ReportizFlow
Filtered by vendor
Subscriptions
Total
9210 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-7565 | 1 Smartbear | 1 Soapui | 2024-12-19 | 7.8 High |
| SMARTBEAR SoapUI unpackageAll Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of SMARTBEAR SoapUI. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the unpackageAll function. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-19060. | ||||
| CVE-2023-41877 | 1 Geoserver | 1 Geoserver | 2024-12-19 | 7.2 High |
| GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A path traversal vulnerability in versions 2.23.4 and prior requires GeoServer Administrator with access to the admin console to misconfigure the Global Settings for log file location to an arbitrary location. The admin console GeoServer Logs page provides a preview of these contents. As this issue requires GeoServer administrators access, often representing a trusted party, the vulnerability has not received a patch as of time of publication. As a workaround, a system administrator responsible for running GeoServer can use the `GEOSERVER_LOG_FILE` setting to override any configuration option provided by the Global Settings page. The `GEOSERVER_LOG_LOCATION` parameter can be set as system property, environment variables, or servlet context parameters. | ||||
| CVE-2023-34880 | 1 Cmseasy | 1 Cmseasy | 2024-12-18 | 9.8 Critical |
| cmseasy v7.7.7.7 20230520 was discovered to contain a path traversal vulnerability via the add_action method at lib/admin/language_admin.php. This vulnerability allows attackers to execute arbitrary code and perform a local file inclusion. | ||||
| CVE-2024-41922 | 1 Veertu | 2 Anka Build, Anka Build Cloud | 2024-12-18 | 7.5 High |
| A directory traversal vulnerability exists in the log files download functionality of Veertu Anka Build 1.42.0. A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an unauthenticated HTTP request to trigger this vulnerability. | ||||
| CVE-2024-41163 | 1 Veertu | 2 Anka Build, Anka Build Cloud | 2024-12-18 | 7.5 High |
| A directory traversal vulnerability exists in the archive functionality of Veertu Anka Build 1.42.0. A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an unauthenticated HTTP request to trigger this vulnerability. | ||||
| CVE-2023-34645 | 1 Jflyfox | 1 Jfinal Cms | 2024-12-18 | 7.5 High |
| jfinal CMS 5.1.0 has an arbitrary file read vulnerability. | ||||
| CVE-2023-42791 | 1 Fortinet | 1 Fortimanager | 2024-12-17 | 8.6 High |
| A relative path traversal in Fortinet FortiManager version 7.4.0 and 7.2.0 through 7.2.3 and 7.0.0 through 7.0.8 and 6.4.0 through 6.4.12 and 6.2.0 through 6.2.11 allows attacker to execute unauthorized code or commands via crafted HTTP requests. | ||||
| CVE-2024-36362 | 1 Jetbrains | 1 Teamcity | 2024-12-16 | 6.5 Medium |
| In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5, 2024.03.2 path traversal allowing to read files from server was possible | ||||
| CVE-2024-12482 | 1 Cjbi | 1 Wetech-cms | 2024-12-13 | 4.3 Medium |
| A vulnerability was found in cjbi wetech-cms 1.0/1.1/1.2. It has been rated as problematic. Affected by this issue is the function backup of the file wetech-cms-master\wetech-basic-common\src\main\java\tech\wetech\basic\util\BackupFileUtil.java of the component Database Backup Handler. The manipulation of the argument name leads to path traversal: '../filedir'. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-35844 | 1 Lightdash | 1 Lightdash | 2024-12-12 | 7.5 High |
| packages/backend/src/routers in Lightdash before 0.510.3 has insecure file endpoints, e.g., they allow .. directory traversal and do not ensure that an intended file extension (.csv or .png) is used. | ||||
| CVE-2023-35843 | 1 Nocodb | 1 Nocodb | 2024-12-12 | 7.5 High |
| NocoDB through 0.106.0 (or 0.109.1) has a path traversal vulnerability that allows an unauthenticated attacker to access arbitrary files on the server by manipulating the path parameter of the /download route. This vulnerability could allow an attacker to access sensitive files and data on the server, including configuration files, source code, and other sensitive information. | ||||
| CVE-2023-35840 | 1 Std42 | 1 Elfinder | 2024-12-12 | 6.5 Medium |
| _joinPath in elFinderVolumeLocalFileSystem.class.php in elFinder before 2.1.62 allows path traversal in the PHP LocalVolumeDriver connector. | ||||
| CVE-2023-25186 | 1 Nokia | 2 Asika Airscale, Asika Airscale Firmware | 2024-12-11 | 5.1 Medium |
| An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. If/when CSP (as a BTS administrator) removes security hardenings from a Nokia Single RAN BTS baseband unit, a directory path traversal in the Nokia BTS baseband unit diagnostic tool AaShell (which is by default disabled) provides access to the BTS baseband unit internal filesystem from the mobile network solution internal BTS management network. | ||||
| CVE-2023-50955 | 1 Ibm | 1 Infosphere Information Server | 2024-12-10 | 2.4 Low |
| IBM InfoSphere Information Server 11.7 could allow an authenticated privileged user to obtain the absolute path of the web server installation which could aid in further attacks against the system. IBM X-Force ID: 275777. | ||||
| CVE-2024-46909 | 1 Progress | 1 Whatsup Gold | 2024-12-10 | 9.8 Critical |
| In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage this vulnerability to execute code in the context of the service account. | ||||
| CVE-2023-34939 | 1 Onlyoffice | 1 Onlyoffice | 2024-12-06 | 9.8 Critical |
| Onlyoffice Community Server before v12.5.2 was discovered to contain a remote code execution (RCE) vulnerability via the component UploadProgress.ashx. | ||||
| CVE-2023-32608 | 1 Pleasanter | 1 Pleasanter | 2024-12-05 | 6.5 Medium |
| Directory traversal vulnerability in Pleasanter (Community Edition and Enterprise Edition) 1.3.39.2 and earlier versions allows a remote authenticated attacker to alter an arbitrary file on the server. | ||||
| CVE-2023-32521 | 1 Trendmicro | 1 Mobile Security | 2024-12-05 | 9.1 Critical |
| A path traversal exists in a specific service dll of Trend Micro Mobile Security (Enterprise) 9.8 SP5 which could allow an unauthenticated remote attacker to delete arbitrary files. | ||||
| CVE-2023-30945 | 1 Palantir | 3 Clips2, Video Clip Distributor, Video History Service | 2024-12-05 | 9.8 Critical |
| Multiple Services such as VHS(Video History Server) and VCD(Video Clip Distributor) and Clips2 were discovered to be vulnerable to an unauthenticated arbitrary file read/write vulnerability due to missing input validation on filenames. A malicious attacker could read sensitive files from the filesystem or write/delete arbitrary files on the filesystem as well. | ||||
| CVE-2023-3330 | 1 Nec | 34 Aterm Wf300hp, Aterm Wf300hp Firmware, Aterm Wg1400hp and 31 more | 2024-12-05 | 4.3 Medium |
| Improper Limitation of a Pathname to a Restricted Directory vulnerability in NEC Corporation Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a attacker to obtain specific files in the product. | ||||