Total
6174 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-46864 | 1 Peppermint | 1 Peppermint | 2023-11-07 | N/A | 5.3 MEDIUM |
| Peppermint Ticket Management through 0.2.4 allows remote attackers to read arbitrary files via a /api/v1/ticket/1/file/download?filepath=../ POST request. | |||||
| CVE-2023-46863 | 1 Peppermint | 1 Peppermint | 2023-11-07 | N/A | 7.5 HIGH |
| Peppermint Ticket Management before 0.2.4 allows remote attackers to read arbitrary files via a /api/v1/users/file/download?filepath=./../ POST request. | |||||
| CVE-2023-27170 | 1 Xpand-it | 1 Write-back Manager | 2023-11-07 | N/A | 7.5 HIGH |
| Xpand IT Write-back manager v2.3.1 allows attackers to perform a directory traversal via modification of the siteName parameter. | |||||
| CVE-2018-16739 | 1 Abus | 94 Tvip 10000, Tvip 10000 Firmware, Tvip 10001 and 91 more | 2023-11-07 | N/A | 8.8 HIGH |
| An issue was discovered on certain ABUS TVIP devices. Due to a path traversal in /opt/cgi/admin/filewrite, an attacker can write to files, and thus execute code arbitrarily with root privileges. | |||||
| CVE-2023-5414 | 1 Icegram | 1 Icegram Express | 2023-11-07 | N/A | 7.2 HIGH |
| The Icegram Express plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 5.6.23 via the show_es_logs function. This allows administrator-level attackers to read the contents of arbitrary files on the server, which can contain sensitive information including those belonging to other sites, for example in shared hosting environments. | |||||
| CVE-2023-4274 | 1 Wpvivid | 1 Migration\, Backup\, Staging | 2023-11-07 | N/A | 6.5 MEDIUM |
| The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 0.9.89. This allows authenticated attackers with administrative privileges to delete the contents of arbitrary directories on the server, which can be a critical issue in a shared environments. | |||||
| CVE-2023-44256 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2023-11-07 | N/A | 6.5 MEDIUM |
| A server-side request forgery vulnerability [CWE-918] in Fortinet FortiAnalyzer version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 and FortiManager version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 allows a remote attacker with low privileges to view sensitive data from internal servers or perform a local port scan via a crafted HTTP request. | |||||
| CVE-2023-41682 | 1 Fortinet | 1 Fortisandbox | 2023-11-07 | N/A | 7.5 HIGH |
| A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiSandbox version 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 2.5.0 through 2.5.2 and 2.4.1 and 2.4.0 allows attacker to denial of service via crafted http requests. | |||||
| CVE-2023-3813 | 1 Artbees | 1 Jupiter X Core | 2023-11-07 | N/A | 7.5 HIGH |
| The Jupiter X Core plugin for WordPress is vulnerable to arbitrary file downloads in versions up to, and including, 2.5.0. This makes it possible for unauthenticated attackers to download the contents of arbitrary files on the server, which can contain sensitive information. The requires the premium version of the plugin to be activated. | |||||
| CVE-2023-37739 | 1 I-doit | 1 I-doit | 2023-11-07 | N/A | 6.5 MEDIUM |
| i-doit Pro v25 and below was discovered to be vulnerable to path traversal. | |||||
| CVE-2023-30967 | 1 Palantir | 1 Orbital Simulator | 2023-11-07 | N/A | 7.5 HIGH |
| Gotham Orbital-Simulator service prior to 0.692.0 was found to be vulnerable to a Path traversal issue allowing an unauthenticated user to read arbitrary files on the file system. | |||||
| CVE-2023-30945 | 1 Palantir | 3 Clips2, Video Clip Distributor, Video History Service | 2023-11-07 | N/A | 9.8 CRITICAL |
| Multiple Services such as VHS(Video History Server) and VCD(Video Clip Distributor) and Clips2 were discovered to be vulnerable to an unauthenticated arbitrary file read/write vulnerability due to missing input validation on filenames. A malicious attacker could read sensitive files from the filesystem or write/delete arbitrary files on the filesystem as well. | |||||
| CVE-2023-30678 | 2 Google, Samsung | 2 Android, Calendar | 2023-11-07 | N/A | 5.5 MEDIUM |
| Potential zip path traversal vulnerability in Calendar application prior to version 12.4.07.15 in Android 13 allows attackers to write arbitrary file. | |||||
| CVE-2023-2745 | 1 Wordpress | 1 Wordpress | 2023-11-07 | N/A | 5.4 MEDIUM |
| WordPress Core is vulnerable to Directory Traversal in versions up to, and including, 6.2, via the ‘wp_lang’ parameter. This allows unauthenticated attackers to access and load arbitrary translation files. In cases where an attacker is able to upload a crafted translation file onto the site, such as via an upload form, this could be also used to perform a Cross-Site Scripting attack. | |||||
| CVE-2023-2435 | 1 Blog-in-blog Project | 1 Blog-in-blog | 2023-11-07 | N/A | 7.2 HIGH |
| The Blog-in-Blog plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.1.1 via a shortcode attribute. This allows editor-level, and above, attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | |||||
| CVE-2023-28732 | 1 Acymailing | 1 Acymailing | 2023-11-07 | N/A | 7.5 HIGH |
| Missing access control in AnyMailing Joomla Plugin allows to list and access files containing sensitive information from the plugin itself and access to system files via path traversal, when being granted access to the campaign's creation on front-office. This issue affects AnyMailing Joomla Plugin in versions below 8.3.0. | |||||
| CVE-2023-28371 | 1 Stellarium | 1 Stellarium | 2023-11-07 | N/A | 9.8 CRITICAL |
| In Stellarium through 1.2, attackers can write to files that are typically unintended, such as ones with absolute pathnames or .. directory traversal. | |||||
| CVE-2023-27993 | 1 Fortinet | 1 Fortiadc | 2023-11-07 | N/A | 7.1 HIGH |
| A relative path traversal [CWE-23] in Fortinet FortiADC version 7.2.0 and before 7.1.1 allows a privileged attacker to delete arbitrary directories from the underlying file system via crafted CLI commands. | |||||
| CVE-2023-27856 | 1 Rockwellautomation | 1 Thinmanager | 2023-11-07 | N/A | 7.5 HIGH |
| In affected versions, path traversal exists when processing a message of type 8 in Rockwell Automation's ThinManager ThinServer. An unauthenticated remote attacker can exploit this vulnerability to download arbitrary files on the disk drive where ThinServer.exe is installed. | |||||
| CVE-2023-27855 | 1 Rockwellautomation | 1 Thinmanager | 2023-11-07 | N/A | 9.8 CRITICAL |
| In affected versions, a path traversal exists when processing a message in Rockwell Automation's ThinManager ThinServer. An unauthenticated remote attacker could potentially exploit this vulnerability to upload arbitrary files to any directory on the disk drive where ThinServer.exe is installed. The attacker could overwrite existing executable files with attacker-controlled, malicious contents, potentially causing remote code execution. | |||||