Total
6174 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-0544 | 2 Ibm, Linux | 2 Websphere Application Server, Linux Kernel | 2022-12-13 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 on Linux and UNIX allows remote authenticated users to modify data via unspecified vectors. | |||||
| CVE-2020-20277 | 1 Troglobit | 1 Uftpd | 2022-12-13 | 7.5 HIGH | 9.8 CRITICAL |
| There are multiple unauthenticated directory traversal vulnerabilities in different FTP commands in uftpd FTP server versions 2.7 to 2.10 due to improper implementation of a chroot jail in common.c's compose_abspath function that can be abused to read or write to arbitrary files on the filesystem, leak process memory, or potentially lead to remote code execution. | |||||
| CVE-2020-24368 | 3 Debian, Icinga, Suse | 4 Debian Linux, Icinga Web 2, Linux Enterprise and 1 more | 2022-12-13 | 4.3 MEDIUM | 7.5 HIGH |
| Icinga Icinga Web2 2.0.0 through 2.6.4, 2.7.4 and 2.8.2 has a Directory Traversal vulnerability which allows an attacker to access arbitrary files that are readable by the process running Icinga Web 2. This issue is fixed in Icinga Web 2 in v2.6.4, v2.7.4 and v2.8.2. | |||||
| CVE-2010-1717 | 1 If Surfalert Project | 1 If Surfalert | 2022-12-13 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in the iF surfALERT (com_if_surfalert) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. | |||||
| CVE-2022-37060 | 1 Flir | 2 Flir Ax8, Flir Ax8 Firmware | 2022-12-12 | N/A | 7.5 HIGH |
| FLIR AX8 thermal sensor cameras version up to and including 1.46.16 is vulnerable to Directory Traversal due to an improper access restriction. An unauthenticated, remote attacker can exploit this by sending a URI that contains directory traversal characters to disclose the contents of files located outside of the server's restricted path. | |||||
| CVE-2022-45290 | 1 Kbase Doc Project | 1 Kbase Doc | 2022-12-12 | N/A | 9.1 CRITICAL |
| Kbase Doc v1.0 was discovered to contain an arbitrary file deletion vulnerability via the component /web/IndexController.java. | |||||
| CVE-2022-46826 | 1 Jetbrains | 1 Intellij Idea | 2022-12-12 | N/A | 5.5 MEDIUM |
| In JetBrains IntelliJ IDEA before 2022.3 the built-in web server allowed an arbitrary file to be read by exploiting a path traversal vulnerability. | |||||
| CVE-2020-36565 | 2 Labstack, Microsoft | 2 Echo, Windows | 2022-12-12 | N/A | 5.3 MEDIUM |
| Due to improper sanitization of user input on Windows, the static file handler allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read. | |||||
| CVE-2022-41720 | 2 Golang, Microsoft | 2 Go, Windows | 2022-12-12 | N/A | 7.5 HIGH |
| On Windows, restricted files can be accessed via os.DirFS and http.Dir. The os.DirFS function and http.Dir type provide access to a tree of files rooted at a given directory. These functions permit access to Windows device files under that root. For example, os.DirFS("C:/tmp").Open("COM1") opens the COM1 device. Both os.DirFS and http.Dir only provide read-only filesystem access. In addition, on Windows, an os.DirFS for the directory (the root of the current drive) can permit a maliciously crafted path to escape from the drive and access any path on the system. With fix applied, the behavior of os.DirFS("") has changed. Previously, an empty root was treated equivalently to "/", so os.DirFS("").Open("tmp") would open the path "/tmp". This now returns an error. | |||||
| CVE-2019-4268 | 1 Ibm | 1 Websphere Application Server | 2022-12-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 160201. | |||||
| CVE-2022-44900 | 1 Py7zr Project | 1 Py7zr | 2022-12-09 | N/A | 9.1 CRITICAL |
| A directory traversal vulnerability in the SevenZipFile.extractall() function of the python library py7zr v0.20.0 and earlier allows attackers to write arbitrary files via extracting a crafted 7z file. | |||||
| CVE-2022-46154 | 1 Kodcloud | 1 Kodexplorer | 2022-12-08 | N/A | 7.5 HIGH |
| Kodexplorer is a chinese language web based file manager and browser based code editor. Versions prior to 4.50 did not prevent unauthenticated users from requesting arbitrary files from the host OS file system. As a result any files available to the host process may be accessed by arbitrary users. This issue has been addressed in version 4.50. Users are advised to upgrade. There are no known workarounds for this issue. | |||||
| CVE-2022-44942 | 1 Casbin | 1 Casdoor | 2022-12-08 | N/A | 8.1 HIGH |
| Casdoor before v1.126.1 was discovered to contain an arbitrary file deletion vulnerability via the uploadFile function. | |||||
| CVE-2022-45833 | 1 Wp-ecommerce | 1 Easy Wp Smtp | 2022-12-08 | N/A | 6.5 MEDIUM |
| Auth. Path Traversal vulnerability in Easy WP SMTP plugin <= 1.5.1 on WordPress. | |||||
| CVE-2019-4423 | 1 Ibm | 1 Sterling File Gateway | 2022-12-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 162769. | |||||
| CVE-2022-2969 | 1 Deltaww | 1 Dialink | 2022-12-07 | N/A | 7.5 HIGH |
| Delta Industrial Automation DIALink versions prior to v1.5.0.0 Beta 4 uses an external input to construct a pathname intended to identify a file or directory located underneath a restricted parent directory. However, the software does not properly neutralize special elements within the pathname, which can cause the pathname to resolve to a location outside of the restricted directory. | |||||
| CVE-2020-25247 | 1 Hyland | 1 Onbase | 2022-12-06 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. Directory traversal exists for writing to files, as demonstrated by the FileName parameter. | |||||
| CVE-2022-29837 | 1 Westerndigital | 6 My Cloud Home, My Cloud Home Duo, My Cloud Home Duo Firmware and 3 more | 2022-12-06 | N/A | 7.8 HIGH |
| A path traversal vulnerability was addressed in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi which could allow an attacker to initiate installation of custom ZIP packages and overwrite system files. This could potentially lead to a code execution. | |||||
| CVE-2019-4430 | 1 Ibm | 1 Maximo Asset Management | 2022-12-03 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Maximo Asset Management 7.6 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 162887. | |||||
| CVE-2022-1664 | 2 Debian, Netapp | 3 Debian Linux, Dpkg, Ontap Select Deploy Administration Utility | 2022-12-03 | 7.5 HIGH | 9.8 CRITICAL |
| Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs. | |||||