Total
7978 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-32557 | 3 Microsoft, Trend Micro Inc, Trendmicro | 3 Windows, Trend Micro Apex One, Apex One | 2024-12-04 | 9.8 Critical |
| A path traversal vulnerability in the Trend Micro Apex One and Apex One as a Service could allow an unauthenticated attacker to upload an arbitrary file to the Management Server which could lead to remote code execution with system privileges. | ||||
| CVE-2020-19902 | 1 Wcms | 1 Wcms | 2024-12-04 | 9.8 Critical |
| Directory Traversal vulnerability found in Cryptoprof WCMS v.0.3.2 allows a remote attacker to execute arbitrary code via the wex/cssjs.php parameter. | ||||
| CVE-2023-3331 | 1 Nec | 34 Aterm Wf300hp, Aterm Wf300hp Firmware, Aterm Wg1400hp and 31 more | 2024-12-04 | 5.4 Medium |
| Improper Limitation of a Pathname to a Restricted Directory vulnerability in NEC Corporation Aterm Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a attacker to delete specific files in the product. | ||||
| CVE-2024-11664 | 1 Enms | 1 Enms | 2024-12-04 | 8.8 High |
| A vulnerability, which was classified as critical, has been found in eNMS up to 4.2. Affected by this issue is the function multiselect_filtering of the file eNMS/controller.py of the component TGZ File Handler. The manipulation leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The patch is identified as 22b0b443acca740fc83b5544165c1f53eff3f529. It is recommended to apply a patch to fix this issue. | ||||
| CVE-2023-32522 | 1 Trendmicro | 1 Mobile Security | 2024-12-04 | 8.1 High |
| A path traversal exists in a specific dll of Trend Micro Mobile Security (Enterprise) 9.8 SP5 which could allow an authenticated remote attacker to delete arbitrary files. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2023-25307 | 1 Mrpack-install Project | 1 Mrpack-install | 2024-12-04 | 7.8 High |
| nothub mrpack-install <= v0.16.2 is vulnerable to Directory Traversal. | ||||
| CVE-2023-25306 | 1 Multimc | 1 Multimc | 2024-12-04 | 7.5 High |
| MultiMC Launcher <= 0.6.16 is vulnerable to Directory Traversal. | ||||
| CVE-2023-35975 | 1 Arubanetworks | 14 Arubaos, Mc-va-10, Mc-va-1k and 11 more | 2024-12-04 | 6.5 Medium |
| An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability results in the ability to delete arbitrary files in the underlying operating system. | ||||
| CVE-2024-11952 | 1 Webcodingplace | 1 Classic Addons Wp Bakery Page Builder Plugin For Wordpress | 2024-12-04 | 7.5 High |
| The Classic Addons – WPBakery Page Builder plugin for WordPress is vulnerable to Limited Local PHP File Inclusion in all versions up to, and including, 3.0 via the 'style' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, and permissions granted by an Administrator, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. The vulnerability is limited to PHP files in a Windows environment. | ||||
| CVE-2024-52600 | 1 Statamic | 1 Statamic | 2024-12-03 | 5.3 Medium |
| Statmatic is a Laravel and Git powered content management system (CMS). Prior to version 5.17.0, assets uploaded with appropriately crafted filenames may result in them being placed in a location different than what was configured. The issue affects front-end forms with `assets` fields and other places where assets can be uploaded, although users would need upload permissions anyway. Files can be uploaded so they would be located on the server in a different location, and potentially override existing files. Traversal outside an asset container is not possible. This path traversal vulnerability has been fixed in 5.17.0. | ||||
| CVE-2024-45842 | 2 Sharp, Toshibatec | 643 Bp-30c25, Bp-30c25 Firmware, Bp-30c25t and 640 more | 2024-12-03 | 5.3 Medium |
| Sharp and Toshiba Tec MFPs improperly process URI data in HTTP PUT requests resulting in a path Traversal vulnerability. Unintended internal files may be retrieved when processing crafted HTTP requests. | ||||
| CVE-2023-36301 | 1 Talend | 1 Data Catalog | 2024-12-03 | 7.5 High |
| Talend Data Catalog before 8.0-20230221 contain a directory traversal vulnerability in HeaderImageServlet. | ||||
| CVE-2018-0123 | 1 Cisco | 2 Ios, Ios Xe | 2024-12-02 | N/A |
| A Path Traversal vulnerability in the diagnostic shell for Cisco IOS and IOS XE Software could allow an authenticated, local attacker to use certain diagnostic shell commands that can overwrite system files. These system files may be sensitive and should not be able to be overwritten by a user of the diagnostic shell. The vulnerability is due to lack of proper input validation for certain diagnostic shell commands. An attacker could exploit this vulnerability by authenticating to the device, entering the diagnostic shell, and providing crafted user input to commands at the local diagnostic shell CLI. Successful exploitation could allow the attacker to overwrite system files that should be restricted. Cisco Bug IDs: CSCvg41950. | ||||
| CVE-2023-6118 | 1 Neutron | 34 Ipc2224-sr3-npf-36, Ipc2224-sr3-npf-36 Firmware, Ipc2624-sr3-npf-36 and 31 more | 2024-12-02 | 7.5 High |
| Path Traversal: '/../filedir' vulnerability in Neutron IP Camera allows Absolute Path Traversal.This issue affects IP Camera: before b1130.1.0.1. | ||||
| CVE-2023-48389 | 1 Multisuns | 2 Easylog Web\+, Easylog Web\+ Firmware | 2024-12-02 | 7.5 High |
| Multisuns EasyLog web+ has a path traversal vulnerability within its parameter in a specific URL. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files. | ||||
| CVE-2024-46939 | 2024-12-02 | N/A | ||
| The game extension engine of versions 1.2.7.0 and earlier exposes some components, and attackers can construct parameters to perform path traversal attacks, which can overwrite local specific files | ||||
| CVE-2023-35801 | 1 Safe | 1 Fme Server | 2024-11-29 | 8.1 High |
| A directory traversal vulnerability in Safe Software FME Server before 2022.2.5 allows an attacker to bypass validation when editing a network-based resource connection, resulting in the unauthorized reading and writing of arbitrary files. Successful exploitation requires an attacker to have access to a user account with write privileges. FME Flow 2023.0 is also a fixed version. | ||||
| CVE-2018-0258 | 1 Cisco | 2 Prime Data Center Network Manager, Prime Infrastructure | 2024-11-29 | N/A |
| A vulnerability in the Cisco Prime File Upload servlet affecting multiple Cisco products could allow a remote attacker to upload arbitrary files to any directory of a vulnerable device (aka Path Traversal) and execute those files. This vulnerability affects the following products: Cisco Prime Data Center Network Manager (DCNM) Version 10.0 and later, and Cisco Prime Infrastructure (PI) All versions. Cisco Bug IDs: CSCvf32411, CSCvf81727. | ||||
| CVE-2018-0323 | 1 Cisco | 1 Network Functions Virtualization Infrastructure | 2024-11-29 | N/A |
| A vulnerability in the web management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to conduct a path traversal attack on a targeted system. The vulnerability is due to insufficient validation of web request parameters. An attacker who has access to the web management interface of the affected application could exploit this vulnerability by sending a malicious web request to the affected device. A successful exploit could allow the attacker to access sensitive information on the affected system. Cisco Bug IDs: CSCvh99631. | ||||
| CVE-2018-0300 | 1 Cisco | 6 Firepower 4110, Firepower 4120, Firepower 4140 and 3 more | 2024-11-29 | N/A |
| A vulnerability in the process of uploading new application images to Cisco FXOS on the Cisco Firepower 4100 Series Next-Generation Firewall (NGFW) and Firepower 9300 Security Appliance could allow an authenticated, remote attacker using path traversal techniques to create or overwrite arbitrary files on an affected device. The vulnerability is due to insufficient validation during the application image upload process. An attacker could exploit this vulnerability by creating an application image containing malicious code and installing the image on the affected device using the CLI or web-based user interface (web UI). These actions occur prior to signature verification and could allow the attacker to create and execute arbitrary code with root privileges. Note: A missing or invalid signature in the application image will cause the upload process to fail, but does not prevent the exploit. Cisco Bug IDs: CSCvc21901. | ||||