Home
Bugtraq
Full List
Only Bugs
Only Tricks
Only Exploits
Only Dorks
Only CVE
Only CWE
Fake Notes
Ranking
CVEMAP
Full List
Show Vendors
Show Products
CWE Dictionary
Check CVE Id
Check CWE Id
Search
Bugtraq
CVEMAP
By author
CVE Id
CWE Id
By vendors
By products
RSS
Bugtraq
CVEMAP
CVE Products
Bugs
Exploits
Dorks
More
cIFrex
Facebook
Twitter
Donate
About
Submit
CWE
:
Topic
Date
Author
Med.
C-MOR Video Surveillance 5.2401 Path Traversal
10.09.2024
Matthias Deeg
Med.
TVT NVMS-1000 Directory Traversal
03.09.2024
Dhiraj Mishra
Med.
Cisco ASA Directory Traversal
01.09.2024
Shelby Pace
Med.
A10 Networks AX Loadbalancer Directory Traversal
01.09.2024
xistence
High
Open WebUI 0.1.105 File Upload / Path Traversal
12.08.2024
Jaggar Henry
Med.
Devika v1 Path Traversal via snapshot_path
04.08.2024
Alperen Ergel
Med.
Apache OFBiz Forgot Password Directory Traversal
24.06.2024
jheysel-r7
Med.
Craft CMS Logs Plugin 3.0.3 Path Traversal (Authenticated)
02.06.2024
Steffen Rogge
Med.
Apache OFBiz 18.12.12 Directory Traversal
20.05.2024
Abdualhadi Khalifa
Med.
CrushFTP Directory Traversal
16.05.2024
Abdualhadi Khalifa
High
OpenClinic GA 5.247.01 Path Traversal (Authenticated)
15.04.2024
V. B.
Med.
BioTime Directory Traversal / Remote Code Execution
01.04.2024
w3bd3vil
Med.
TYPO3 11.5.24 Path Traversal (Authenticated)
20.03.2024
Saeed reza Zamanian
Med.
Automatic-Systems SOC FL9600 FastLine Directory Traversal
27.02.2024
Marcin Kozlowski
Med.
TYPO3 11.5.24 Path Traversal
20.12.2023
Saeed reza Zamanian
Med.
WordPress AI ChatBot 4.8.9 SQL Injection / Traversal / File Deletion
27.10.2023
Marco Wotschka
Med.
Automatic-Systems SOC FL9600 FastLine - Directory Transversal
17.10.2023
Cqure
Med.
Minio 2022-07-29T19-40-48Z Path Traversal
10.10.2023
Jenson Zhao
Med.
TECHView LA5570 Wireless Gateway 1.0.19_T53 Traversal / Privilege Escalation
09.09.2023
The Security Team
Med.
TP-Link TL-WR740N Directory Traversal
21.07.2023
Anish Feroz
Med.
Thruk Monitoring Web Interface 3.06 Path Traversal
10.06.2023
Galoget Latorre
Med.
CloudPanel 2.2.2 Privilege Escalation / Path Traversal
07.06.2023
EagleEye
High
Mitel MiCollab AWV 8.1.2.4 / 9.1.3 Directory Traversal / LFI
06.04.2023
Kahvi-0
High
Device Manager Express 7.8.20002.47752 SQL Injection / XSS / Code Execution / Traversal
24.02.2023
Eric Flokstra
Med.
py7zr 0.20.0 Directory Traversal
07.12.2022
Matteo Cosentino
Med.
Drupal H5P Module 2.0.0 Zip Slip Traversal
05.12.2022
EgiX
Med.
Payara Platform Path Traversal
15.11.2022
Michael Baer
Med.
Carel pCOWeb HVAC BACnet Gateway 2.1.0 Directory Traversal
12.11.2022
LiquidWorm
Med.
AVEVA InTouch Access Anywhere Secure Gateway 2020 R2 Path Traversal
12.11.2022
Jens Regel
Med.
Webile 1.0.1 Directory Traversal
17.10.2022
Vulnerability Laborato...
High
Owlfiles File Manager 12.0.1 Path Traversal / Local File Inclusion
20.09.2022
Chokri Hammedi
Med.
FTPManager 8.2 Local File Inclusion / Directory Traversal
07.09.2022
Chokri Hammedi
Med.
Zimbra Zip Path Traversal
24.08.2022
Ron Bowes
Med.
CuteEditor For PHP 6.6 Directory Traversal
08.08.2022
Stefan Hesselman
High
Zimbra UnRAR Path Traversal
08.08.2022
Ron Bowes
Med.
Omnia MPX 1.5.0+r1 Path Traversal
02.08.2022
Momen Eldawakhly
Med.
uftpd 2.10 Directory Traversal
02.08.2022
Aaron Esau
Med.
Carel pCOWeb HVAC BACnet Gateway 2.1.0 Unauthenticated Directory Traversal
04.07.2022
LiquidWorm
Med.
SAP FRUN Simple Diagnostics Agent 1.0 Directory Traversal
22.06.2022
Yvan Genuer
Med.
SolarView Compact 6.00 Directory Traversal
04.06.2022
Ahmed Alroky
Low
WordPress User Meta Lite / Pro 2.4.3 Path Traversal
31.05.2022
Julien Ahrens
Med.
Bookeen Notea Directory Traversal
29.05.2022
Clement MAILLIOUX
Med.
Barco Control Room Management Suite Directory Traversal
04.04.2022
Murat Aydemir
Med.
IdeaRE RefTree Path Traversal
31.03.2022
Savino Sisco
Med.
Joomla! 4.1.0 Zip Slip File Overwrite / Path Traversal
30.03.2022
EgiX
Med.
Xerte 3.10.3 Directory Traversal
02.03.2022
Rik Lutz
Med.
Kyocera Command Center RX ECOSYS M2035dn Directory Traversal File Disclosure (Unauthenticated)
14.02.2022
Luis Martinez
Med.
Kyocera Command Center RX ECOSYS M2035dn Directory Traversal
12.02.2022
Luis Martinez
Med.
Ethercreative Logs 3.0.3 Path Traversal
26.01.2022
Steffen Rogge
Med.
CoreFTP Server Build 725 Directory Traversal
10.01.2022
LiamInfosec
Med.
Grafana 8.3.0 Directory Traversal / Arbitrary File Read
09.12.2021
s1gh
High
Aviatrix Controller 6.x Path Traversal / Code Execution
11.10.2021
0xJoyGhosh
Med.
Apache HTTP Server 2.4.49 Path Traversal
06.10.2021
Lucas Souza
Med.
ECOA Building Automation System Directory Traversal
13.09.2021
Neurogenesia
Med.
Umbraco CMS 8.9.1 Path traversal and Arbitrary File Write (Authenticated)
13.09.2021
BitTheByte
Med.
Artica Proxy VMWare Appliance 4.30.000000 SP273 Path Traversal
06.09.2021
Heiko Feldhusen
Med.
OpenSIS 8.0 modname Directory/Path Traversal
05.09.2021
Eric Salario
Med.
OpenSIS 8.0 Directory Traversal
04.09.2021
Eric Salario
High
KevinLAB BEMS 1.0 Authenticated File Path Traversal / Information Disclosure
21.07.2021
LiquidWorm
Med.
WordPress Plugin Anti-Malware Security and Bruteforce Firewall 4.20.59 Directory Traversal
07.07.2021
TheSmuggler
Med.
Pallets Werkzeug 0.15.4 Path Traversal
07.07.2021
faisalfs10x
Med.
OpenEMR 5.0.1.7 fileName Path Traversal (Authenticated)
29.06.2021
Ron Jost
Med.
Trixbox 2.8.0.4 Path Traversal
30.05.2021
Ron Jost
High
Schlix CMS 2.2.6-6 Shell Upload / Directory Traversal
25.05.2021
Emir Polat
Med.
Mini Mouse 9.2.0 Path Traversal
05.04.2021
gosh
Med.
WordPress Delightful Downloads Jquery File Tree 1.6.6 Path Traversal
22.03.2021
Nicholas Ferreira
Med.
Fluig 1.7.0 Path Traversal
05.03.2021
Lucas Souza
Med.
Yeastar TG400 GSM Gateway 91.3.0.3 Path Traversal
27.02.2021
SQSamir
Med.
orart Remote File Inculsion Vulnerability [ RFI ]
22.02.2021
h4shur
Med.
SolarWinds Serv-U FTP Server 15.2.1 Path Traversal
13.02.2021
Jack Misiura
Med.
Home Assistant Community Store 1.10.0 Path Traversal
29.01.2021
Lyghtnox
High
Selea Targa IP OCR-ANPR Camera Directory Traversal
22.01.2021
LiquidWorm
Med.
Apache Flink 1.11.0 Arbitrary File Read / Directory Traversal
08.01.2021
SunCSR
Med.
Responsive FileManager 9.13.4 Path Traversal
05.01.2021
SunCSR
Med.
WordPress Duplicator 1.3.26 Directory Traversal / File Read
03.01.2021
Hoa Nguyen
Med.
Rocket.Chat Path Traversal
23.12.2020
Moe Szyslak
Med.
Cisco ASA 9.14.1.10 / FTD 6.6.0.1 Path Traversal
15.12.2020
Freakyclown
Low
Advanced Component System (ACS) 1.0 Path Traversal
13.12.2020
Francisco Javier Santi...
Low
Huawei HedEx Lite (DM) Path Traversal
04.12.2020
S.AbenMassaoud
High
Sony BRAVIA Digital Signage 1.7.8 Unauthenticated Remote File Inclusion
04.12.2020
LiquidWorm
High
TestBox CFML Test Framework 4.1.0 Directory Traversal
21.11.2020
Darren King
Med.
PMB 5.6 Local File Disclosure / Directory Traversal
16.11.2020
41-trk
Med.
SIGE (Joomla) 3.4.1 & 3.5.3 Pro - Multiple Vulnerabilities
13.11.2020
h4shur
Med.
ReQuest Serious Play Media Player 3.0 Directory Traversal File Disclosure
05.11.2020
LiquidWorm
High
HiSilicon Video Encoder 1.97 File Disclosure / Path Traversal
19.10.2020
Alexei Kojenov
Med.
ReQuest Serious Play Media Player 3.0 File Disclosure / Path Traversal
19.10.2020
LiquidWorm
Med.
Cisco ASA and FTD 9.6.4.42 Path Traversal
14.10.2020
3ndG4me
High
Garfield Petshop 2020-10-01 Cross Site Request Forgery
09.10.2020
Ramdan Yantu
Med.
Karel IP Phone IP1211 Web Management Panel Directory Traversal
07.10.2020
Berat Gokberk ISLER
Med.
Ruijie Networks Switch eWeb S29_RGOS 11.4 Directory Traversal
20.08.2020
Tuygun
Med.
October CMS <= Build 465 Multiple Vulnerabilities
03.08.2020
Sivanesh Ashok
Med.
Files 4 Client Pro - Easy File Transfer v1.2.2 - Path Traversal
30.07.2020
Vlad Vector
Med.
Bludit 3.9.2 Directory Traversal
30.07.2020
James Green
Med.
Zyxel Armor X1 WAP6806 Directory Traversal
15.07.2020
Rajivarnan R
High
ATutor 2.2.4 Directory Traversal / Remote Code Execution
01.07.2020
liquidsky
Med.
Zyxel Armor X1 Model:WAP6806 - Directory Traversal
30.06.2020
Rajivarnan R
Med.
Cisco AnyConnect Path Traversal / Privilege Escalation
25.06.2020
Yorick Koster
Med.
OpenCTI 3.3.1 Cross Site Scripting / Directory Traversal
18.06.2020
Raif Berkay Dincel
Med.
MJML 4.6.2 Path Traversal
17.06.2020
Julien Ahrens
Med.
Navigate CMS 2.8.7 Authenticated Directory Traversal
10.06.2020
Gus Ralph
CVEMAP Search Results
CVE
Details
Description
2024-09-18
CVE-2024-46987
Updating...
Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails. A path traversal vulnerability accessible via MediaController's download_private_file method allows authenticated users to download any file on the web server Camaleon CMS is running on (depending on the file permissions). This issue may lead to Information Disclosure. This issue has been addressed in release version 2.8.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.
2024-09-17
CVE-2024-45604
Updating...
Contao is an Open Source CMS. In affected versions authenticated users in the back end can list files outside the document root in the file selector widget. Users are advised to update to Contao 4.13.49. There are no known workarounds for this vulnerability.
2024-09-15
CVE-2024-8865
Updating...
A vulnerability was found in composiohq composio up to 0.5.8 and classified as problematic. Affected by this issue is the function path of the file composio\server\api.py. The manipulation of the argument file leads to path traversal. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-8876
Updating...
A vulnerability, which was classified as problematic, has been found in xiaohe4966 TpMeCMS up to 1.3.3.1. Affected by this issue is some unknown functionality of the file /index/ajax/lang. The manipulation of the argument lang leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.3.3.2 is able to address this issue. It is recommended to upgrade the affected component.
CVE-2024-8875
Updating...
A vulnerability classified as critical was found in vedees wcms up to 0.3.2. Affected by this vulnerability is an unknown functionality of the file /wex/finder.php. The manipulation of the argument p leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
2024-09-12
CVE-2024-8707
Updating...
A vulnerability was found in ?????????? Yunke Online School System up to 3.0.6. It has been declared as problematic. This vulnerability affects the function downfile of the file application/admin/controller/Appadmin.php. The manipulation of the argument url leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-8706
Updating...
A vulnerability was found in JFinalCMS up to 20240903. It has been classified as problematic. This affects the function update of the file /admin/template/update of the component com.cms.util.TemplateUtils. The manipulation of the argument fileName leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
2024-09-11
CVE-2024-7609
Updating...
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Vidco Software VOC TESTER allows Path Traversal.This issue affects VOC TESTER: before 12.34.8.
CVE-2024-8694
Updating...
A vulnerability, which was classified as problematic, was found in JFinalCMS up to 20240903. This affects the function update of the file /admin/template/update of the component com.cms.controller.admin.TemplateController. The manipulation of the argument fileName leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
2024-09-10
CVE-2024-21753
Updating...
A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiClientEMS versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.13, 6.4.0 through 6.4.9, 6.2.0 through 6.2.9, 6.0.0 through 6.0.8, 1.2.1 through 1.2.5 allows attacker to perform a denial of service, read or write a limited number of files via specially crafted HTTP requests
Copyright
2024
, cxsecurity.com
Back to Top
