Filtered by CWE-22
Filtered by vendor Subscriptions
Total 6776 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-8163 2 Beikeshop, Chengdu Everbrite Network Technology 2 Beikeshop, Beike Shop 2024-09-07 5.4 Medium
A vulnerability classified as critical was found in Chengdu Everbrite Network Technology BeikeShop up to 1.5.5. Affected by this vulnerability is the function destroyFiles of the file /admin/file_manager/files. The manipulation of the argument files leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-7693 2 Raidenmaild, Team Johnlong 2 Raidenmaild, Raiden Maild Remote Management System 2024-09-06 7.5 High
Raiden MAILD Remote Management System from Team Johnlong Software has a Relative Path Traversal vulnerability, allowing unauthenticated remote attackers to read arbitrary file on the remote server.
CVE-2024-45074 2 Ibm, Softwareag 2 Webmethods Integration, Webmethods 2024-09-06 6.5 Medium
IBM webMethods Integration 10.15 could allow an authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.
CVE-2024-43248 1 Bitapps 2 Bit Form, Bit Form Pro 2024-09-06 8.6 High
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Bit Apps Bit Form Pro allows File Manipulation.This issue affects Bit Form Pro: from n/a through 2.6.4.
CVE-2024-34656 1 Samsung 1 Notes 2024-09-06 7.3 High
Path traversal in Samsung Notes prior to version 4.4.21.62 allows local attackers to execute arbitrary code.
CVE-2024-45443 1 Huawei 2 Emui, Harmonyos 2024-09-06 6.1 Medium
Directory traversal vulnerability in the cust module Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.
CVE-2024-34653 1 Samsung 1 Android 2024-09-05 4.6 Medium
Path Traversal in My Files prior to SMR Sep-2024 Release 1 allows physical attackers to access directories with My Files' privilege.
CVE-2024-43957 1 Wpmart 1 Animated Number Counters 2024-09-05 6.5 Medium
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sk. Abul Hasan Animated Number Counters allows PHP Local File Inclusion.This issue affects Animated Number Counters: from n/a through 1.9.
CVE-2024-8409 2 Abcd, Abcd-community 2 Abcd2, Abcd 2024-09-05 4.3 Medium
A vulnerability classified as problematic has been found in ABCD ABCD2 up to 2.2.0-beta-1. This affects an unknown part of the file /common/show_image.php. The manipulation of the argument image leads to path traversal: '../filedir'. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-8410 1 Abcd-community 1 Abcd 2024-09-05 4.3 Medium
A vulnerability classified as problematic was found in ABCD ABCD2 up to 2.2.0-beta-1. This vulnerability affects unknown code of the file /abcd/opac/php/otros_sitios.php. The manipulation of the argument sitio leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-7262 2 Kingsoft, Microsoft 2 Wps Office, Windows 2024-09-05 7.8 High
Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.16412 (exclusive) on Windows allows an attacker to load an arbitrary Windows library. The vulnerability was found weaponized as a single-click exploit in the form of a deceptive spreadsheet document
CVE-2024-8104 1 Wpextended 1 Wp Extended 2024-09-05 8.8 High
The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.0.8 via the download_file_ajax function. This makes it possible for authenticated attackers, with subscriber access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
CVE-2024-7927 1 Zzcms 1 Zzcms 2024-09-04 7.3 High
A vulnerability classified as critical was found in ZZCMS 2023. Affected by this vulnerability is an unknown functionality of the file /admin/class.php?dowhat=modifyclass. The manipulation of the argument skin[] leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-7926 1 Zzcms 1 Zzcms 2024-09-04 7.3 High
A vulnerability classified as critical has been found in ZZCMS 2023. Affected is an unknown function of the file /admin/about_edit.php?action=modify. The manipulation of the argument skin leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-7744 1 Progress 1 Ws Ftp Server 2024-09-04 6.5 Medium
In WS_FTP Server versions before 8.8.8 (2022.0.8), an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Web Transfer Module allows File Discovery, Probe System Files, User-Controlled Filename, Path Traversal.   An authenticated file download flaw has been identified where a user can craft an API call that allows them to download a file from an arbitrary folder on the drive where that user host's root folder is located (by default this is C:)
CVE-2024-7782 1 Bitapps 1 Contact Form Builder 2024-09-03 8.7 High
The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the iconRemove function in versions 2.0 to 2.13.4. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
CVE-2024-43955 1 Themeum 1 Droip 2024-08-30 10 Critical
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themeum Droip allows File Manipulation.This issue affects Droip: from n/a through 1.1.1.
CVE-2024-45436 1 Ollama 1 Ollama 2024-08-30 9.1 Critical
extractFromZipFile in model.go in Ollama before 0.1.47 can extract members of a ZIP archive outside of the parent directory.
CVE-2024-43140 2 G5plus, G5theme 2 Ultimate Bootstrap Elements For Elementor, Ultimate Bootstrap Elements For Elementor 2024-08-29 7.5 High
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in G5Theme Ultimate Bootstrap Elements for Elementor allows PHP Local File Inclusion.This issue affects Ultimate Bootstrap Elements for Elementor: from n/a through 1.4.4.
CVE-2024-42408 1 Dorsettcontrols 1 Infoscan 2024-08-29 5.3 Medium
The InfoScan client download page can be intercepted with a proxy, to expose filenames located on the system, which could lead to additional information exposure.