Total
7108 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-46830 | 1 Helpsystems | 1 Goanywhere Managed File Transfer | 2024-11-21 | N/A | 6.5 MEDIUM |
| A path traversal vulnerability exists within GoAnywhere MFT before 6.8.3 that utilize self-registration for the GoAnywhere Web Client. This vulnerability could potentially allow an external user who self-registers with a specific username and/or profile information to gain access to files at a higher directory level than intended. | |||||
| CVE-2021-46421 | 1 Franklinfueling | 2 Ts-550 Evo, Ts-550 Evo Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Franklin Fueling Systems FFS T5 Series 1.8.7.7299 is affected by an unauthenticated directory traversal vulnerability, which allows an attacker to obtain sensitive information. | |||||
| CVE-2021-46420 | 1 Franklinfueling | 2 Ts-550 Evo, Ts-550 Evo Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Franklin Fueling Systems FFS TS-550 evo 2.23.4.8936 is affected by an unauthenticated directory traversal vulnerability, which allows an attacker to obtain sensitive information. | |||||
| CVE-2021-46417 | 1 Franklinfueling | 2 Colibri, Colibri Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| Insecure handling of a download function leads to disclosure of internal files due to path traversal with root privileges in Franklin Fueling Systems Colibri Controller Module 1.8.19.8580. | |||||
| CVE-2021-46381 | 1 Dlink | 2 Dap-1620, Dap-1620 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Local File Inclusion due to path traversal in D-Link DAP-1620 leads to unauthorized internal files reading [/etc/passwd] and [/etc/shadow]. | |||||
| CVE-2021-46203 | 1 Taogogo | 1 Taocms | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Taocms v3.0.2 was discovered to contain an arbitrary file read vulnerability via the path parameter. | |||||
| CVE-2021-46104 | 1 Webp | 1 Webp Server Go | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in webp_server_go 0.4.0. There is a directory traversal vulnerability that can read arbitrary file information on the server. | |||||
| CVE-2021-45967 | 2 Igniterealtime, Pascom | 2 Openfire, Cloud Phone System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints. | |||||
| CVE-2021-45887 | 1 Ponton | 1 X\/p Messenger | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in PONTON X/P Messenger before 3.11.2. Due to path traversal in private/SchemaSetUpload.do for uploaded ZIP files, an executable script can be uploaded by web application administrators, giving the attacker remote code execution on the underlying server via an imgs/*.jsp URI. | |||||
| CVE-2021-45783 | 1 Bookeen | 2 Notea, Notea Firmware | 2024-11-21 | 2.1 LOW | 4.6 MEDIUM |
| Bookeen Notea Firmware BK_R_1.0.5_20210608 is affected by a directory traversal vulnerability that allows an attacker to obtain sensitive information. | |||||
| CVE-2021-45746 | 1 Webank | 1 Wecube | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A Directory Traversal vulnerability exists in WeBankPartners wecube-platform 3.2.1 via the file variable in PluginPackageController.java. | |||||
| CVE-2021-45712 | 1 Rust-embed Project | 1 Rust-embed | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the rust-embed crate before 6.3.0 for Rust. A ../ directory traversal can sometimes occur in debug mode. | |||||
| CVE-2021-45452 | 2 Djangoproject, Fedoraproject | 2 Django, Fedora | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1 allows directory traversal if crafted filenames are directly passed to it. | |||||
| CVE-2021-45448 | 1 Hitachi | 1 Vantara Pentaho | 2024-11-21 | N/A | 7.1 HIGH |
| Pentaho Business Analytics Server versions before 9.2.0.2 and 8.3.0.25 using the Pentaho Analyzer plugin exposes a service endpoint for templates which allows a user-supplied path to access resources that are out of bounds. The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. By using special elements such as ".." and "/" separators, attackers can escape outside of the restricted location to access files or directories that are elsewhere on the system. | |||||
| CVE-2021-45427 | 1 Emerson | 2 Xweb300d Evo, Xweb300d Evo Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Emerson XWEB 300D EVO 3.0.7--3ee403 is affected by: unauthenticated arbitrary file deletion due to path traversal. An attacker can browse and delete files without any authentication due to incorrect access control and directory traversal. | |||||
| CVE-2021-45418 | 1 Starcharge | 4 Nova 360 Cabinet, Nova 360 Cabinet Firmware, Titan 180 Premium and 1 more | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Certain Starcharge products are vulnerable to Directory Traversal via main.cgi. The affected products include: Nova 360 Cabinet <=1.3.0.0.6 - Fixed: 1.3.0.0.9 and Titan 180 Premium <=1.3.0.0.7b102 - Fixed: Beta1.3.0.1.0. | |||||
| CVE-2021-45286 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Directory Traversal vulnerability exists in ZZCMS 2021 via the skin parameter in 1) index.php, 2) bottom.php, and 3) top_index.php. | |||||
| CVE-2021-45043 | 1 Hd-network Real-time Monitoring System Project | 1 Hd-network Real-time Monitoring System | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| HD-Network Real-time Monitoring System 2.0 allows ../ directory traversal to read /etc/shadow via the /language/lang s_Language parameter. | |||||
| CVE-2021-45015 | 1 Taogogo | 1 Taocms | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| taocms 3.0.2 is vulnerable to arbitrary file deletion via taocms\include\Model\file.php from line 60 to line 72. | |||||
| CVE-2021-45010 | 1 Tiny File Manager Project | 1 Tiny File Manager | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A path traversal vulnerability in the file upload functionality in tinyfilemanager.php in Tiny File Manager before 2.4.7 allows remote attackers (with valid user accounts) to upload malicious PHP files to the webroot, leading to code execution. | |||||