High
CVE-2020-36051
Directory traversal vulnerability in page_edit.php in MiniCMS V1.10 allows remote attackers to read arbitrary files via the state parameter.
Tag: Path Traversal
All CVEs associated with "Path Traversal". Page 36/72 • 8594 CVEs.
Subscribe CVEs: RSS for “Path Traversal” · RSS (High+Critical only)
About “Path Traversal”
A curated feed of “Path Traversal”-related CVEs appears below. We currently track 8594 CVEs for this tag (all time). In the last 365 days, 1473 were published. Average CVSS is 6.8 (all time; 6.9 over 365d), and 49% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), CWE-23 - Relative Path Traversal, CWE-35 - Path Traversal: '.../...//'.
In our taxonomy this topic maps to a MODERATE impact class. Common exploitation patterns for this weakness can lead to moderate. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2021-01-05
High
CVE-2021-21234
spring-boot-actuator-logview in a library that adds a simple logfile viewer as spring boot actuator endpoint. It is maven package "eu.hinsch:spring-boot-actuator-logview". In spring-boot-actuator-log…
High
CVE-2021-3019
ffay lanproxy 0.1 allows Directory Traversal to read /../conf/config.properties to obtain credentials for a connection to the intranet.
2021-01-04
High
CVE-2020-22550
Veno File Manager 3.5.6 is affected by a directory traversal vulnerability. Using the traversal allows an attacker to download sensitive files from the server.
2020-12-30
Medium
CVE-2020-5811
An authenticated path traversal vulnerability exists during package installation in Umbraco CMS <= 8.9.1 or current, which could result in arbitrary files being written outside of the site home and e…
2020-12-28
High
CVE-2020-35612
An issue was discovered in Joomla! 2.5.0 through 3.9.22. The folder parameter of mod_random_image lacked input validation, leading to a path traversal vulnerability.
2020-12-27
High
CVE-2020-35736
GateOne 1.1 allows arbitrary file download without authentication via /downloads/.. directory traversal because os.path.join is misused.
2020-12-26
High
CVE-2020-35362
DEXT5Upload 2.7.1262310 and earlier is affected by Directory Traversal in handler/dext5handler.jsp. This could allow remote files to be downloaded via a dext5CMD=downloadRequest action with traversal…
High
CVE-2020-35284
Flamingo (aka FlamingoIM) through 2020-09-29 allows ../ directory traversal because the only ostensibly unpredictable part of a file-transfer request is an MD5 computation; however, this computation…
2020-12-25
Medium
CVE-2020-35709
bloofoxCMS 0.5.2.1 allows admins to upload arbitrary .php files (with "Content-Type: application/octet-stream") to ../media/images/ via the admin/index.php?mode=tools&page=upload URI, aka directory t…
2020-12-24
Critical
CVE-2020-28187
Multiple directory traversal vulnerabilities in TerraMaster TOS <= 4.2.06 allow remote authenticated attackers to read, edit or delete any file within the filesystem via the (1) filename parameter to…
Medium
CVE-2020-2504
If exploited, this absolute path traversal vulnerability could allow attackers to traverse files in File Station. QNAP has already fixed these issues in QES 2.1.1 Build 20201006 and later.
2020-12-23
High
CVE-2020-35598
ACS Advanced Comment System 1.0 is affected by Directory Traversal via an advanced_component_system/index.php?ACS_path=..%2f URI. NOTE: this might be the same as CVE-2009-4623
2020-12-18
High
CVE-2020-5803
Relative Path Traversal in Marvell QConvergeConsole GUI 5.5.0.74 allows a remote, authenticated attacker to delete arbitrary files on disk as SYSTEM or root.
Critical
CVE-2020-20277
There are multiple unauthenticated directory traversal vulnerabilities in different FTP commands in uftpd FTP server versions 2.7 to 2.10 due to improper implementation of a chroot jail in common.c's…
2020-12-16
High
CVE-2020-25617
An issue was discovered in SolarWinds N-Central 12.3.0.670. The AdvancedScripts HTTP endpoint allows Relative Path Traversal by an authenticated user of the N-Central Administration Console (NAC), le…
High
CVE-2020-5683
Directory traversal vulnerability in GROWI versions prior to v4.2.3 (v4.2 Series), GROWI versions prior to v4.1.12 (v4.1 Series), and GROWI v3 series and earlier GROWI versions prior to v4.2.3 (v4.2…
2020-12-14
Medium
CVE-2020-35460
common/InputStreamHelper.java in Packwood MPXJ before 8.3.5 allows directory traversal in the zip stream handler flow, leading to the writing of files to arbitrary locations.
Critical
CVE-2020-5639
Directory traversal vulnerability in FileZen versions from V3.0.0 to V4.2.2 allows remote attackers to upload an arbitrary file in a specific directory via unspecified vectors. As a result, an arbitr…
2020-12-11
High
CVE-2020-7535
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal' Vulnerability Type) vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and M…
2020-12-09
Critical
CVE-2020-26837
SAP Solution Manager 7.2 (User Experience Monitoring), version - 7.2, allows an authenticated user to upload a malicious script that can exploit an existing path traversal vulnerability to compromise…
2020-12-03
High
CVE-2020-29529
HashiCorp go-slug up to 0.4.3 did not fully protect against directory traversal while unpacking tar archives, and protections could be bypassed with specific constructions of multiple symlinks. Fixed…
2020-12-01
High
CVE-2020-28993
A Directory Traversal vulnerability exists in ATX miniCMTS200a Broadband Gateway through 2.0 and Pico CMTS through 2.0. Successful exploitation of this vulnerability would allow an unauthenticated at…
2020-11-27
High
CVE-2017-15684
Crafter CMS Crafter Studio 3.0.1 has a directory traversal vulnerability which allows unauthenticated attackers to view files from the operating system.
Critical
CVE-2017-15681
In Crafter CMS Crafter Studio 3.0.1 a directory traversal vulnerability exists which allows unauthenticated attackers to overwrite files from the operating system which can lead to RCE.
Medium
CVE-2019-19877
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An attacker can get access to sensitive information outside the working directory via Directory Traversal attacks against…
2020-11-26
Medium
CVE-2020-13886
Intelbras TIP 200 60.61.75.15, TIP 200 LITE 60.61.75.15, and TIP 300 65.61.75.22 devices allow cgi-bin/cgiServer.exx?page=../ Directory Traversal.
2020-11-24
High
CVE-2020-4000
The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 allows for executing files through directory traversal. An authenticated SD-WAN Orchestrator user is ab…
Medium
CVE-2020-15928
In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters to test-browser/index.cfm allow directory traversal.
2020-11-19
High
CVE-2020-13355
An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.14. A path traversal is found in LFS Upload that allows attacker to overwrite certain specific paths on the server.…
2020-11-18
High
CVE-2020-28574
A unauthenticated path traversal arbitrary remote file deletion vulnerability in Trend Micro Worry-Free Business Security 10 SP1 could allow an unauthenticated attacker to exploit the vulnerability a…
2020-11-17
High
CVE-2020-26405
Path traversal vulnerability in package upload functionality in GitLab CE/EE starting from 12.8 allows an attacker to save packages in arbitrary locations. Affected versions are >=12.8, <13.3.9,>=13.…
High
CVE-2020-27553
In BASETech GE-131 BT-1837836 firmware 20180921, the web-server on the system is configured with the option “DocumentRoot /etc“. This allows an attacker with network access to the web-server to downl…
Critical
CVE-2020-27130
A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of directory travers…
2020-11-12
High
CVE-2020-27385
Incorrect Access Control in the FileEditor (/Admin/Views/FileEditor/) in FlexDotnetCMS before v1.5.11 allows an authenticated remote attacker to read and write to existing files outside the web root.…
Critical
CVE-2020-12315
Path traversal in the Intel(R) EMA before version 1.3.3 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
2020-11-10
Critical
CVE-2020-25074
The cache action in action/cache.py in MoinMoin through 1.9.10 allows directory traversal through a crafted HTTP request. An attacker who can upload attachments to the wiki can use this to achieve re…
2020-11-09
Medium
CVE-2020-14366
A vulnerability was found in keycloak, where path traversal using URL-encoded path segments in the request is possible because the resources endpoint applies a transformation of the url path to the f…
2020-11-06
Medium
CVE-2020-27128
A vulnerability in the application data endpoints of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to write arbitrary files to an affected system. The vulnerability is d…
Critical
CVE-2020-25172
A relative path traversal attack in the B. Braun OnlineSuite Version AP 3.0 and earlier allows unauthenticated attackers to upload or download arbitrary files.
2020-11-02
High
CVE-2020-9368
The Module Olea Gift On Order module through 5.0.8 for PrestaShop enables an unauthenticated user to read arbitrary files on the server via getfile.php?file=/.. directory traversal.
2020-10-29
High
CVE-2020-25780
In CommCell in Commvault before 14.68, 15.x before 15.58, 16.x before 16.44, 17.x before 17.29, and 18.x before 18.13, Directory Traversal can occur such that an attempt to view a log file can instea…
Medium
CVE-2020-27993
Hrsale 2.0.0 allows download?type=files&filename=../ directory traversal to read arbitrary files.
2020-10-28
High
CVE-2020-24990
An issue was discovered in QSC Q-SYS Core Manager 8.2.1. By utilizing the TFTP service running on UDP port 69, a remote attacker can perform a directory traversal and obtain operating system files vi…
2020-10-21
High
CVE-2020-3550
A vulnerability in the sfmgr daemon of Cisco Firepower Management Center (FMC) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to perform dire…
2020-10-14
High
CVE-2020-15229
Singularity (an open source container platform) from version 3.1.1 through 3.6.3 has a vulnerability. Due to insecure handling of path traversal and the lack of path sanitization within `unsquashfs`,…
2020-10-12
High
CVE-2020-15012
A Directory Traversal issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.19. A user that requests a crafted path can traverse up the file system to get access to content on dis…
Medium
CVE-2020-9106
HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) have a path traversal vulnerability. The system does not sufficiently validate certain pathname, successful exploit could allow the attack…
High
CVE-2020-4776
A path traversal vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which could allow a remote attacker to traverse directories on the system. An attacker could send a spe…
2020-10-08
Medium
CVE-2020-3597
A vulnerability in the configuration restore feature of Cisco Nexus Data Broker software could allow an unauthenticated, remote attacker to perform a directory traversal attack on an affected device.…
2020-10-06
Medium
CVE-2020-26603
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Sticker Center allows directory traversal for an unprivileged process to read arbitrary files. The Samsung…
Low
CVE-2020-15239
In xmpp-http-upload before version 0.4.0, when the GET method is attacked, attackers can read files which have a `.data` suffix and which are accompanied by a JSON file with the `.meta` suffix. This…
Medium
CVE-2020-1904
A path validation issue in WhatsApp for iOS prior to v2.20.61 and WhatsApp Business for iOS prior to v2.20.61 could have allowed for directory traversal overwriting files when sending specially craft…
High
CVE-2020-24219
An issue was discovered on URayTech IPTV/H.264/H.265 video encoders through 1.97. Attackers can send crafted unauthenticated HTTP requests to exploit path traversal and pattern-matching programming f…
2020-10-05
High
CVE-2020-15236
In Wiki.js before version 2.5.151, directory traversal outside of Wiki.js context is possible when a storage module with local asset cache fetching is enabled. A malicious user can potentially read a…
2020-10-02
Critical
CVE-2020-18191
GetSimpleCMS-3.3.15 is affected by directory traversal. Remote attackers are able to delete arbitrary files via /GetSimpleCMS-3.3.15/admin/log.php
Critical
CVE-2020-18190
Bludit v3.8.1 is affected by directory traversal. Remote attackers are able to delete arbitrary files via /admin/ajax/upload-profile-picture.
High
CVE-2020-25623
Erlang/OTP 22.3.x before 22.3.4.6 and 23.x before 23.1 allows Directory Traversal. An attacker can send a crafted HTTP request to read arbitrary files, if httpd in the inets application is used.
2020-10-01
Medium
CVE-2020-5789
Relative Path Traversal in Teltonika firmware TRB2_R_00.02.04.3 allows a remote, authenticated attacker to read the contents of arbitrary files on disk.
Medium
CVE-2020-5788
Relative Path Traversal in Teltonika firmware TRB2_R_00.02.04.3 allows a remote, authenticated attacker to delete arbitrary files on disk via the admin/system/admin/certificates/delete action.
Medium
CVE-2020-5787
Relative Path Traversal in Teltonika firmware TRB2_R_00.02.04.3 allows a remote, authenticated attacker to delete arbitrary files on disk via the admin/services/packages/remove action.
2020-09-30
High
CVE-2020-21527
There is an Arbitrary file deletion vulnerability in halo v1.1.3. A backup function in the background allows a user, when deleting their backup files, to delete any files on the system through direct…
Critical
CVE-2020-21526
An Arbitrary file writing vulnerability in halo v1.1.3. In an interface to write files in the background, a directory traversal check is performed on the input path parameter, but the startsWith func…
High
CVE-2020-21525
Halo V1.1.3 is affected by: Arbitrary File reading. In an interface that reads files in halo v1.1.3, a directory traversal check is performed on the input path parameter, but the startsWith function…
Critical
CVE-2020-21522
An issue was discovered in halo V1.1.3. A Zip Slip Directory Traversal Vulnerability in the backend,the attacker can overwrite some files, such as ftl files, .bashrc files in the user directory, and…
Medium
CVE-2020-21244
An issue was discovered in FrontAccounting 2.4.7. There is a Directory Traversal vulnerability that can empty folder via admin/inst_lang.php.
2020-09-25
High
CVE-2020-25149
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted po…
High
CVE-2020-25145
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted po…
High
CVE-2020-25144
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted po…
High
CVE-2020-25136
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted po…
High
CVE-2020-25134
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted po…
High
CVE-2020-25133
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted po…
High
CVE-2020-24621
A remote code execution (RCE) vulnerability was discovered in the htmlformentry (aka HTML Form Entry) module before 3.11.0 for OpenMRS. By leveraging path traversal, a malicious Velocity Template Lan…
2020-09-23
Critical
CVE-2020-24626
Unathenticated directory traversal in the ReceiverServlet class doPost() method can lead to arbitrary remote code execution in HPE Pay Per Use (PPU) Utility Computing Service (UCS) Meter version 1.9.
High
CVE-2020-24625
Unathenticated directory traversal in the ReceiverServlet class doGet() method can lead to arbitrary file reads in HPE Pay Per Use (PPU) Utility Computing Service (UCS) Meter version 1.9.
High
CVE-2020-24624
Unathenticated directory traversal in the DownloadServlet class execute() method can lead to arbitrary file reads in HPE Pay Per Use (PPU) Utility Computing Service (UCS) Meter version 1.9.
High
CVE-2020-3143
A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence Collaboration Endpoint (CE) Software, Cisco TelePresence Codec (TC) Software, and Cisco RoomOS Software could allow an authentic…
2020-09-22
High
CVE-2020-14028
An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. By leveraging a path traversal vulnerability in the Autoreply module's Script Name, an attacker may write to or overwrite arbitrary fil…
2020-09-18
Medium
CVE-2020-5605
Directory traversal vulnerability in WHR-G54S firmware 1.43 and earlier allows an attacker to access sensitive information such as setting values via unspecified vectors.
2020-09-16
Medium
CVE-2020-7268
Path Traversal vulnerability in McAfee McAfee Email Gateway (MEG) prior to 7.6.406 allows remote attackers to traverse the file system to access files or directories that are outside of the restricte…
2020-09-14
High
CVE-2020-25540
ThinkAdmin v6 is affected by a directory traversal vulnerability. An unauthorized attacker can read arbitrarily file on a remote server via GET request encode parameter.
2020-09-11
High
CVE-2020-25248
An issue was discovered in Hyland OnBase through 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. Directory traversal exists for read…
High
CVE-2020-25247
An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. Directory traversal exists for writing to files, as demonstrated by the FileName parameter.
2020-09-04
High
CVE-2019-20916
The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwr…
Medium
CVE-2020-3365
A vulnerability in the directory permissions of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to perform a directory traversal attack on a limited…
2020-09-03
High
CVE-2020-25068
Setelsa Conacwin v3.7.1.2 is vulnerable to a local file inclusion vulnerability. This vulnerability allows a remote unauthenticated attacker to read internal files on the server via an http:IP:PORT/.…
2020-09-01
High
CVE-2020-7669
This affects all versions of package github.com/u-root/u-root/pkg/tarutil. It is vulnerable to both leading and non-leading relative path traversal attacks in tar file extraction.
High
CVE-2020-7666
This affects all versions of package github.com/u-root/u-root/pkg/cpio. It is vulnerable to leading, non-leading relative path traversal attacks and symlink based (relative and absolute) path travers…
High
CVE-2020-7665
This affects all versions of package github.com/u-root/u-root/pkg/uzip. It is vulnerable to both leading and non-leading relative path traversal attacks in zip file extraction.
2020-08-31
Critical
CVE-2020-7522
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in SFAPV9601 - APC Easy UPS On-Line Software (V2.0 and earlier) when accessing a vulnerable method…
Critical
CVE-2020-7521
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in SFAPV9601 - APC Easy UPS On-Line Software (V2.0 and earlier) when accessing a vulnerable method…
High
CVE-2020-25032
An issue was discovered in Flask-CORS (aka CORS Middleware for Flask) before 3.0.9. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathna…
2020-08-30
High
CVE-2020-14352
A flaw was found in librepo in versions before 1.12.1. A directory traversal vulnerability was found where it failed to sanitize paths in remote repository metadata. An attacker controlling a remote…
2020-08-26
High
CVE-2020-12456
A remote code execution vulnerability in Mitel MiVoice Connect Client before 214.100.1223.0 could allow an attacker to execute arbitrary code in the chat notification window, due to improper renderin…
Medium
CVE-2020-3521
A vulnerability in a specific REST API of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device.…
High
CVE-2020-3519
A vulnerability in a specific REST API method of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to conduct a path traversal attack on an affected devi…
Medium
CVE-2020-3490
A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an authenticated, remote attacker with administrative privileges to conduct directory traver…
2020-08-25
Critical
CVE-2020-16245
Advantech iView, Versions 5.7 and prior. The affected product is vulnerable to path traversal vulnerabilities that could allow an attacker to create/download arbitrary files, limit system availabilit…
High
CVE-2020-17385
Cellopoint CelloOS v4.1.10 Build 20190922 does not validate URL inputted properly, which allows unauthorized user to launch Path Traversal attack and access arbitrate file on the system.
2020-08-24
High
CVE-2020-7377
The Metasploit Framework module "auxiliary/admin/http/telpho10_credential_dump" module is affected by a relative path traversal vulnerability in the untar method which can be exploited to write arbit…
High
CVE-2020-7376
The Metasploit Framework module "post/osx/gather/enum_osx module" is affected by a relative path traversal vulnerability in the get_keychains method which can be exploited to write arbitrary files to…
High
CVE-2020-7831
A vulnerability in the web-based contract management service interface Ebiz4u of INOGARD could allow an victim user to download any file. The attacker is able to use startup menu directory via direct…
Medium
CVE-2020-14367
A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. The file is created during chronyd startup while still running as the root user, and when…
Medium
CVE-2020-19877
DBHcms v1.2.0 has a directory traversal vulnerability as there is no directory control function in directory /dbhcms/. A remote unauthenticated attacker can exploit this vulnerability to obtain serve…
2020-08-21
Medium
CVE-2020-15858
Some devices of Thales DIS (formerly Gemalto, formerly Cinterion) allow Directory Traversal by physically proximate attackers. The directory path access check of the internal flash file system can be…
High
CVE-2020-24571
NexusQA NexusDB before 4.50.23 allows the reading of files via ../ directory traversal.
2020-08-19
High
CVE-2020-24368
Icinga Icinga Web2 2.0.0 through 2.6.4, 2.7.4 and 2.8.2 has a Directory Traversal vulnerability which allows an attacker to access arbitrary files that are readable by the process running Icinga Web…
2020-08-14
Low
CVE-2020-15141
In openapi-python-client before version 0.5.3, there is a path traversal vulnerability. If a user generated a client using a maliciously crafted OpenAPI document, it is possible for generated files t…
2020-08-12
High
CVE-2020-8913
A local, arbitrary code execution vulnerability exists in the SplitCompat.install endpoint in Android's Play Core Library versions prior to 1.7.2. A malicious attacker could create an apk which targe…
2020-08-05
Critical
CVE-2020-5609
Directory traversal vulnerability in CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.0…
2020-08-03
Low
CVE-2020-16116
In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archive can install files outside the extraction directory via ../ directory traversal.
2020-07-31
High
CVE-2020-16136
In tgstation-server 4.4.0 and 4.4.1, an authenticated user with permission to download logs can download any file on the server machine (accessible by the owner of the server process) via directory t…
High
CVE-2020-3383
A vulnerability in the archive utility of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. The vuln…
2020-07-30
Medium
CVE-2020-8222
A path traversal vulnerability exists in Pulse Connect Secure <9.1R8 that allowed an authenticated attacker via the administrator web interface to perform an arbitrary file reading vulnerability thro…
Medium
CVE-2020-8221
A path traversal vulnerability exists in Pulse Connect Secure <9.1R8 which allows an authenticated attacker to read arbitrary files via the administrator web interface.
2020-07-29
Medium
CVE-2020-9689
Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a path traversal vulnerability. Successful exploitation could lead to arbitrary code execution.
Medium
CVE-2020-5614
Directory traversal vulnerability in KonaWiki 3.1.0 and earlier allows remote attackers to read arbitrary files via unspecified vectors.
2020-07-28
Critical
CVE-2020-5377
Dell EMC OpenManage Server Administrator (OMSA) versions 9.4 and prior contain multiple path traversal vulnerabilities. An unauthenticated remote attacker could potentially exploit these vulnerabilit…
2020-07-27
High
CVE-2020-15592
SteelCentral Aternity Agent before 11.0.0.120 on Windows allows Privilege Escalation via a crafted file. It uses an executable running as a high privileged Windows service to perform administrative t…
2020-07-24
High
CVE-2020-15923
Mida eFramework through 2.9.0 allows unauthenticated ../ directory traversal.