CWE:
 

Tytuł
Data
Autor
Med.
photobucket Library Slideshow - Remote File Inclusion
24.05.2020
h4shur
High
ManageEngine DataSecurity Plus Path Traversal / Code Execution
12.05.2020
Sahil Dhar
Med.
Booked Scheduler 2.7.7 Directory Traversal
09.05.2020
Besim Altinok
High
SimplePHPGal 0.7 Remote File Inclusion
06.05.2020
h4shur
Med.
Zen Load Balancer 3.10.1 Directory Traversal (Metasploit)
02.05.2020
Dhiraj Mishra
High
Gigamon GigaVUE 5.5.01.11 Directory Traversal / File Upload
30.04.2020
Balazs Hambalko
Med.
Easy Transfer 1.7 Cross Site Scripting / Directory Traversal
28.04.2020
Benjamin Kunz Mejri
Med.
Sky File 2.1.0 Cross Site Scripting / Directory Traversal
21.04.2020
Benjamin Kunz Mejri
Low
QRadar Community Edition 7.3.1.6 Path Traversal
21.04.2020
Yorick Koster
Med.
Zen Load Balancer 3.10.1 Directory Traversal
11.04.2020
Basim Alabdullah
Med.
LimeSurvey 4.1.11 File Manager Path Traversal
06.04.2020
Matthew Aberegg, Micha...
Med.
Joomla Fabrik 3.9.11 Directory Traversal
30.03.2020
qw3rTyTy
Med.
Jinfornet Jreport 15.6 Directory Traversal
27.03.2020
hongphukt
Med.
FIBARO System Home Center 5.021 Remote File Inclusion / XSS
24.03.2020
LiquidWorm
Med.
VMware Fusion Local Privilege Escalation / Directory Traversal
21.03.2020
Grimm
Med.
PHPKB Multi-Language 9 Authenticated Directory Traversal
16.03.2020
Antonio Cannito
Med.
Creative Contact Form 4.6.2 Directory Traversal
09.03.2020
Wolfgang Hotwagner
High
Apache ActiveMQ 5.11.1 Directory Traversal / Shell Upload
08.03.2020
David Jorm
Med.
Pachev FTP Server 1.0 Path Traversal
23.01.2020
1F98D
Med.
Citrix ADC / Gateway Path Traversal
17.01.2020
Mishra Dhiraj
Med.
Huawei HG255 Directory Traversal
16.01.2020
Ismail Tasdelen
Med.
Citrix ADC (NetScaler) Directory Traversal / Remote Code Execution
15.01.2020
Ramella Sebastien
Med.
piSignage 2.6.4 Directory Traversal
08.01.2020
JunYeong Ko
Med.
Voyager 1.3.0 Directory Traversal
07.01.2020
NgoAnhDuc
Med.
IBM InfoPrint 4247-Z03 Impact Matrix Printer Directory Traversal
01.01.2020
Raif Berkay Dincel
Med.
Bullwark Momentum Series JAWS 1.0 Directory Traversal
13.12.2019
Numan Türle
High
Bludit Directory Traversal Image File Upload (Metasploit)
04.12.2019
Anonymous
Med.
SALTO ProAccess SPACE 5.5 Traversal / File Write / XSS / Bypass
03.12.2019
W. Schober
Med.
Crystal Live HTTP Server 6.01 Directory Traversal
19.11.2019
numan turle
Med.
Lexmark Services Monitor 2.27.4.0.39 Directory Traversal
19.11.2019
Kevin Randall
Med.
gSOAP 2.8 Directory Traversal
14.11.2019
numan turle
High
Bludit Directory Traversal Image File Upload
13.11.2019
sinn3r
Med.
Jira Service Desk Server / Data Center Path Traversal
10.11.2019
Atlassian
High
Nostromo Directory Traversal Remote Command Execution (Metasploit)
04.11.2019
Quentin Kaiser
High
Nostromo 1.9.6 Directory Traversal / Remote Command Execution
01.11.2019
Quentin Kaiser
Med.
WordPress Arforms 3.7.1 Directory Traversal
27.10.2019
Ahmad Almorabea
High
Generic Zip Slip Traversal
12.09.2019
sinn3r
Med.
Tibco JasperSoft Path Traversal
10.09.2019
Elar Lang
Med.
Totaljs CMS 12.0 Path Traversal
05.09.2019
Riccardo Krauter
Med.
Nimble Streamer 3.0.2-2 < 3.5.4-9 Directory Traversal
23.08.2019
MAYASEVEN
High
Cisco Adaptive Security Appliance Path Traversal (Metasploit)
13.08.2019
Anonymous
High
Veritas Resiliency Platform (VRP) Traversal / Command Execution
01.08.2019
David Dillard
Med.
Sahi pro 8.x Directory Traversal
12.07.2019
Alexander Bluestein
Med.
GrandNode 4.40 Path Traversal / File Download
25.06.2019
Corey Robinson
Med.
ABB IDAL FTP Server Path Traversal
25.06.2019
Eldar Marcussen
Med.
Cisco Prime Infrastructure Health Monitor TarArchive Directory Traversal
20.06.2019
mr_me
Med.
Sahi Pro 7.x / 8.x Directory Traversal
19.06.2019
Goutham Madhwaraj
Med.
BlogEngine.NET 3.3.7 Directory Traversal / Remote Code Execution
19.06.2019
Aaron Bishop
High
Supra Smart Cloud TV Remote File Inclusion
06.06.2019
Mishra Dhiraj
Med.
Typora 0.9.9.24.6 Directory Traversal
29.05.2019
Mishra Dhiraj
Med.
Moodle Jmol Filter 6.1 Directory Traversal / Cross-Site Scripting
21.05.2019
Dionach Ltd
Med.
NetNumber Titan ENUM/DNS/NP 7.9.1 Bypass / Traversal
11.05.2019
MobileNetworkSecurity
Med.
Spring Cloud Config 2.1.x Path Traversal
01.05.2019
Mishra Dhiraj
Med.
Joomla Core 1.5.0 3.9.4 Directory Traversal / Authenticated Arbitrary File Deletion
23.04.2019
Haboob Team
High
Oracle Business Intelligence Directory Traversal
21.04.2019
Vahagn Vardanyan
Med.
Evernote 7.9 Path Traversal / Code Execution
19.04.2019
Mishra Dhiraj
Med.
Joomla 3.9.4 Arbitrary File Deletion / Directory Traversal
17.04.2019
Haboob Team
Med.
Titan FTP Server 2019 Build 3505 Directory Traversal
27.03.2019
Kevin Randall
Med.
CoreFTP Server FTP / SFTP Server 2 Build 674 MDTM Directory Traversal
13.03.2019
Kevin Randall
Med.
MarcomCentral FusionPro VDP Creator Directory Traversal
05.03.2019
0v3rride
Med.
Micro Focus Filr 3.4.0.217 Path Traversal / Privilege Escalation
22.02.2019
Leandro Cuozzo
High
SureMDM Local / Remote File Inclusion
02.02.2019
Digital Interruption
Med.
GL-AR300M-Lite 2.2.7 Command Injection / Directory Traversal
17.01.2019
Pasquale Turi
Med.
Aspose.ZIP For .NET Path Traversal
10.01.2019
Jaroslav Lobacevski
High
Roxy Fileman 1.4.5 File Upload / Directory Traversal
08.01.2019
Pongtorn Angsuchotmete...
Med.
Transcend Wi-Fi SD Card Cross Site Request Forgery / Traversal
18.12.2018
MustLive
Low
Responsive FileManager 9.13.4 XSS / File Manipulation / Traversal
15.12.2018
farisv
Med.
Zyxel VMG1312-B10D 5.13AAXA.8 Directory Traversal
26.11.2018
x-hayben21
High
D-Link Plain-Text Password Storage / Code Execution / Directory Traversal
19.10.2018
Blazej Adamczyk
Med.
Citrix StorageZones Controller Improper Access Restrictions / Traversal
27.09.2018
Wolfgang Ettlinger
Med.
Rubedo CMS 3.4.0 Directory Traversal
12.09.2018
Marouene Boubakri
Med.
Softneta MedDream PACS Server Premium 6.7.1.1 Directory Traversal
08.09.2018
Carlos Avila
Med.
Argus Surveillance DVR 4.0.0.0 Directory Traversal
29.08.2018
hyp3rlinx
Med.
PCViewer vt1000 Directory Traversal
23.08.2018
Berk Dusunur
Med.
Oracle GlassFish Server 4.1 Directory Traversal
14.08.2018
Mishra Dhiraj
Med.
LG-Ericsson iPECS NMS 30M Directory Traversal
09.08.2018
Safak Aslan
Med.
CMS ISWEB 3.5.3 Directory Traversal
06.08.2018
Thiago Sena
Med.
cgit < 1.2.1 cgit_clone_objects() Directory Traversal
03.08.2018
Google Security Resear...
Med.
GeoVision GV-SNVR0811 Directory Traversal
25.07.2018
Berk Dusunur
Low
D-link DAP-1360 Path Traversal / Cross-Site Scripting
25.07.2018
r3m0t3nu11
Med.
VelotiSmart WiFi B-380 Camera Directory Traversal
17.07.2018
Miguel Mendez Z
Med.
Dicoogle PACS 2.5.0 Directory Traversal
12.07.2018
Carlos Avila
Med.
Mirasys DVMS Workstation 5.12.6 Path Traversal
22.06.2018
Dick Snel
Med.
IPConfigure Orchid VMS 2.0.5 Directory Traversal Information Disclosure
20.06.2018
Sanjiv Kawa
Med.
Redatam Web Server Directory Traversal
18.06.2018
Berk Dusunur
High
WordPress Redirection 2.7.3 Remote File Inclusion
13.06.2018
Glyn Wintle
Med.
TAC Xenta 511/911 Directory Traversal
31.05.2018
Marek Cybul
High
Cisco SA520W Security Appliance Path Traversal
19.05.2018
Nassim Asrir
High
ProjectPier 0.8.8 SQL Injection / Authentication Bypass / RFI
15.05.2018
Imre Rad
Med.
IceWarp Mail Server < 11.1.1 Directory Traversal
04.05.2018
Piotr Karolak
Med.
Sitecore.NET 8.1 Directory Traversal
27.04.2018
Chris Moberly
Med.
Ncomputing vSpace Pro v10 and v11 Directory Traversal PoC
24.04.2018
Javier Bernardo
Med.
Seagate Media Server Path Traversal
20.04.2018
Yorick Koster
Med.
TwonkyMedia Server 7.0.11-8.5 Directory Traversal
29.03.2018
Sven Fassbender
Med.
Acrolinx Server Directory Traversal
27.03.2018
Berk Dusunur
Med.
Bomgar Remote Support Portal (RSP) Path Traversal
24.03.2018
Filip Palian
Med.
Advantech WebAccess < 8.3 Directory Traversal / Remote Code Execution
13.03.2018
Chris Lyne
Med.
Parallels Remote Application Server 15.5 Path Traversal
04.03.2018
Nicolas Markitanis
Med.
uWSGI < 2.0.17 Directory Traversal
03.03.2018
Marios Nicolaides
Med.
Sophos XG Firewall 16.05.4 MR-4 Path Traversal
16.02.2018
SecuriTeam


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2020-06-02
Medium
CVE-2020-13227

Vendor: Sysax
Software: Multi server
 

 
An issue was discovered in Sysax Multi Server 6.90. An attacker can determine the username (under which the web server is running) by triggering an invalid path permission error. This bypasses the fakepath protection mechanism.

 
2020-06-01
Medium
CVE-2014-7174

Updating...
 

 
FarLinX X25 Gateway through 2014-09-25 allows directory traversal via the log-handling feature.

 
Low
CVE-2014-8939

Vendor: Piwigo
Software: Lexiglot
 

 
Lexiglot through 2014-11-20 allows remote attackers to obtain sensitive information (full path) via an include/smarty/plugins/modifier.date_format.php request if PHP has a non-recommended configuration that produces warning messages.

 
2020-05-29
Low
CVE-2020-7652

Vendor: SYNK
Software: Broker
 

 
All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users with access to Snyk's internal network via directory traversal.

 
2020-05-27
Low
CVE-2020-10737

Vendor: Redhat
Software: Oddjob
 

 
A race condition was found in the mkhomedir tool shipped with the oddjob package in versions before 0.34.5 and 0.34.6 wherein, during the home creation, mkhomedir copies the /etc/skel directory into the newly created home and changes its ownership to the home's user without properly checking the homedir path. This flaw allows an attacker to leverage this issue by creating a symlink point to a target folder, which then has its ownership transferred to the new home directory's unprivileged user.

 
2020-05-21
Medium
CVE-2020-5752

Vendor: Druva
Software: Insync client
 

 
Relative path traversal in Druva inSync Windows Client 6.6.3 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges.

 
2020-05-15
Medium
CVE-2020-13093

Vendor: Ispyconnect
Software: Agent dvr
 

 
iSpyConnect.com Agent DVR before 2.7.1.0 allows directory traversal.

 
2020-05-14
Medium
CVE-2019-17572

Vendor: Apache
Software: Rocketmq
 

 

 
2020-05-13
Medium
CVE-2020-12832

Vendor: Simplefilelist
Software: Simple-file-list
 

 
WordPress Plugin Simple File List before 4.2.8 is prone to a vulnerability that lets attackers delete arbitrary files because the application fails to properly verify user-supplied input.

 
2020-05-12
Medium
CVE-2020-8159

Vendor: Rubyonrails
Software: Actionpack p...
 

 
There is a vulnerability in actionpack_page-caching gem < v1.2.1 that allows an attacker to write arbitrary files to a web server, potentially resulting in remote code execution if the attacker can write unescaped ERB to a view.

 

 


Copyright 2020, cxsecurity.com

 

Back to Top