidWorm
Med.
Apache Flink 1.11.0 Arbitrary File Read / Directory Traversal
08.01.2021
SunCSR
Med.
Responsive FileManager 9.13.4 Path Traversal
05.01.2021
SunCSR
Med.
WordPress Duplicator 1.3.26 Directory Traversal / File Read
03.01.2021
Hoa Nguyen
Med.
Rocket.Chat Path Traversal
23.12.2020
Moe Szyslak
Med.
Cisco ASA 9.14.1.10 / FTD 6.6.0.1 Path Traversal
15.12.2020
Freakyclown
Low
Advanced Component System (ACS) 1.0 Path Traversal
13.12.2020
Francisco Javier Santi...
Low
Huawei HedEx Lite (DM) Path Traversal
04.12.2020
S.AbenMassaoud
High
Sony BRAVIA Digital Signage 1.7.8 Unauthenticated Remote File Inclusion
04.12.2020
LiquidWorm
High
TestBox CFML Test Framework 4.1.0 Directory Traversal
21.11.2020
Darren King
Med.
PMB 5.6 Local File Disclosure / Directory Traversal
16.11.2020
41-trk
Med.
SIGE (Joomla) 3.4.1 & 3.5.3 Pro - Multiple Vulnerabilities
13.11.2020
h4shur
Med.
ReQuest Serious Play Media Player 3.0 Directory Traversal File Disclosure
05.11.2020
LiquidWorm
High
HiSilicon Video Encoder 1.97 File Disclosure / Path Traversal
19.10.2020
Alexei Kojenov
Med.
ReQuest Serious Play Media Player 3.0 File Disclosure / Path Traversal
19.10.2020
LiquidWorm
Med.
Cisco ASA and FTD 9.6.4.42 Path Traversal
14.10.2020
3ndG4me
High
Garfield Petshop 2020-10-01 Cross Site Request Forgery
09.10.2020
Ramdan Yantu
Med.
Karel IP Phone IP1211 Web Management Panel Directory Traversal
07.10.2020
Berat Gokberk ISLER
Med.
Ruijie Networks Switch eWeb S29_RGOS 11.4 Directory Traversal
20.08.2020
Tuygun
Med.
October CMS <= Build 465 Multiple Vulnerabilities
03.08.2020
Sivanesh Ashok
Med.
Files 4 Client Pro - Easy File Transfer v1.2.2 - Path Traversal
30.07.2020
Vlad Vector
Med.
Bludit 3.9.2 Directory Traversal
30.07.2020
James Green
Med.
Zyxel Armor X1 WAP6806 Directory Traversal
15.07.2020
Rajivarnan R
High
ATutor 2.2.4 Directory Traversal / Remote Code Execution
01.07.2020
liquidsky
Med.
Zyxel Armor X1 Model:WAP6806 - Directory Traversal
30.06.2020
Rajivarnan R
Med.
Cisco AnyConnect Path Traversal / Privilege Escalation
25.06.2020
Yorick Koster
Med.
OpenCTI 3.3.1 Cross Site Scripting / Directory Traversal
18.06.2020
Raif Berkay Dincel
Med.
MJML 4.6.2 Path Traversal
17.06.2020
Julien Ahrens
Med.
Navigate CMS 2.8.7 Authenticated Directory Traversal
10.06.2020
Gus Ralph
Med.
photobucket Library Slideshow - Remote File Inclusion
24.05.2020
h4shur
High
ManageEngine DataSecurity Plus Path Traversal / Code Execution
12.05.2020
Sahil Dhar
Med.
Booked Scheduler 2.7.7 Directory Traversal
09.05.2020
Besim Altinok
High
SimplePHPGal 0.7 Remote File Inclusion
06.05.2020
h4shur
Med.
Zen Load Balancer 3.10.1 Directory Traversal (Metasploit)
02.05.2020
Dhiraj Mishra
High
Gigamon GigaVUE 5.5.01.11 Directory Traversal / File Upload
30.04.2020
Balazs Hambalko
Med.
Easy Transfer 1.7 Cross Site Scripting / Directory Traversal
28.04.2020
Benjamin Kunz Mejri
Med.
Sky File 2.1.0 Cross Site Scripting / Directory Traversal
21.04.2020
Benjamin Kunz Mejri
Low
QRadar Community Edition 7.3.1.6 Path Traversal
21.04.2020
Yorick Koster
Med.
Zen Load Balancer 3.10.1 Directory Traversal
11.04.2020
Basim Alabdullah
Med.
LimeSurvey 4.1.11 File Manager Path Traversal
06.04.2020
Matthew Aberegg, Micha...
Med.
Joomla Fabrik 3.9.11 Directory Traversal
30.03.2020
qw3rTyTy
Med.
Jinfornet Jreport 15.6 Directory Traversal
27.03.2020
hongphukt
Med.
FIBARO System Home Center 5.021 Remote File Inclusion / XSS
24.03.2020
LiquidWorm
Med.
VMware Fusion Local Privilege Escalation / Directory Traversal
21.03.2020
Grimm
Med.
PHPKB Multi-Language 9 Authenticated Directory Traversal
16.03.2020
Antonio Cannito
Med.
Creative Contact Form 4.6.2 Directory Traversal
09.03.2020
Wolfgang Hotwagner
High
Apache ActiveMQ 5.11.1 Directory Traversal / Shell Upload
08.03.2020
David Jorm
Med.
Pachev FTP Server 1.0 Path Traversal
23.01.2020
1F98D
Med.
Citrix ADC / Gateway Path Traversal
17.01.2020
Mishra Dhiraj
Med.
Huawei HG255 Directory Traversal
16.01.2020
Ismail Tasdelen
Med.
Citrix ADC (NetScaler) Directory Traversal / Remote Code Execution
15.01.2020
Ramella Sebastien
Med.
piSignage 2.6.4 Directory Traversal
08.01.2020
JunYeong Ko
Med.
Voyager 1.3.0 Directory Traversal
07.01.2020
NgoAnhDuc
Med.
IBM InfoPrint 4247-Z03 Impact Matrix Printer Directory Traversal
01.01.2020
Raif Berkay Dincel
Med.
Bullwark Momentum Series JAWS 1.0 Directory Traversal
13.12.2019
Numan Türle
High
Bludit Directory Traversal Image File Upload (Metasploit)
04.12.2019
Anonymous
Med.
SALTO ProAccess SPACE 5.5 Traversal / File Write / XSS / Bypass
03.12.2019
W. Schober
Med.
Crystal Live HTTP Server 6.01 Directory Traversal
19.11.2019
numan turle
Med.
Lexmark Services Monitor 2.27.4.0.39 Directory Traversal
19.11.2019
Kevin Randall
Med.
gSOAP 2.8 Directory Traversal
14.11.2019
numan turle
High
Bludit Directory Traversal Image File Upload
13.11.2019
sinn3r
Med.
Jira Service Desk Server / Data Center Path Traversal
10.11.2019
Atlassian
High
Nostromo Directory Traversal Remote Command Execution (Metasploit)
04.11.2019
Quentin Kaiser
High
Nostromo 1.9.6 Directory Traversal / Remote Command Execution
01.11.2019
Quentin Kaiser
Med.
WordPress Arforms 3.7.1 Directory Traversal
27.10.2019
Ahmad Almorabea
High
Generic Zip Slip Traversal
12.09.2019
sinn3r
Med.
Tibco JasperSoft Path Traversal
10.09.2019
Elar Lang
Med.
Totaljs CMS 12.0 Path Traversal
05.09.2019
Riccardo Krauter
Med.
Nimble Streamer 3.0.2-2 < 3.5.4-9 Directory Traversal
23.08.2019
MAYASEVEN
High
Cisco Adaptive Security Appliance Path Traversal (Metasploit)
13.08.2019
Anonymous
High
Veritas Resiliency Platform (VRP) Traversal / Command Execution
01.08.2019
David Dillard
Med.
Sahi pro 8.x Directory Traversal
12.07.2019
Alexander Bluestein
Med.
GrandNode 4.40 Path Traversal / File Download
25.06.2019
Corey Robinson
Med.
ABB IDAL FTP Server Path Traversal
25.06.2019
Eldar Marcussen
Med.
Cisco Prime Infrastructure Health Monitor TarArchive Directory Traversal
20.06.2019
mr_me
Med.
Sahi Pro 7.x / 8.x Directory Traversal
19.06.2019
Goutham Madhwaraj
Med.
BlogEngine.NET 3.3.7 Directory Traversal / Remote Code Execution
19.06.2019
Aaron Bishop
High
Supra Smart Cloud TV Remote File Inclusion
06.06.2019
Mishra Dhiraj
Med.
Typora 0.9.9.24.6 Directory Traversal
29.05.2019
Mishra Dhiraj
Med.
Moodle Jmol Filter 6.1 Directory Traversal / Cross-Site Scripting
21.05.2019
Dionach Ltd


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2021-10-22
Waiting for details
CVE-2021-42542

Updating...
 

 
The affected product is vulnerable to directory traversal due to mishandling of provided backup folder structure.

 
2021-10-21
Waiting for details
CVE-2021-41127

Updating...
 

 
Rasa is an open source machine learning framework to automate text-and voice-based conversations. In affected versions a vulnerability exists in the functionality that loads a trained model `tar.gz` file which allows a malicious actor to craft a `model.tar.gz` file which can overwrite or replace bot files in the bot directory. The vulnerability is fixed in Rasa 2.8.10. For users unable to update ensure that users do not upload untrusted model files, and restrict CLI or API endpoint access where a malicious actor could target a deployed Rasa instance.

 
2021-10-19
Waiting for details
CVE-2021-41149

Updating...
 

 
Tough provides a set of Rust libraries and tools for using and generating the update framework (TUF) repositories. The tough library, prior to 0.12.0, does not properly sanitize target names when caching a repository, or when saving specific targets to an output directory. When targets are cached or saved, files could be overwritten with arbitrary content anywhere on the system. A fix is available in version 0.12.0. No workarounds to this issue are known.

 
High
CVE-2021-41131

Vendor: Linuxfoundation
Software: The update f...
 

 
python-tuf is a Python reference implementation of The Update Framework (TUF). In both clients (`tuf/client` and `tuf/ngclient`), there is a path traversal vulnerability that in the worst case can overwrite files ending in `.json` anywhere on the client system on a call to `get_one_valid_targetinfo()`. It occurs because the rolename is used to form the filename, and may contain path traversal characters (ie `../../name.json`). The impact is mitigated by a few facts: It only affects implementations that allow arbitrary rolename selection for delegated targets metadata, The attack requires the ability to A) insert new metadata for the path-traversing role and B) get the role delegated by an existing targets metadata, The written file content is heavily restricted since it needs to be a valid, signed targets file. The file extension is always .json. A fix is available in version 0.19 or newer. There are no workarounds that do not require code changes. Clients can restrict the allowed character set for rolenames, or they can store metadata in files named in a way that is not vulnerable: neither of these approaches is possible without modifying python-tuf.

 
2021-10-18
Low
CVE-2021-41152

Vendor: Frentix
Software: Openolat
 

 
OpenOlat is a web-based e-learning platform for teaching, learning, assessment and communication, an LMS, a learning management system. In affected versions by manipulating the HTTP request an attacker can modify the path of a requested file download in the folder component to point to anywhere on the target system. The attack could be used to read any file accessible in the web root folder or outside, depending on the configuration of the system and the properly configured permission of the application server user. The attack requires an OpenOlat user account or the enabled guest user feature together with the usage of the folder component in a course. The attack does not allow writing of arbitrary files, it allows only reading of files and also only ready of files that the attacker knows the exact path which is very unlikely at least for OpenOlat data files. The problem is fixed in version 15.5.8 and 16.0.1 It is advised to upgrade to version 16.0.x. There are no known workarounds to fix this problem, an upgrade is necessary.

 
Low
CVE-2021-41151

Vendor: Linuxfoundation
Software: Backstage
 

 
Backstage is an open platform for building developer portals. In affected versions A malicious actor could read sensitive files from the environment where Scaffolder Tasks are run. The attack is executed by crafting a custom Scaffolder template with a `github:publish:pull-request` action and a particular source path. When the template is executed the sensitive files would be included in the published pull request. This vulnerability is mitigated by the fact that an attacker would need access to create and register templates in the Backstage catalog, and that the attack is very visible given that the exfiltration happens via a pull request. The vulnerability is patched in the `0.15.9` release of `@backstage/plugin-scaffolder-backend`.

 
2021-10-15
Medium
CVE-2021-40724

Updating...
 

 
Acrobat Reader for Android versions 21.8.0 (and earlier) are affected by a Path traversal vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

 
High
CVE-2021-40988

Vendor: Arubanetworks
Software: Clearpass po...
 

 
A remote directory traversal vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability.

 
Low
CVE-2021-3874

Vendor: Bookstackapp
Software: Bookstack
 

 
bookstack is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

 
2021-10-14
High
CVE-2021-33178

Vendor: Nagios
Software: Nagios xi
 

 
The Manage Backgrounds functionality within Nagvis versions prior to 2.0.9 is vulnerable to an authenticated path traversal vulnerability. Exploitation of this results in a malicious actor having the ability to arbitrarily delete files on the local system.

 

 


Copyright 2021, cxsecurity.com

 

Back to Top