Filtered by vendor
Subscriptions
Total
6776 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-8163 | 2 Beikeshop, Chengdu Everbrite Network Technology | 2 Beikeshop, Beike Shop | 2024-09-07 | 5.4 Medium |
A vulnerability classified as critical was found in Chengdu Everbrite Network Technology BeikeShop up to 1.5.5. Affected by this vulnerability is the function destroyFiles of the file /admin/file_manager/files. The manipulation of the argument files leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
CVE-2024-7693 | 2 Raidenmaild, Team Johnlong | 2 Raidenmaild, Raiden Maild Remote Management System | 2024-09-06 | 7.5 High |
Raiden MAILD Remote Management System from Team Johnlong Software has a Relative Path Traversal vulnerability, allowing unauthenticated remote attackers to read arbitrary file on the remote server. | ||||
CVE-2024-45074 | 2 Ibm, Softwareag | 2 Webmethods Integration, Webmethods | 2024-09-06 | 6.5 Medium |
IBM webMethods Integration 10.15 could allow an authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. | ||||
CVE-2024-43248 | 1 Bitapps | 2 Bit Form, Bit Form Pro | 2024-09-06 | 8.6 High |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Bit Apps Bit Form Pro allows File Manipulation.This issue affects Bit Form Pro: from n/a through 2.6.4. | ||||
CVE-2024-34656 | 1 Samsung | 1 Notes | 2024-09-06 | 7.3 High |
Path traversal in Samsung Notes prior to version 4.4.21.62 allows local attackers to execute arbitrary code. | ||||
CVE-2024-45443 | 1 Huawei | 2 Emui, Harmonyos | 2024-09-06 | 6.1 Medium |
Directory traversal vulnerability in the cust module Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. | ||||
CVE-2024-34653 | 1 Samsung | 1 Android | 2024-09-05 | 4.6 Medium |
Path Traversal in My Files prior to SMR Sep-2024 Release 1 allows physical attackers to access directories with My Files' privilege. | ||||
CVE-2024-43957 | 1 Wpmart | 1 Animated Number Counters | 2024-09-05 | 6.5 Medium |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sk. Abul Hasan Animated Number Counters allows PHP Local File Inclusion.This issue affects Animated Number Counters: from n/a through 1.9. | ||||
CVE-2024-8409 | 2 Abcd, Abcd-community | 2 Abcd2, Abcd | 2024-09-05 | 4.3 Medium |
A vulnerability classified as problematic has been found in ABCD ABCD2 up to 2.2.0-beta-1. This affects an unknown part of the file /common/show_image.php. The manipulation of the argument image leads to path traversal: '../filedir'. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
CVE-2024-8410 | 1 Abcd-community | 1 Abcd | 2024-09-05 | 4.3 Medium |
A vulnerability classified as problematic was found in ABCD ABCD2 up to 2.2.0-beta-1. This vulnerability affects unknown code of the file /abcd/opac/php/otros_sitios.php. The manipulation of the argument sitio leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
CVE-2024-7262 | 2 Kingsoft, Microsoft | 2 Wps Office, Windows | 2024-09-05 | 7.8 High |
Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.16412 (exclusive) on Windows allows an attacker to load an arbitrary Windows library. The vulnerability was found weaponized as a single-click exploit in the form of a deceptive spreadsheet document | ||||
CVE-2024-8104 | 1 Wpextended | 1 Wp Extended | 2024-09-05 | 8.8 High |
The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.0.8 via the download_file_ajax function. This makes it possible for authenticated attackers, with subscriber access and above, to read the contents of arbitrary files on the server, which can contain sensitive information. | ||||
CVE-2024-7927 | 1 Zzcms | 1 Zzcms | 2024-09-04 | 7.3 High |
A vulnerability classified as critical was found in ZZCMS 2023. Affected by this vulnerability is an unknown functionality of the file /admin/class.php?dowhat=modifyclass. The manipulation of the argument skin[] leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
CVE-2024-7926 | 1 Zzcms | 1 Zzcms | 2024-09-04 | 7.3 High |
A vulnerability classified as critical has been found in ZZCMS 2023. Affected is an unknown function of the file /admin/about_edit.php?action=modify. The manipulation of the argument skin leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
CVE-2024-7744 | 1 Progress | 1 Ws Ftp Server | 2024-09-04 | 6.5 Medium |
In WS_FTP Server versions before 8.8.8 (2022.0.8), an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Web Transfer Module allows File Discovery, Probe System Files, User-Controlled Filename, Path Traversal. An authenticated file download flaw has been identified where a user can craft an API call that allows them to download a file from an arbitrary folder on the drive where that user host's root folder is located (by default this is C:) | ||||
CVE-2024-7782 | 1 Bitapps | 1 Contact Form Builder | 2024-09-03 | 8.7 High |
The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the iconRemove function in versions 2.0 to 2.13.4. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). | ||||
CVE-2024-43955 | 1 Themeum | 1 Droip | 2024-08-30 | 10 Critical |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themeum Droip allows File Manipulation.This issue affects Droip: from n/a through 1.1.1. | ||||
CVE-2024-45436 | 1 Ollama | 1 Ollama | 2024-08-30 | 9.1 Critical |
extractFromZipFile in model.go in Ollama before 0.1.47 can extract members of a ZIP archive outside of the parent directory. | ||||
CVE-2024-43140 | 2 G5plus, G5theme | 2 Ultimate Bootstrap Elements For Elementor, Ultimate Bootstrap Elements For Elementor | 2024-08-29 | 7.5 High |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in G5Theme Ultimate Bootstrap Elements for Elementor allows PHP Local File Inclusion.This issue affects Ultimate Bootstrap Elements for Elementor: from n/a through 1.4.4. | ||||
CVE-2024-42408 | 1 Dorsettcontrols | 1 Infoscan | 2024-08-29 | 5.3 Medium |
The InfoScan client download page can be intercepted with a proxy, to expose filenames located on the system, which could lead to additional information exposure. |