Total
7108 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-3241 | 1 Otcms | 1 Otcms | 2024-11-21 | 2.7 LOW | 3.5 LOW |
| A vulnerability was found in OTCMS up to 6.62 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/read.php?mudi=announContent. The manipulation of the argument url leads to path traversal. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231512. | |||||
| CVE-2023-3172 | 1 Froxlor | 1 Froxlor | 2024-11-21 | N/A | 7.2 HIGH |
| Path Traversal in GitHub repository froxlor/froxlor prior to 2.0.20. | |||||
| CVE-2023-3098 | 1 Ubuntukylin | 1 Youker-assistant | 2024-11-21 | 3.2 LOW | 4.4 MEDIUM |
| A vulnerability classified as critical has been found in KylinSoft youker-assistant on KylinOS. Affected is the function restore_all_sound_file. The manipulation leads to path traversal: '../filedir'. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. Upgrading to version 3.0.2-0kylin6k70-23 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230688. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-3031 | 1 Webbax | 1 King-avis | 2024-11-21 | N/A | 4.9 MEDIUM |
| Improper Limitation of a Pathname leads to a Path Traversal vulnerability in the module King-Avis for Prestashop, allowing a user knowing the download token to read arbitrary local files.This issue affects King-Avis: before 17.3.15. | |||||
| CVE-2023-39964 | 1 Fit2cloud | 1 1panel | 2024-11-21 | N/A | 7.5 HIGH |
| 1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, arbitrary file reads allow an attacker to read arbitrary important configuration files on the server. In the `api/v1/file.go` file, there is a function called `LoadFromFile`, which directly reads the file by obtaining the requested path `parameter[path]`. The request parameters are not filtered, resulting in a background arbitrary file reading vulnerability. Version 1.5.0 has a patch for this issue. | |||||
| CVE-2023-39957 | 1 Nextcloud | 1 Talk | 2024-11-21 | N/A | 7.8 HIGH |
| Nextcloud Talk Android allows users to place video and audio calls through Nextcloud on Android. Prior to version 17.0.0, an unprotected intend allowed malicious third party apps to trick the Talk Android app into writing files outside of its intended cache directory. Nextcloud Talk Android version 17.0.0 has a patch for this issue. No known workarounds are available. | |||||
| CVE-2023-39916 | 1 Nlnetlabs | 1 Routinator | 2024-11-21 | N/A | 9.3 CRITICAL |
| NLnet Labs’ Routinator 0.9.0 up to and including 0.12.1 contains a possible path traversal vulnerability in the optional, off-by-default keep-rrdp-responses feature that allows users to store the content of responses received for RRDP requests. The location of these stored responses is constructed from the URL of the request. Due to insufficient sanitation of the URL, it is possible for an attacker to craft a URL that results in the response being stored outside of the directory specified for it. | |||||
| CVE-2023-39912 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2024-11-21 | N/A | 4.9 MEDIUM |
| Zoho ManageEngine ADManager Plus before 7203 allows Help Desk Technician users to read arbitrary files on the machine where this product is installed. | |||||
| CVE-2023-39699 | 1 Icewarp | 1 Mail Server | 2024-11-21 | N/A | 9.8 CRITICAL |
| IceWarp Mail Server v10.4.5 was discovered to contain a local file inclusion (LFI) vulnerability via the component /calendar/minimizer/index.php. This vulnerability allows attackers to include or execute files from the local file system of the targeted server. | |||||
| CVE-2023-39611 | 1 Softwarefx | 1 Chart Fx | 2024-11-21 | N/A | 7.5 HIGH |
| An issue in Software FX Chart FX 7 version 7.0.4962.20829 allows attackers to enumerate and read files from the local filesystem by sending crafted web requests. | |||||
| CVE-2023-39584 | 1 Hexo | 1 Hexo | 2024-11-21 | N/A | 7.5 HIGH |
| Hexo up to v7.0.0 (RC2) was discovered to contain an arbitrary file read vulnerability. | |||||
| CVE-2023-39559 | 1 Web-audimex | 1 Audimexee | 2024-11-21 | N/A | 5.3 MEDIUM |
| AudimexEE 15.0 was discovered to contain a full path disclosure vulnerability. | |||||
| CVE-2023-39528 | 1 Prestashop | 1 Prestashop | 2024-11-21 | N/A | 6.8 MEDIUM |
| PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, the `displayAjaxEmailHTML` method can be used to read any file on the server, potentially even outside of the project if the server is not correctly configured. Version 8.1.1 contains a patch for this issue. There are no known workarounds. | |||||
| CVE-2023-39525 | 1 Prestashop | 1 Prestashop | 2024-11-21 | N/A | 6.5 MEDIUM |
| PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, in the back office, files can be compromised using path traversal by replaying the import file deletion query with a specified file path that uses the traversal path. Version 8.1.1 contains a patch for this issue. There are no known workarounds. | |||||
| CVE-2023-39506 | 2024-11-21 | N/A | 7.8 HIGH | ||
| PDF-XChange Editor createDataObject Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the createDataObject method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-20594. | |||||
| CVE-2023-39460 | 2024-11-21 | N/A | 7.2 HIGH | ||
| Triangle MicroWorks SCADA Data Gateway Event Log Directory Traversal Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the creation of event logs. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-20534. | |||||
| CVE-2023-39459 | 2024-11-21 | N/A | 7.8 HIGH | ||
| Triangle MicroWorks SCADA Data Gateway Directory Traversal Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of workspace files. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to create files in the context of Administrator. Was ZDI-CAN-20531. | |||||
| CVE-2023-39448 | 1 Ss-proj | 1 Shirasagi | 2024-11-21 | N/A | 8.8 HIGH |
| Path traversal vulnerability in SHIRASAGI prior to v1.18.0 allows a remote authenticated attacker to alter or create arbitrary files on the server, resulting in arbitrary code execution. | |||||
| CVE-2023-39407 | 1 Huawei | 1 Harmonyos | 2024-11-21 | N/A | 9.1 CRITICAL |
| The Watchkit has a risk of unauthorized file access.Successful exploitation of this vulnerability may affect confidentiality and integrity. | |||||
| CVE-2023-39402 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 9.1 CRITICAL |
| Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization. | |||||