CWE:
 

Tytuł
Data
Autor
Med.
Payara Platform Path Traversal
15.11.2022
Michael Baer
Med.
Carel pCOWeb HVAC BACnet Gateway 2.1.0 Directory Traversal
12.11.2022
LiquidWorm
Med.
AVEVA InTouch Access Anywhere Secure Gateway 2020 R2 Path Traversal
12.11.2022
Jens Regel
Med.
Webile 1.0.1 Directory Traversal
17.10.2022
Vulnerability Laborato...
High
Owlfiles File Manager 12.0.1 Path Traversal / Local File Inclusion
20.09.2022
Chokri Hammedi
Med.
FTPManager 8.2 Local File Inclusion / Directory Traversal
07.09.2022
Chokri Hammedi
Med.
Zimbra Zip Path Traversal
24.08.2022
Ron Bowes
Med.
CuteEditor For PHP 6.6 Directory Traversal
08.08.2022
Stefan Hesselman
High
Zimbra UnRAR Path Traversal
08.08.2022
Ron Bowes
Med.
Omnia MPX 1.5.0+r1 Path Traversal
02.08.2022
Momen Eldawakhly
Med.
uftpd 2.10 Directory Traversal
02.08.2022
Aaron Esau
Med.
Carel pCOWeb HVAC BACnet Gateway 2.1.0 Unauthenticated Directory Traversal
04.07.2022
LiquidWorm
Med.
SAP FRUN Simple Diagnostics Agent 1.0 Directory Traversal
22.06.2022
Yvan Genuer
Med.
SolarView Compact 6.00 Directory Traversal
04.06.2022
Ahmed Alroky
Low
WordPress User Meta Lite / Pro 2.4.3 Path Traversal
31.05.2022
Julien Ahrens
Med.
Bookeen Notea Directory Traversal
29.05.2022
Clement MAILLIOUX
Med.
Barco Control Room Management Suite Directory Traversal
04.04.2022
Murat Aydemir
Med.
IdeaRE RefTree Path Traversal
31.03.2022
Savino Sisco
Med.
Joomla! 4.1.0 Zip Slip File Overwrite / Path Traversal
30.03.2022
EgiX
Med.
Xerte 3.10.3 Directory Traversal
02.03.2022
Rik Lutz
Med.
Kyocera Command Center RX ECOSYS M2035dn Directory Traversal File Disclosure (Unauthenticated)
14.02.2022
Luis Martinez
Med.
Kyocera Command Center RX ECOSYS M2035dn Directory Traversal
12.02.2022
Luis Martinez
Med.
Ethercreative Logs 3.0.3 Path Traversal
26.01.2022
Steffen Rogge
Med.
CoreFTP Server Build 725 Directory Traversal
10.01.2022
LiamInfosec
Med.
Grafana 8.3.0 Directory Traversal / Arbitrary File Read
09.12.2021
s1gh
High
Aviatrix Controller 6.x Path Traversal / Code Execution
11.10.2021
0xJoyGhosh
Med.
Apache HTTP Server 2.4.49 Path Traversal
06.10.2021
Lucas Souza
Med.
ECOA Building Automation System Directory Traversal
13.09.2021
Neurogenesia
Med.
Umbraco CMS 8.9.1 Path traversal and Arbitrary File Write (Authenticated)
13.09.2021
BitTheByte
Med.
Artica Proxy VMWare Appliance 4.30.000000 SP273 Path Traversal
06.09.2021
Heiko Feldhusen
Med.
OpenSIS 8.0 modname Directory/Path Traversal
05.09.2021
Eric Salario
Med.
OpenSIS 8.0 Directory Traversal
04.09.2021
Eric Salario
High
KevinLAB BEMS 1.0 Authenticated File Path Traversal / Information Disclosure
21.07.2021
LiquidWorm
Med.
WordPress Plugin Anti-Malware Security and Bruteforce Firewall 4.20.59 Directory Traversal
07.07.2021
TheSmuggler
Med.
Pallets Werkzeug 0.15.4 Path Traversal
07.07.2021
faisalfs10x
Med.
OpenEMR 5.0.1.7 fileName Path Traversal (Authenticated)
29.06.2021
Ron Jost
Med.
Trixbox 2.8.0.4 Path Traversal
30.05.2021
Ron Jost
High
Schlix CMS 2.2.6-6 Shell Upload / Directory Traversal
25.05.2021
Emir Polat
Med.
Mini Mouse 9.2.0 Path Traversal
05.04.2021
gosh
Med.
WordPress Delightful Downloads Jquery File Tree 1.6.6 Path Traversal
22.03.2021
Nicholas Ferreira
Med.
Fluig 1.7.0 Path Traversal
05.03.2021
Lucas Souza
Med.
Yeastar TG400 GSM Gateway 91.3.0.3 Path Traversal
27.02.2021
SQSamir
Med.
orart Remote File Inculsion Vulnerability [ RFI ]
22.02.2021
h4shur
Med.
SolarWinds Serv-U FTP Server 15.2.1 Path Traversal
13.02.2021
Jack Misiura
Med.
Home Assistant Community Store 1.10.0 Path Traversal
29.01.2021
Lyghtnox
High
Selea Targa IP OCR-ANPR Camera Directory Traversal
22.01.2021
LiquidWorm
Med.
Apache Flink 1.11.0 Arbitrary File Read / Directory Traversal
08.01.2021
SunCSR
Med.
Responsive FileManager 9.13.4 Path Traversal
05.01.2021
SunCSR
Med.
WordPress Duplicator 1.3.26 Directory Traversal / File Read
03.01.2021
Hoa Nguyen
Med.
Rocket.Chat Path Traversal
23.12.2020
Moe Szyslak
Med.
Cisco ASA 9.14.1.10 / FTD 6.6.0.1 Path Traversal
15.12.2020
Freakyclown
Low
Advanced Component System (ACS) 1.0 Path Traversal
13.12.2020
Francisco Javier Santi...
Low
Huawei HedEx Lite (DM) Path Traversal
04.12.2020
S.AbenMassaoud
High
Sony BRAVIA Digital Signage 1.7.8 Unauthenticated Remote File Inclusion
04.12.2020
LiquidWorm
High
TestBox CFML Test Framework 4.1.0 Directory Traversal
21.11.2020
Darren King
Med.
PMB 5.6 Local File Disclosure / Directory Traversal
16.11.2020
41-trk
Med.
SIGE (Joomla) 3.4.1 & 3.5.3 Pro - Multiple Vulnerabilities
13.11.2020
h4shur
Med.
ReQuest Serious Play Media Player 3.0 Directory Traversal File Disclosure
05.11.2020
LiquidWorm
High
HiSilicon Video Encoder 1.97 File Disclosure / Path Traversal
19.10.2020
Alexei Kojenov
Med.
ReQuest Serious Play Media Player 3.0 File Disclosure / Path Traversal
19.10.2020
LiquidWorm
Med.
Cisco ASA and FTD 9.6.4.42 Path Traversal
14.10.2020
3ndG4me
High
Garfield Petshop 2020-10-01 Cross Site Request Forgery
09.10.2020
Ramdan Yantu
Med.
Karel IP Phone IP1211 Web Management Panel Directory Traversal
07.10.2020
Berat Gokberk ISLER
Med.
Ruijie Networks Switch eWeb S29_RGOS 11.4 Directory Traversal
20.08.2020
Tuygun
Med.
October CMS <= Build 465 Multiple Vulnerabilities
03.08.2020
Sivanesh Ashok
Med.
Files 4 Client Pro - Easy File Transfer v1.2.2 - Path Traversal
30.07.2020
Vlad Vector
Med.
Bludit 3.9.2 Directory Traversal
30.07.2020
James Green
Med.
Zyxel Armor X1 WAP6806 Directory Traversal
15.07.2020
Rajivarnan R
High
ATutor 2.2.4 Directory Traversal / Remote Code Execution
01.07.2020
liquidsky
Med.
Zyxel Armor X1 Model:WAP6806 - Directory Traversal
30.06.2020
Rajivarnan R
Med.
Cisco AnyConnect Path Traversal / Privilege Escalation
25.06.2020
Yorick Koster
Med.
OpenCTI 3.3.1 Cross Site Scripting / Directory Traversal
18.06.2020
Raif Berkay Dincel
Med.
MJML 4.6.2 Path Traversal
17.06.2020
Julien Ahrens
Med.
Navigate CMS 2.8.7 Authenticated Directory Traversal
10.06.2020
Gus Ralph
Med.
photobucket Library Slideshow - Remote File Inclusion
24.05.2020
h4shur
High
ManageEngine DataSecurity Plus Path Traversal / Code Execution
12.05.2020
Sahil Dhar
Med.
Booked Scheduler 2.7.7 Directory Traversal
09.05.2020
Besim Altinok
High
SimplePHPGal 0.7 Remote File Inclusion
06.05.2020
h4shur
Med.
Zen Load Balancer 3.10.1 Directory Traversal (Metasploit)
02.05.2020
Dhiraj Mishra
High
Gigamon GigaVUE 5.5.01.11 Directory Traversal / File Upload
30.04.2020
Balazs Hambalko
Med.
Easy Transfer 1.7 Cross Site Scripting / Directory Traversal
28.04.2020
Benjamin Kunz Mejri
Med.
Sky File 2.1.0 Cross Site Scripting / Directory Traversal
21.04.2020
Benjamin Kunz Mejri
Low
QRadar Community Edition 7.3.1.6 Path Traversal
21.04.2020
Yorick Koster
Med.
Zen Load Balancer 3.10.1 Directory Traversal
11.04.2020
Basim Alabdullah
Med.
LimeSurvey 4.1.11 File Manager Path Traversal
06.04.2020
Matthew Aberegg, Micha...
Med.
Joomla Fabrik 3.9.11 Directory Traversal
30.03.2020
qw3rTyTy
Med.
Jinfornet Jreport 15.6 Directory Traversal
27.03.2020
hongphukt
Med.
FIBARO System Home Center 5.021 Remote File Inclusion / XSS
24.03.2020
LiquidWorm
Med.
VMware Fusion Local Privilege Escalation / Directory Traversal
21.03.2020
Grimm
Med.
PHPKB Multi-Language 9 Authenticated Directory Traversal
16.03.2020
Antonio Cannito
Med.
Creative Contact Form 4.6.2 Directory Traversal
09.03.2020
Wolfgang Hotwagner
High
Apache ActiveMQ 5.11.1 Directory Traversal / Shell Upload
08.03.2020
David Jorm
Med.
Pachev FTP Server 1.0 Path Traversal
23.01.2020
1F98D
Med.
Citrix ADC / Gateway Path Traversal
17.01.2020
Mishra Dhiraj
Med.
Huawei HG255 Directory Traversal
16.01.2020
Ismail Tasdelen
Med.
Citrix ADC (NetScaler) Directory Traversal / Remote Code Execution
15.01.2020
Ramella Sebastien
Med.
piSignage 2.6.4 Directory Traversal
08.01.2020
JunYeong Ko
Med.
Voyager 1.3.0 Directory Traversal
07.01.2020
NgoAnhDuc
Med.
IBM InfoPrint 4247-Z03 Impact Matrix Printer Directory Traversal
01.01.2020
Raif Berkay Dincel
Med.
Bullwark Momentum Series JAWS 1.0 Directory Traversal
13.12.2019
Numan Türle


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2022-12-01
Waiting for details
CVE-2022-2969

Updating...
 

 
Delta Industrial Automation DIALink versions prior to v1.5.0.0 Beta 4 uses an external input to construct a pathname intended to identify a file or directory located underneath a restricted parent directory. However, the software does not properly neutralize special elements within the pathname, which can cause the pathname to resolve to a location outside of the restricted directory.

 
2022-11-29
Waiting for details
CVE-2022-44635

Updating...
 

 
Apache Fineract allowed an authenticated user to perform remote code execution due to a path traversal vulnerability in a file upload component of Apache Fineract, allowing an attacker to run remote code. This issue affects Apache Fineract version 1.8.0 and prior versions. We recommend users to upgrade to 1.8.1.

 
2022-11-28
Waiting for details
CVE-2021-25059

Updating...
 

 
The Download Plugin WordPress plugin before 2.0.0 does not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site (such as subscriber) to download a full copy of the website.

 
2022-11-24
Waiting for details
CVE-2022-40977

Updating...
 

 
A path traversal vulnerability was discovered in Pilz PASvisu Server before 1.12.0. An unauthenticated remote attacker could use a zipped, malicious configuration file to trigger arbitrary file writes ('zip-slip').

 
Waiting for details
CVE-2022-40976

Updating...
 

 
A path traversal vulnerability was discovered in multiple Pilz products. An unauthenticated local attacker could use a zipped, malicious configuration file to trigger arbitrary file writes ('zip-slip').

 
2022-11-21
Waiting for details
CVE-2022-3762

Updating...
 

 
The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plus for WooCommerce WordPress plugin before 5.6.5, Booster Elite for WooCommerce WordPress plugin before 1.1.7 do not validate files to download in some of its modules, which could allow ShopManager and Admin to download arbitrary files from the server even when they are not supposed to be able to (for example in multisite)

 
2022-11-19
Waiting for details
CVE-2022-4065

Updating...
 

 
A vulnerability was found in cbeust testng. It has been declared as critical. Affected by this vulnerability is the function testngXmlExistsInJar of the file testng-core/src/main/java/org/testng/JarFileUtils.java of the component XML File Parser. The manipulation leads to path traversal. The attack can be launched remotely. The name of the patch is 9150736cd2c123a6a3b60e6193630859f9f0422b. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-214027.

 
2022-11-17
Waiting for details
CVE-2022-41920

Updating...
 

 
Lancet is a general utility library for the go programming language. Affected versions are subject to a ZipSlip issue when using the fileutil package to unzip files. This issue has been addressed and a fix will be included in versions 2.1.10 and 1.3.4. Users are advised to upgrade. There are no known workarounds for this issue.

 
Waiting for details
CVE-2022-3090

Updating...
 

 
Red Lion Controls Crimson 3.0 versions 707.000 and prior, Crimson 3.1 versions 3126.001 and prior, and Crimson 3.2 versions 3.2.0044.0 and prior are vulnerable to path traversal. When attempting to open a file using a specific path, the user's password hash is sent to an arbitrary host. This could allow an attacker to obtain user credential hashes.

 
2022-11-15
Waiting for details
CVE-2022-45388

Updating...
 

 
Jenkins Config Rotator Plugin 2.0.1 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing unauthenticated attackers to read arbitrary files with '.xml' extension on the Jenkins controller file system.

 

 


Copyright 2022, cxsecurity.com

 

Back to Top