Total
7108 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-47464 | 1 Gl-inet | 2 Gl-ax1800, Gl-ax1800 Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| Insecure Permissions vulnerability in GL.iNet AX1800 version 4.0.0 before 4.5.0 allows a remote attacker to execute arbitrary code via the upload API function. | |||||
| CVE-2023-47440 | 1 Gladysassistant | 1 Gladys Assistant | 2024-11-21 | N/A | 6.5 MEDIUM |
| Gladys Assistant v4.27.0 and prior is vulnerable to Directory Traversal. The patch of CVE-2023-43256 was found to be incomplete, allowing authenticated attackers to extract sensitive files in the host machine. | |||||
| CVE-2023-47313 | 1 H-mdm | 1 Headwind Mdm | 2024-11-21 | N/A | 5.4 MEDIUM |
| Headwind MDM Web panel 5.22.1 is vulnerable to Directory Traversal. The application uses an API call to move the uploaded temporary file to the file directory during the file upload process. This API call receives two input parameters, such as path and localPath. The first one refers to the temporary file with an absolute path without validating it. Attackers may modify this API call by referring to arbitrary files. As a result, arbitrary files can be moved to the files directory and so they can be downloaded. | |||||
| CVE-2023-47283 | 1 Cubecart | 1 Cubecart | 2024-11-21 | N/A | 4.9 MEDIUM |
| Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to obtain files in the system. | |||||
| CVE-2023-47251 | 1 M-privacy | 2 Mprivacy-tools, Tightgatevnc | 2024-11-21 | N/A | 6.5 MEDIUM |
| In mprivacy-tools before 2.0.406g in m-privacy TightGate-Pro Server, a Directory Traversal in the print function of the VNC service allows authenticated attackers (with access to a VNC session) to automatically transfer malicious PDF documents by moving them into the .spool directory, and then sending a signal to the VNC service, which automatically transfers them to the connected VNC client's filesystem. | |||||
| CVE-2023-47222 | 2024-11-21 | N/A | 9.6 CRITICAL | ||
| An exposure of sensitive information vulnerability has been reported to affect Media Streaming add-on. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in the following version: Media Streaming add-on 500.1.1.5 ( 2024/01/22 ) and later | |||||
| CVE-2023-47221 | 2024-11-21 | N/A | 5.5 MEDIUM | ||
| A path traversal vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow authenticated administrators to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following version: Photo Station 6.4.2 ( 2023/12/15 ) and later | |||||
| CVE-2023-47211 | 1 Zohocorp | 7 Manageengine Firewall Analyzer, Manageengine Netflow Analyzer, Manageengine Network Configuration Manager and 4 more | 2024-11-21 | N/A | 9.1 CRITICAL |
| A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. A specially crafted HTTP request can lead to arbitrary file creation. An attacker can send a malicious MiB file to trigger this vulnerability. | |||||
| CVE-2023-46864 | 1 Peppermint | 1 Peppermint | 2024-11-21 | N/A | 5.3 MEDIUM |
| Peppermint Ticket Management through 0.2.4 allows remote attackers to read arbitrary files via a /api/v1/ticket/1/file/download?filepath=../ POST request. | |||||
| CVE-2023-46863 | 1 Peppermint | 1 Peppermint | 2024-11-21 | N/A | 7.5 HIGH |
| Peppermint Ticket Management before 0.2.4 allows remote attackers to read arbitrary files via a /api/v1/users/file/download?filepath=./../ POST request. | |||||
| CVE-2023-46784 | 2024-11-21 | N/A | 8.2 HIGH | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Server-Side Request Forgery (SSRF) vulnerability in Room 34 Creative Services, LLC ICS Calendar ics-calendar allows Absolute Path Traversal, : Server Side Request Forgery.This issue affects ICS Calendar: from n/a through 10.12.0.3. | |||||
| CVE-2023-46749 | 1 Apache | 1 Shiro | 2024-11-21 | N/A | 6.5 MEDIUM |
| Apache Shiro before 1.13.0 or 2.0.0-alpha-4, may be susceptible to a path traversal attack that results in an authentication bypass when used together with path rewriting Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+, or ensure `blockSemicolon` is enabled (this is the default). | |||||
| CVE-2023-46690 | 1 Deltaww | 1 Infrasuite Device Master | 2024-11-21 | N/A | 8.8 HIGH |
| In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an attacker to write to any file to any location of the filesystem, which could lead to remote code execution. | |||||
| CVE-2023-46645 | 1 Github | 1 Enterprise Server | 2024-11-21 | N/A | 6.8 MEDIUM |
| A path traversal vulnerability was identified in GitHub Enterprise Server that allowed arbitrary file reading when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1. This vulnerability was reported via the GitHub Bug Bounty program. | |||||
| CVE-2023-46497 | 1 Evershop | 1 Evershop | 2024-11-21 | N/A | 5.4 MEDIUM |
| Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the mkdirSync function in the folderCreate/createFolder.js endpoint. | |||||
| CVE-2023-46496 | 1 Evershop | 1 Evershop | 2024-11-21 | N/A | 8.3 HIGH |
| Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the DELETE function in api/files endpoint. | |||||
| CVE-2023-46493 | 1 Evershop | 1 Evershop | 2024-11-21 | N/A | 5.3 MEDIUM |
| Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the readDirSync function in fileBrowser/browser.js. | |||||
| CVE-2023-46455 | 1 Gl-inet | 2 Gl-ar300m, Gl-ar300m Firmware | 2024-11-21 | N/A | 7.5 HIGH |
| In GL.iNET GL-AR300M routers with firmware v4.3.7 it is possible to write arbitrary files through a path traversal attack in the OpenVPN client file upload functionality. | |||||
| CVE-2023-46346 | 1 Myprestamodules | 1 Exportproducts | 2024-11-21 | N/A | 7.5 HIGH |
| In the module "Product Catalog (CSV, Excel, XML) Export PRO" (exportproducts) in versions up to 4.1.1 from MyPrestaModules for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack. Due to a lack of permissions control and a lack of control in the path name construction, a guest can perform a path traversal to view all files on the information system. | |||||
| CVE-2023-46307 | 1 Buddho | 1 Etcd Browser | 2024-11-21 | N/A | 7.5 HIGH |
| An issue was discovered in server.js in etcd-browser 87ae63d75260. By supplying a /../../../ Directory Traversal input to the URL's GET request while connecting to the remote server port specified during setup, an attacker can retrieve local operating system files from the remote system. | |||||