Total
6174 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-4931 | 1 Php-fusion | 1 Php-fusion | 2024-05-17 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in maincore.php in PHP-Fusion allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the folder_level parameter. NOTE: this issue has been disputed by a reliable third party | |||||
| CVE-2010-4634 | 1 Osticket | 1 Osticket | 2024-05-17 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in osTicket 1.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to module.php, a different vector than CVE-2005-1439. NOTE: this issue has been disputed by a reliable third party | |||||
| CVE-2010-10011 | 1 Acritum | 1 Femitter Server | 2024-05-17 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability, which was classified as problematic, was found in Acritum Femitter Server 1.04. Affected is an unknown function. The manipulation leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-250446 is the identifier assigned to this vulnerability. | |||||
| CVE-2008-6878 | 1 Zen Cart | 1 Zen Cart | 2024-05-17 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in admin/includes/languages/english.php in Zen Cart 1.3.8a, 1.3.8, and earlier, when .htaccess is not supported, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the _SESSION[language] parameter. NOTE: the vendor disputes this issue, stating "at worst, the use of this vulnerability will reveal some local file paths. | |||||
| CVE-2008-6877 | 1 Zen Cart | 1 Zen Cart | 2024-05-17 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in admin/includes/initsystem.php in Zen Cart 1.3.8 and 1.3.8a, when .htaccess is not supported, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the loader_file parameter. NOTE: the vendor disputes this issue, stating "at worst, the use of this vulnerability will reveal some local file paths. | |||||
| CVE-2007-5811 | 1 Phpmyconferences | 1 Phpmyconferences | 2024-05-17 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in PageTraiteDownload.php in phpMyConferences 8.0.2 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter. NOTE: this issue is disputed for 8.0.2 by a reliable third party, who notes that the PHP code is syntactically incorrect and cannot be executed | |||||
| CVE-2007-5364 | 1 Viart | 1 Shopping Cart | 2024-05-17 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in payments/ideal_process.php in the iDEAL transaction handler in ViArt Shopping Cart allows remote attackers to have an unknown impact via directory traversal sequences in the filename parameter to the createCertFingerprint function. NOTE: this issue is disputed by CVE because PHP encounters a fatal function-call error on a direct request for payments/ideal_process.php | |||||
| CVE-2005-10002 | 1 Wp-plugins | 1 Secure Files | 2024-05-17 | 5.2 MEDIUM | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in almosteffortless secure-files Plugin up to 1.1 on WordPress. Affected is the function sf_downloads of the file secure-files.php. The manipulation of the argument downloadfile leads to path traversal. Upgrading to version 1.2 is able to address this issue. The name of the patch is cab025e5fc2bcdad8032d833ebc38e6bd2a13c92. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-243804. | |||||
| CVE-2024-3403 | 2024-05-16 | N/A | 7.5 HIGH | ||
| imartinez/privategpt version 0.2.0 is vulnerable to a local file inclusion vulnerability that allows attackers to read arbitrary files from the filesystem. By manipulating file upload functionality to ingest arbitrary local files, attackers can exploit the 'Search in Docs' feature or query the AI to retrieve or disclose the contents of any file on the system. This vulnerability could lead to various impacts, including but not limited to remote code execution by obtaining private SSH keys, unauthorized access to private files, source code disclosure facilitating further attacks, and exposure of configuration files. | |||||
| CVE-2024-3484 | 2024-05-15 | N/A | 5.7 MEDIUM | ||
| Path Traversal found in OpenText™ iManager 3.2.6.0200. This can lead to privilege escalation or file disclosure. | |||||
| CVE-2024-3318 | 2024-05-15 | N/A | 4.2 MEDIUM | ||
| A file path traversal vulnerability was identified in the DelimitedFileConnector Cloud Connector that allowed an authenticated administrator to set arbitrary connector attributes, including the “file“ attribute, which in turn allowed the user to access files uploaded for other sources. | |||||
| CVE-2020-12103 | 1 Tiny File Manager Project | 1 Tiny File Manager | 2024-05-14 | 4.0 MEDIUM | 7.7 HIGH |
| In Tiny File Manager 2.4.1 there is a vulnerability in the ajax file backup copy functionality which allows authenticated users to create backup copies of files (with .bak extension) outside the scope in the same directory in which they are stored. | |||||
| CVE-2020-12102 | 1 Tiny File Manager Project | 1 Tiny File Manager | 2024-05-14 | 6.8 MEDIUM | 7.7 HIGH |
| In Tiny File Manager 2.4.1, there is a Path Traversal vulnerability in the ajax recursive directory listing functionality. This allows authenticated users to enumerate directories and files on the filesystem (outside of the application scope). | |||||
| CVE-2024-27946 | 2024-05-14 | N/A | 6.5 MEDIUM | ||
| A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). Downloading files overwrites files with the same name in the installation directory of the affected systems. The filename for the target file can be specified, thus arbitrary files can be overwritten by an attacker with the required privileges. | |||||
| CVE-2024-34712 | 2024-05-14 | N/A | 6.5 MEDIUM | ||
| Oceanic is a NodeJS library for interfacing with Discord. Prior to version 1.10.4, input to functions such as `Client.rest.channels.removeBan` is not url-encoded, resulting in specially crafted input such as `../../../channels/{id}` being normalized into the url `/api/v10/channels/{id}`, and deleting a channel rather than removing a ban. Version 1.10.4 fixes this issue. Some workarounds are available. One may sanitize user input, ensuring strings are valid for the purpose they are being used for. One may also encode input with `encodeURIComponent` before providing it to the library. | |||||
| CVE-2024-1630 | 2024-05-14 | N/A | 7.7 HIGH | ||
| Path traversal vulnerability in “getAllFolderContents” function of Common Service Desktop, a GE HealthCare ultrasound device component | |||||
| CVE-2024-1629 | 2024-05-14 | N/A | 6.2 MEDIUM | ||
| Path traversal vulnerability in “deleteFiles” function of Common Service Desktop, a GE HealthCare ultrasound device component | |||||
| CVE-2024-4701 | 2024-05-14 | N/A | 9.9 CRITICAL | ||
| A path traversal issue potentially leading to remote code execution in Genie for all versions prior to 4.3.18 | |||||
| CVE-2022-26500 | 1 Veeam | 1 Veeam Backup \& Replication | 2024-05-09 | 6.5 MEDIUM | 8.8 HIGH |
| Improper limitation of path names in Veeam Backup & Replication 9.5U3, 9.5U4,10.x, and 11.x allows remote authenticated users access to internal API functions that allows attackers to upload and execute arbitrary code. | |||||
| CVE-2024-24908 | 2024-05-08 | N/A | 6.5 MEDIUM | ||
| Dell PowerProtect DM5500 version 5.15.0.0 and prior contain an Arbitrary File Delete via Path Traversal vulnerability. A remote attacker with high privileges could potentially exploit this vulnerability to deletion of arbitrary files stored on the server filesystem. | |||||