Total
6050 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-0966 | 1 Cisco | 1 Ciscoworks Common Services | 2024-02-14 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in cwhp/auditLog.do in the Homepage Auditing component in Cisco CiscoWorks Common Services 3.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, aka Bug ID CSCto35577. | |||||
| CVE-2018-18713 | 1 Phpyun | 1 Phpyun | 2024-02-14 | 5.0 MEDIUM | 7.5 HIGH |
| The function down_sql_action() in /admin/model/database.class.php in PHPYun 4.6 allows remote attackers to read arbitrary files via directory traversal in an m=database&c=down_sql&name=../ URI. | |||||
| CVE-2008-7064 | 1 Quicksilver Forums | 1 Quicksilver Forums | 2024-02-14 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in the get_lang function in global.php in Quicksilver Forums 1.4.2 and earlier, as used in QSF Portal before 1.4.5, when running on Windows, allows remote attackers to include and execute arbitrary local files via a "\" (backslash) in the lang parameter to index.php, which bypasses a protection mechanism that only checks for "/" (forward slash), as demonstrated by uploading and including PHP code in an avatar file. | |||||
| CVE-2018-16457 | 1 Open Source Real-estate Script Project | 1 Open Source Real-estate Script | 2024-02-14 | 5.0 MEDIUM | 5.3 MEDIUM |
| PHP Scripts Mall Open Source Real-estate Script 3.6.2 allows remote attackers to list the wp-content/themes/template_dp_dec2015/img directory. | |||||
| CVE-2009-1730 | 1 Netmechanica | 1 Netdecision Tftp Server | 2024-02-14 | 10.0 HIGH | N/A |
| Multiple directory traversal vulnerabilities in NetMechanica NetDecision TFTP Server 4.2 allow remote attackers to read or modify arbitrary files via directory traversal sequences in the (1) GET or (2) PUT command. | |||||
| CVE-2019-16123 | 1 Kartatopia | 1 Piluscart | 2024-02-14 | 5.0 MEDIUM | 7.5 HIGH |
| In Kartatopia PilusCart 1.4.1, the parameter filename in the file catalog.php is mishandled, leading to ../ Local File Disclosure. | |||||
| CVE-2020-36142 | 1 Bloofox | 1 Bloofoxcms | 2024-02-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| BloofoxCMS 0.5.2.1 allows Directory traversal vulnerability by inserting '../' payloads within the 'fileurl' parameter. | |||||
| CVE-2019-12169 | 1 Atutor | 1 Atutor | 2024-02-14 | 6.8 MEDIUM | 8.8 HIGH |
| ATutor 2.2.4 allows Arbitrary File Upload and Directory Traversal, resulting in remote code execution via a ".." pathname in a ZIP archive to the mods/_core/languages/language_import.php (aka Import New Language) or mods/_standard/patcher/index_admin.php (aka Patcher) component. | |||||
| CVE-2017-12637 | 1 Sap | 1 Netweaver Application Server Java | 2024-02-14 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS in SAP NetWeaver Application Server Java 7.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the query string, as exploited in the wild in August 2017, aka SAP Security Note 2486657. | |||||
| CVE-2009-0325 | 1 Ninjadesigns | 1 Ninja Blog | 2024-02-14 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in entries/index.php in Ninja Blog 4.8, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the cat parameter. | |||||
| CVE-2011-0049 | 1 Mj2 | 1 Majordomo 2 | 2024-02-14 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the _list_file_get function in lib/Majordomo.pm in Majordomo 2 before 20110131 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the help command, as demonstrated using (1) a crafted email and (2) cgi-bin/mj_wwwusr in the web interface. | |||||
| CVE-2019-11397 | 2 Microsoft, Rapidflows | 2 .net Framework, Rapid4 | 2024-02-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| GetFile.aspx in Rapid4 RapidFlows Enterprise Application Builder 4.5M.23 (when used with .NET Framework 4.5) allows Local File Inclusion via the FileDesc parameter. | |||||
| CVE-2018-7467 | 1 Axxonsoft | 1 Next | 2024-02-14 | 5.0 MEDIUM | 7.5 HIGH |
| AxxonSoft Axxon Next has Directory Traversal via an initial /css//..%2f substring in a URI. | |||||
| CVE-2009-2922 | 1 Pixaria | 1 Pixaria Gallery | 2024-02-14 | 7.8 HIGH | N/A |
| Absolute path traversal vulnerability in pixaria.image.php in Pixaria Gallery 2.0.0 through 2.3.5 allows remote attackers to read arbitrary files via a base64-encoded file parameter. | |||||
| CVE-2009-0288 | 1 Windows Tftp Utility | 1 Tftputil | 2024-02-14 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in k23productions TFTPUtil GUI 1.2.0 and 1.3.0 allows remote attackers to read arbitrary files outside the TFTP root directory via directory traversal sequences in a GET request. | |||||
| CVE-2024-23673 | 1 Apache | 1 Sling Servlets Resolver | 2024-02-14 | N/A | 7.5 HIGH |
| Malicious code execution via path traversal in Apache Software Foundation Apache Sling Servlets Resolver.This issue affects all version of Apache Sling Servlets Resolver before 2.11.0. However, whether a system is vulnerable to this attack depends on the exact configuration of the system. If the system is vulnerable, a user with write access to the repository might be able to trick the Sling Servlet Resolver to load a previously uploaded script. Users are recommended to upgrade to version 2.11.0, which fixes this issue. It is recommended to upgrade, regardless of whether your system configuration currently allows this attack or not. | |||||
| CVE-2023-6831 | 1 Lfprojects | 1 Mlflow | 2024-02-13 | N/A | 8.1 HIGH |
| Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2. | |||||
| CVE-2024-22514 | 1 Ispyconnect | 1 Agent Dvr | 2024-02-13 | N/A | 8.8 HIGH |
| An issue discovered in iSpyConnect.com Agent DVR 5.1.6.0 allows attackers to run arbitrary files by restoring a crafted backup file. | |||||
| CVE-2024-1082 | 2024-02-13 | N/A | 6.3 MEDIUM | ||
| A path traversal vulnerability was identified in GitHub Enterprise Server that allowed an attacker to gain unauthorized read permission to files by deploying arbitrary symbolic links to a GitHub Pages site with a specially crafted artifact tarball. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.8.15, 3.9.10, 3.10.7, 3.11.5. This vulnerability was reported via the GitHub Bug Bounty program. | |||||
| CVE-2024-0849 | 1 Leanote | 1 Desktop | 2024-02-13 | N/A | 5.5 MEDIUM |
| Leanote version 2.7.0 allows obtaining arbitrary local files. This is possible because the application is vulnerable to LFR. | |||||