Total
7108 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-40978 | 1 Mkdocs | 1 Mkdocs | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The mkdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain :sensitive information. NOTE: the vendor has disputed this as described in https://github.com/mkdocs/mkdocs/issues/2601.] and https://github.com/nisdn/CVE-2021-40978/issues/1 | |||||
| CVE-2021-40964 | 1 Tinyfilemanager Project | 1 Tinyfilemanager | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| A Path Traversal vulnerability exists in TinyFileManager all version up to and including 2.4.6 that allows attackers to upload a file (with Admin credentials or with the CSRF vulnerability) with the "fullpath" parameter containing path traversal strings (../ and ..\) in order to escape the server's intended working directory and write malicious files onto any directory on the computer. | |||||
| CVE-2021-40960 | 1 Galera | 1 Galera Webtemplate | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Galera WebTemplate 1.0 is affected by a directory traversal vulnerability that could reveal information from /etc/passwd and /etc/shadow. | |||||
| CVE-2021-40887 | 1 Projectsend | 1 Projectsend | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Projectsend version r1295 is affected by a directory traversal vulnerability. Because of lacking sanitization input for files[] parameter, an attacker can add ../ to move all PHP files or any file on the system that has permissions to /upload/files/ folder. | |||||
| CVE-2021-40886 | 1 Projectsend | 1 Projectsend | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Projectsend version r1295 is affected by a directory traversal vulnerability. A user with Uploader role can add value `2` for `chunks` parameter to bypass `fileName` sanitization. | |||||
| CVE-2021-40858 | 1 Auerswald | 20 Commander 6000r Ip, Commander 6000r Ip Firmware, Commander 6000rx Ip and 17 more | 2024-11-21 | 6.8 MEDIUM | 4.9 MEDIUM |
| Auerswald COMpact 5500R devices before 8.2B allow Arbitrary File Disclosure. A sub-admin can read the cleartext Admin password via the fileName=../../etc/passwd substring. | |||||
| CVE-2021-40841 | 1 Liveconfig | 1 Liveconfig | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A Path Traversal vulnerability for a log file in LiveConfig 2.12.2 allows authenticated attackers to read files on the underlying server. | |||||
| CVE-2021-40745 | 3 Adobe, Linux, Microsoft | 3 Campaign, Linux Kernel, Windows | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Campaign version 21.2.1 (and earlier) is affected by a Path Traversal vulnerability that could lead to reading arbitrary server files. By leveraging an exposed XML file, an unauthenticated attacker can enumerate other files on the server. | |||||
| CVE-2021-40724 | 2 Adobe, Google | 2 Acrobat Reader, Android | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Acrobat Reader for Android versions 21.8.0 (and earlier) are affected by a Path traversal vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-40680 | 1 Articatech | 1 Web Proxy | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
| There is a Directory Traversal vulnerability in Artica Proxy (4.30.000000 SP206 through SP255, and VMware appliance 4.30.000000 through SP273) via the filename parameter to /cgi-bin/main.cgi. | |||||
| CVE-2021-40668 | 1 Http File Server Project | 1 Http File Server | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
| The Android application HTTP File Server (Version 1.4.1) by 'slowscript' is affected by a path traversal vulnerability that permits arbitrary directory listing, file read, and file write. | |||||
| CVE-2021-40661 | 1 Mt | 2 Ind780, Ind780 Firmware | 2024-11-21 | N/A | 7.5 HIGH |
| A remote, unauthenticated, directory traversal vulnerability was identified within the web interface used by IND780 Advanced Weighing Terminals Build 8.0.07 March 19, 2018 (SS Label 'IND780_8.0.07'), Version 7.2.10 June 18, 2012 (SS Label 'IND780_7.2.10'). It was possible to traverse the folders of the affected host by providing a traversal path to the 'webpage' parameter in AutoCE.ini This could allow a remote unauthenticated adversary to access additional files on the affected system. This could also allow the adversary to perform further enumeration against the affected host to identify the versions of the systems in use, in order to launch further attacks in future. | |||||
| CVE-2021-40651 | 1 Os4ed | 1 Opensis | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| OS4Ed OpenSIS Community 8.0 is vulnerable to a local file inclusion vulnerability in Modules.php (modname parameter), which can disclose arbitrary file from the server's filesystem as long as the application has access to the file. | |||||
| CVE-2021-40525 | 1 Apache | 1 James | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| Apache James ManagedSieve implementation alongside with the file storage for sieve scripts is vulnerable to path traversal, allowing reading and writing any file. This vulnerability had been patched in Apache James 3.6.1 and higher. We recommend the upgrade. Distributed and Cassandra based products are also not impacted. | |||||
| CVE-2021-40371 | 1 Gridprosoftware | 1 Request Management | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Gridpro Request Management for Windows Azure Pack before 2.0.7912 allows Directory Traversal for remote code execution, as demonstrated by ..\\ in a scriptName JSON value to ServiceManagerTenant/GetVisibilityMap. | |||||
| CVE-2021-40359 | 1 Siemens | 5 Simatic Batch, Simatic Net Pc, Simatic Route Control and 2 more | 2024-11-21 | 5.0 MEDIUM | 7.7 HIGH |
| A vulnerability has been identified in OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions < V9.0 Upd4), OpenPCS 7 V9.1 (All versions), SIMATIC BATCH V8.2 (All versions), SIMATIC BATCH V9.0 (All versions), SIMATIC BATCH V9.1 (All versions), SIMATIC NET PC Software V14 (All versions), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions < V16 Update 6), SIMATIC NET PC Software V17 (All versions < V17 SP1), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3 UC04), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1), SIMATIC Route Control V8.2 (All versions), SIMATIC Route Control V9.0 (All versions), SIMATIC Route Control V9.1 (All versions), SIMATIC WinCC V15 and earlier (All versions < V15 SP1 Update 7), SIMATIC WinCC V16 (All versions < V16 Update 5), SIMATIC WinCC V17 (All versions < V17 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 19), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 5). When downloading files, the affected systems do not properly neutralize special elements within the pathname. An attacker could then cause the pathname to resolve to a location outside of the restricted directory on the server and read unexpected critical files. | |||||
| CVE-2021-40358 | 1 Siemens | 2 Simatic Pcs 7, Simatic Wincc | 2024-11-21 | 7.5 HIGH | 9.9 CRITICAL |
| A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3 UC04), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1), SIMATIC WinCC V15 and earlier (All versions < V15 SP1 Update 7), SIMATIC WinCC V16 (All versions < V16 Update 5), SIMATIC WinCC V17 (All versions < V17 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 19), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 5). Legitimate file operations on the web server of the affected systems do not properly neutralize special elements within the pathname. An attacker could then cause the pathname to resolve to a location outside of the restricted directory on the server and read, write or delete unexpected critical files. | |||||
| CVE-2021-40357 | 1 Siemens | 1 Teamcenter Active Workspace | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| A vulnerability has been identified in Teamcenter Active Workspace V4.3 (All versions < V4.3.10), Teamcenter Active Workspace V5.0 (All versions < V5.0.8), Teamcenter Active Workspace V5.1 (All versions < V5.1.5), Teamcenter Active Workspace V5.2 (All versions < V5.2.1). A path traversal vulnerability in the application could allow an attacker to bypass certain restrictions such as direct access to other services within the host. | |||||
| CVE-2021-40349 | 1 Speed Test Project | 1 Speed Test | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| e7d Speed Test (aka speedtest) 0.5.3 allows a path-traversal attack that results in information disclosure via the "GET /.." substring. | |||||
| CVE-2021-40285 | 1 Htmly | 1 Htmly | 2024-11-21 | N/A | 8.1 HIGH |
| htmly v2.8.1 was discovered to contain an arbitrary file deletion vulnerability via the component \views\backup.html.php. | |||||