Total
7001 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-8694 | 1 Jfinalcms Project | 1 Jfinalcms | 2024-09-12 | 3.8 Low |
| A vulnerability, which was classified as problematic, was found in JFinalCMS up to 20240903. This affects the function update of the file /admin/template/update of the component com.cms.controller.admin.TemplateController. The manipulation of the argument fileName leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-42469 | 1 Openhab | 1 Openhab | 2024-09-12 | 9.8 Critical |
| openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. Prior to version 4.2.1, CometVisu's file system endpoints don't require authentication and additionally the endpoint to update an existing file is susceptible to path traversal. This makes it possible for an attacker to overwrite existing files on the openHAB instance. If the overwritten file is a shell script that is executed at a later time, this vulnerability can allow remote code execution by an attacker. Users should upgrade to version 4.2.1 to receive a patch. | ||||
| CVE-2024-42468 | 1 Openhab | 2 Openhab, Openhab Webui | 2024-09-12 | 5.3 Medium |
| openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. CometVisuServlet in versions prior to 4.2.1 is susceptible to an unauthenticated path traversal vulnerability. Local files on the server can be requested via HTTP GET on the CometVisuServlet. This issue may lead to information disclosure. Users should upgrade to version 4.2.1 of the CometVisu add-on of openHAB to receive a patch. | ||||
| CVE-2024-8707 | 1 Yunknet | 1 Yunke Online School System | 2024-09-12 | 4.3 Medium |
| A vulnerability was found in 云课网络科技有限公司 Yunke Online School System up to 3.0.6. It has been declared as problematic. This vulnerability affects the function downfile of the file application/admin/controller/Appadmin.php. The manipulation of the argument url leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-4556 | 2 Microfocus, Netiq | 2 Netiq Access Manager, Access Manager | 2024-09-12 | 5.7 Medium |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in OpenText NetIQ Access Manager allows access the sensitive information. This issue affects NetIQ Access Manager before 5.0.4 and before 5.1. | ||||
| CVE-2024-8585 | 1 Learningdigital | 1 Orca Hcm | 2024-09-11 | 6.5 Medium |
| Orca HCM from LEARNING DIGITA does not properly restrict a specific parameter of the file download functionality, allowing a remote attacker with regular privileges to download arbitrary system files. | ||||
| CVE-2024-37728 | 1 Officeweb365 | 1 Officeweb365 | 2024-09-11 | 7.5 High |
| Arbitrary File Read vulnerability in Xi'an Daxi Information Technology Co., Ltd OfficeWeb365 v.7.18.23.0 and v8.6.1.0 allows a remote attacker to obtain sensitive information via the "Pic/Indexes" interface | ||||
| CVE-2024-7323 | 1 Digiwin | 1 Easyflow .net | 2024-09-11 | 6.5 Medium |
| Digiwin EasyFlow .NET lacks proper access control for specific functionality, and the functionality do not adequately filter user input. A remote attacker with regular privilege can exploit this vulnerability to download arbitrary files from the remote server . | ||||
| CVE-2024-21904 | 1 Qnap | 2 Qts, Quts Hero | 2024-09-11 | 5.9 Medium |
| A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.7.2770 build 20240520 and later QuTS hero h5.1.7.2770 build 20240520 and later | ||||
| CVE-2023-51366 | 1 Qnap | 2 Qts, Quts Hero | 2024-09-11 | 8.7 High |
| A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later | ||||
| CVE-2024-44867 | 1 Phpok | 1 Phpok | 2024-09-10 | 7.5 High |
| phpok v3.0 was discovered to contain an arbitrary file read vulnerability via the component /autoload/file.php. | ||||
| CVE-2024-44720 | 1 Seacms | 1 Seacms | 2024-09-09 | 7.5 High |
| SeaCMS v13.1 was discovered to an arbitrary file read vulnerability via the component admin_safe.php. | ||||
| CVE-2024-40712 | 1 Veeam | 1 Backup \& Replication | 2024-09-09 | N/A |
| A path traversal vulnerability allows an attacker with a low-privileged account and local access to the system to perform local privilege escalation (LPE). | ||||
| CVE-2024-8165 | 1 Beikeshop | 1 Beikeshop | 2024-09-06 | 4.3 Medium |
| A vulnerability, which was classified as problematic, was found in Chengdu Everbrite Network Technology BeikeShop up to 1.5.5. This affects the function exportZip of the file /admin/file_manager/export. The manipulation of the argument path leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-8163 | 2 Beikeshop, Chengdu Everbrite Network Technology | 2 Beikeshop, Beike Shop | 2024-09-06 | 5.4 Medium |
| A vulnerability classified as critical was found in Chengdu Everbrite Network Technology BeikeShop up to 1.5.5. Affected by this vulnerability is the function destroyFiles of the file /admin/file_manager/files. The manipulation of the argument files leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-7693 | 2 Raidenmaild, Team Johnlong | 2 Raidenmaild, Raiden Maild Remote Management System | 2024-09-06 | 7.5 High |
| Raiden MAILD Remote Management System from Team Johnlong Software has a Relative Path Traversal vulnerability, allowing unauthenticated remote attackers to read arbitrary file on the remote server. | ||||
| CVE-2024-45074 | 2 Ibm, Softwareag | 2 Webmethods Integration, Webmethods | 2024-09-06 | 6.5 Medium |
| IBM webMethods Integration 10.15 could allow an authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. | ||||
| CVE-2024-43248 | 1 Bitapps | 2 Bit Form, Bit Form Pro | 2024-09-06 | 8.6 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Bit Apps Bit Form Pro allows File Manipulation.This issue affects Bit Form Pro: from n/a through 2.6.4. | ||||
| CVE-2024-34656 | 1 Samsung | 1 Notes | 2024-09-06 | 7.3 High |
| Path traversal in Samsung Notes prior to version 4.4.21.62 allows local attackers to execute arbitrary code. | ||||
| CVE-2024-45443 | 1 Huawei | 2 Emui, Harmonyos | 2024-09-06 | 6.1 Medium |
| Directory traversal vulnerability in the cust module Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. | ||||