ReportizFlow
Filtered by vendor
Subscriptions
Total
8465 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-41154 | 1 Siretta | 2 Quartz-gold, Quartz-gold Firmware | 2024-11-21 | 6.5 Medium |
| A directory traversal vulnerability exists in the m2m DELETE_FILE cmd functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary file deletion. An attacker can send a network request to trigger this vulnerability. | ||||
| CVE-2022-40734 | 1 Unisharp | 1 Laravel Filemanager | 2024-11-21 | 6.5 Medium |
| UniSharp laravel-filemanager (aka Laravel Filemanager) before 2.6.4 allows download?working_dir=%2F.. directory traversal to read arbitrary files, as exploited in the wild in June 2022. This is related to league/flysystem before 2.0.0. | ||||
| CVE-2022-40715 | 1 Nokia | 1 1350 Optical Management System | 2024-11-21 | 6.5 Medium |
| An issue was discovered in NOKIA 1350OMS R14.2. An Absolute Path Traversal vulnerability exists for a specific endpoint via the logfile parameter, allowing a remote authenticated attacker to read files on the filesystem arbitrarily. | ||||
| CVE-2022-40701 | 1 Siretta | 2 Quartz-gold, Quartz-gold Firmware | 2024-11-21 | 8.1 High |
| A directory traversal vulnerability exists in the httpd delfile.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HTTP request can lead to arbitrary file deletion. An attacker can send an HTTP request to trigger this vulnerability. | ||||
| CVE-2022-40608 | 1 Ibm | 1 Spectrum Protect Plus | 2024-11-21 | 7.5 High |
| IBM Spectrum Protect Plus 10.1.6 through 10.1.11 Microsoft File Systems restore operation can download any file on the target machine by manipulating the URL with a directory traversal attack. This results in the restore operation gaining access to files which the operator should not have access to. IBM X-Force ID: 235873. | ||||
| CVE-2022-40123 | 1 Mojoportal | 1 Mojoportal | 2024-11-21 | 6.5 Medium |
| mojoPortal v2.7 was discovered to contain a path traversal vulnerability via the "f" parameter at /DesignTools/CssEditor.aspx. This vulnerability allows authenticated attackers to read arbitrary files in the system. | ||||
| CVE-2022-3389 | 1 Ikus-soft | 1 Rdiffweb | 2024-11-21 | 7.5 High |
| Path Traversal in GitHub repository ikus060/rdiffweb prior to 2.4.10. | ||||
| CVE-2022-39858 | 1 Samsung | 1 Factorycamera | 2024-11-21 | 7.3 High |
| Path traversal vulnerability in AtBroadcastReceiver in FactoryCamera prior to version 3.5.51 allows attackers to write arbitrary file as FactoryCamera privilege. | ||||
| CVE-2022-39838 | 1 Systematicalpha | 2 Systematic Fix Adapter, Systematic Fix Adapter Firmware | 2024-11-21 | 8.6 High |
| Systematic FIX Adapter (ALFAFX) 2.4.0.25 13/09/2017 allows remote file inclusion via a UNC share pathname, and also allows absolute path traversal to local pathnames. | ||||
| CVE-2022-39802 | 1 Sap | 1 Manufacturing Execution | 2024-11-21 | 7.5 High |
| SAP Manufacturing Execution - versions 15.1, 15.2, 15.3, allows an attacker to exploit insufficient validation of a file path request parameter. The intended file path can be manipulated to allow arbitrary traversal of directories on the remote server. The file content within each directory can be read which may lead to information disclosure. | ||||
| CVE-2022-39045 | 1 Siretta | 2 Quartz-gold, Quartz-gold Firmware | 2024-11-21 | 8.8 High |
| A file write vulnerability exists in the httpd upload.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HTTP request can lead to arbitrary file upload. An attacker can send an HTTP request to trigger this vulnerability. | ||||
| CVE-2022-38794 | 1 Zaver Project | 1 Zaver | 2024-11-21 | 7.5 High |
| Zaver through 2020-12-15 allows directory traversal via the GET /.. substring. | ||||
| CVE-2022-38638 | 1 Casbin | 1 Casdoor | 2024-11-21 | 9.1 Critical |
| Casdoor v1.97.3 was discovered to contain an arbitrary file write vulnerability via the fullFilePath parameter at /api/upload-resource. | ||||
| CVE-2022-38614 | 1 Bpcbt | 1 Smartvista Cardgen | 2024-11-21 | 7.5 High |
| An issue in the IGB Files and OutfileService features of SmartVista Cardgen v3.28.0 allows attackers to list and download arbitrary files via modifying the PATH parameter. | ||||
| CVE-2022-38613 | 1 Bpcbt | 1 Smartvista Cardgen | 2024-11-21 | 6.5 Medium |
| A Path Traversal vulnerability in SmartVista Cardgen v3.28.0 allows authenticated attackers to read arbitrary files in the system. | ||||
| CVE-2022-38485 | 1 Agevolt | 1 Agevolt | 2024-11-21 | 6.5 Medium |
| A directory traversal vulnerability exists in the AgeVolt Portal prior to version 0.1 that leads to Information Disclosure. A remote authenticated attacker could leverage this vulnerability to read files from any location on the target operating system with web server privileges. | ||||
| CVE-2022-38484 | 1 Agevolt | 1 Agevolt | 2024-11-21 | 8.8 High |
| An arbitrary file upload and directory traversal vulnerability exist in the file upload functionality of the System Setup menu in AgeVolt Portal prior to version 0.1. A remote authenticated attacker could leverage this vulnerability to upload files to any location on the target operating system with web server privileges. | ||||
| CVE-2022-38451 | 2 Freshtomato, Siretta | 3 Freshtomato, Quartz-gold, Quartz-gold Firmware | 2024-11-21 | 7.5 High |
| A directory traversal vulnerability exists in the httpd update.cgi functionality of FreshTomato 2022.5. A specially crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request to trigger this vulnerability. | ||||
| CVE-2022-38301 | 1 Onedev Project | 1 Onedev | 2024-11-21 | 8.8 High |
| Onedev v7.4.14 contains a path traversal vulnerability which allows attackers to access restricted files and directories via uploading a crafted JAR file into the directory /opt/onedev/lib. | ||||
| CVE-2022-38258 | 1 Dlink | 2 Dir-819, Dir-819 Firmware | 2024-11-21 | 8.1 High |
| A local file inclusion (LFI) vulnerability in D-Link DIR 819 v1.06 allows attackers to cause a Denial of Service (DoS) or access sensitive server information via manipulation of the getpage parameter in a crafted web request. | ||||