Total
7108 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-24143 | 1 Ninjateam | 1 Video Downloader For Tiktok | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal in the Video Downloader for TikTok (aka downloader-tiktok) plugin 1.3 for WordPress lets an attacker get access to files that are stored outside the web root folder via the njt-tk-download-video parameter. | |||||
| CVE-2020-24137 | 1 Wcms | 1 Wcms | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Directory traversal vulnerability in Wcms 0.3.2 allows an attacker to read arbitrary files on the server that is running an application via the path parameter to wex/cssjs.php. | |||||
| CVE-2020-24136 | 1 Wcms | 1 Wcms | 2024-11-21 | 7.8 HIGH | 8.6 HIGH |
| Directory traversal in Wcms 0.3.2 allows an attacker to read arbitrary files on the server that is running an application via the pagename parameter to wex/html.php. | |||||
| CVE-2020-24113 | 1 Yealink | 2 W60b, W60b Firmware | 2024-11-21 | N/A | 9.1 CRITICAL |
| Directory Traversal vulnerability in Contacts File Upload Interface in Yealink W60B version 77.83.0.85, allows attackers to gain sensitive information and cause a denial of service (DoS). | |||||
| CVE-2020-24102 | 2024-11-21 | N/A | 7.6 HIGH | ||
| Directory Traversal vulnerability in Punkbuster pbsv.d64 2.351, allows remote attackers to execute arbitrary code. | |||||
| CVE-2020-23766 | 1 Htmly | 1 Htmly | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
| An arbitrary file deletion vulnerability was discovered on htmly v2.7.5 which allows remote attackers to use any absolute path to delete any file in the server should they gain Administrator privileges. | |||||
| CVE-2020-23715 | 1 Webport Cms Project | 1 Webport Cms | 2024-11-21 | 5.0 MEDIUM | 8.6 HIGH |
| Directory Traversal vulnerability in Webport CMS 1.19.10.17121 via the file parameter to file/download. | |||||
| CVE-2020-23575 | 1 Kyocera | 2 D-copia253mf Plus, D-copia253mf Plus Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A directory traversal vulnerability exists in Kyocera Printer d-COPIA253MF plus. Successful exploitation of this vulnerability could allow an attacker to retrieve or view arbitrary files from the affected server. | |||||
| CVE-2020-23172 | 1 Kuba Project | 1 Kuba | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| A vulnerability in all versions of Kuba allows attackers to overwrite arbitrary files in arbitrary directories with crafted Zip files due to improper validation of file paths in .zip archives. | |||||
| CVE-2020-23161 | 1 Pyres | 2 Termod4, Termod4 Firmware | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Local file inclusion in Pyrescom Termod4 time management devices before 10.04k allows authenticated remote attackers to traverse directories and read sensitive files via the Maintenance > Logs menu and manipulating the file-path in the URL. | |||||
| CVE-2020-23069 | 1 Webtareas Project | 1 Webtareas | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Path Traversal vulneraility exists in webTareas 2.0 via the extpath parameter in general_serv.php, which could let a malicious user read arbitrary files. | |||||
| CVE-2020-23061 | 1 Dropouts | 1 Super Backup | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Dropouts Technologies LLP Super Backup v2.0.5 was discovered to contain an issue in the path parameter of the `list` and `download` module which allows attackers to perform a directory traversal via a change to the path variable to request the local list command. | |||||
| CVE-2020-23040 | 1 Sky File Project | 1 Sky File | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Sky File v2.1.0 contains a directory traversal vulnerability in the FTP server which allows attackers to access sensitive data and files via 'null' path commands. | |||||
| CVE-2020-23038 | 1 Kumilabs | 1 Swift File Transfer | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Swift File Transfer Mobile v1.1.2 and below was discovered to contain an information disclosure vulnerability in the path parameter. This vulnerability is exploited via an error caused by including non-existent path environment variables. | |||||
| CVE-2020-22623 | 1 Insightsoftware | 1 Jreport | 2024-11-21 | N/A | 7.5 HIGH |
| Directory traversal vulnerability in Jinfornet Jreport 15.6 allows unauthenticated attackers to gain sensitive information. | |||||
| CVE-2020-22550 | 1 Veno File Manager Project | 1 Veno File Manager | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Veno File Manager 3.5.6 is affected by a directory traversal vulnerability. Using the traversal allows an attacker to download sensitive files from the server. | |||||
| CVE-2020-22200 | 1 Phpcms | 1 Phpcms | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Directory Traversal vulnerability in phpCMS 9.1.13 via the q parameter to public_get_suggest_keyword. | |||||
| CVE-2020-21862 | 1 Duxcms Project | 1 Duxcms | 2024-11-21 | N/A | 8.1 HIGH |
| Directory traversal vulnerability in DuxCMS 2.1 allows attackers to delete arbitrary files via /admin/AdminBackup/del. | |||||
| CVE-2020-21642 | 1 Zohocorp | 1 Manageengine Analytics Plus | 2024-11-21 | N/A | 9.8 CRITICAL |
| Directory Traversal vulnerability ZDBQAREFSUBDIR parameter in /zropusermgmt API in Zoho ManageEngine Analytics Plus before 4350 allows remote attackers to run arbitrary code. | |||||
| CVE-2020-21590 | 1 Wuzhicms | 1 Wuzhicms | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Directory traversal in coreframe/app/template/admin/index.php in WUZHI CMS 4.1.0 allows attackers to list files in arbitrary directories via the dir parameter. | |||||