ReportizFlow
Filtered by vendor
Subscriptions
Total
8422 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-10953 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.5 High |
| In GitLab EE 11.7 through 12.9, the NPM feature is vulnerable to a path traversal issue. | ||||
| CVE-2020-10875 | 1 Zebra | 2 Fx9500, Fx9500 Firmware | 2024-11-21 | 7.5 High |
| Motorola FX9500 devices allow remote attackers to conduct absolute path traversal attacks, as demonstrated by PL/SQL Server Pages files such as /include/viewtagdb.psp. | ||||
| CVE-2020-10859 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-11-21 | 6.5 Medium |
| Zoho ManageEngine Desktop Central before 10.0.484 allows authenticated arbitrary file writes during ZIP archive extraction via Directory Traversal in a crafted AppDependency API request. | ||||
| CVE-2020-10794 | 1 Gira | 2 Tks-ip-gateway, Tks-ip-gateway Firmware | 2024-11-21 | 9.8 Critical |
| Gira TKS-IP-Gateway 4.0.7.7 is vulnerable to unauthenticated path traversal that allows an attacker to download the application database. This can be combined with CVE-2020-10795 for remote root access. | ||||
| CVE-2020-10696 | 2 Buildah Project, Redhat | 5 Buildah, Enterprise Linux, Openshift and 2 more | 2024-11-21 | 8.8 High |
| A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user's system anywhere that the user has permissions. | ||||
| CVE-2020-10691 | 1 Redhat | 2 Ansible Engine, Ansible Tower | 2024-11-21 | 5.2 Medium |
| An archive traversal flaw was found in all ansible-engine versions 2.9.x prior to 2.9.7, when running ansible-galaxy collection install. When extracting a collection .tar.gz file, the directory is created without sanitizing the filename. An attacker could take advantage to overwrite any file within the system. | ||||
| CVE-2020-10634 | 1 Sae-it | 2 Net-line Fw-50, Net-line Fw-50 Firmware | 2024-11-21 | 9.1 Critical |
| SAE IT-systems FW-50 Remote Telemetry Unit (RTU). A specially crafted request could allow an attacker to view the file structure of the affected device and access files that should be inaccessible. | ||||
| CVE-2020-10631 | 1 Advantech | 1 Webaccess\/nms | 2024-11-21 | 9.8 Critical |
| An attacker could use a specially crafted URL to delete or read files outside the WebAccess/NMS's (versions prior to 3.0.2) control. | ||||
| CVE-2020-10619 | 1 Advantech | 1 Webaccess\/nms | 2024-11-21 | 9.1 Critical |
| An attacker could use a specially crafted URL to delete files outside the WebAccess/NMS's (versions prior to 3.0.2) control. | ||||
| CVE-2020-10584 | 1 Invigo | 1 Automatic Device Management | 2024-11-21 | 7.5 High |
| A directory traversal on the /admin/search_by.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote attackers to read arbitrary server files accessible to the user running the application. | ||||
| CVE-2020-10579 | 1 Invigo | 1 Automatic Device Management | 2024-11-21 | 7.5 High |
| A directory traversal on the /admin/sysmon.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote attackers to list the content of arbitrary server directories accessible to the user running the application. | ||||
| CVE-2020-10564 | 1 Iptanus | 1 Wordpress File Upload | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the File Upload plugin before 4.13.0 for WordPress. A directory traversal can lead to remote code execution by uploading a crafted txt file into the lib directory, because of a wfu_include_lib call. | ||||
| CVE-2020-10506 | 1 The School Manage System Project | 1 The School Manage System | 2024-11-21 | 7.5 High |
| The School Manage System before 2020, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of Path Traversal, allowing attackers to access arbitrary files. | ||||
| CVE-2020-10459 | 1 Chadhaajay | 1 Phpkb | 2024-11-21 | 2.7 Low |
| Path Traversal in admin/assetmanager/assetmanager.php (vulnerable function saved in admin/assetmanager/functions.php) in Chadha PHPKB Standard Multi-Language 9 allows attackers to list the files that are stored on the webserver using a dot-dot-slash sequence (../) via the POST parameter inpCurrFolder. | ||||
| CVE-2020-10458 | 1 Chadhaajay | 1 Phpkb | 2024-11-21 | 6.5 Medium |
| Path Traversal in admin/imagepaster/operations.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete any folder on the webserver using a dot-dot-slash sequence (../) via the GET parameter crdir, when the GET parameter action is set to df, causing a Denial of Service. | ||||
| CVE-2020-10457 | 1 Chadhaajay | 1 Phpkb | 2024-11-21 | 2.7 Low |
| Path Traversal in admin/imagepaster/image-renaming.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to rename any file on the webserver using a dot-dot-slash sequence (../) via the POST parameter imgName (for the new name) and imgUrl (for the current file to be renamed). | ||||
| CVE-2020-10387 | 1 Chadhaajay | 1 Phpkb | 2024-11-21 | 4.9 Medium |
| Path Traversal in admin/download.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to download files from the server using a dot-dot-slash sequence (../) via the GET parameter file. | ||||
| CVE-2020-10366 | 1 Logicaldoc | 1 Logicaldoc | 2024-11-21 | 7.5 High |
| LogicalDoc before 8.3.3 allows /servlet.gupld Directory Traversal, a different vulnerability than CVE-2020-9423 and CVE-2020-10365. | ||||
| CVE-2020-10086 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.3 Medium |
| GitLab 10.4 through 12.8.1 allows Directory Traversal. A particular endpoint was vulnerable to a directory traversal vulnerability, leading to arbitrary file read. | ||||
| CVE-2020-10014 | 1 Apple | 2 Mac Os X, Macos | 2024-11-21 | 6.3 Medium |
| A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Big Sur 11.0.1. A malicious application may be able to break out of its sandbox. | ||||