Total
7648 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-45867 | 1 Ilias | 1 Ilias | 2024-11-21 | 6.5 Medium |
| ILIAS (2013-09-12 release) contains a medium-criticality Directory Traversal local file inclusion vulnerability in the ScormAicc module. An attacker with a privileged account, typically holding the tutor role, can exploit this to gain unauthorized access to and potentially retrieve confidential files stored on the web server. The attacker can access files that are readable by the web server user www-data; this may include sensitive configuration files and documents located outside the documentRoot. The vulnerability is exploited by an attacker who manipulates the file parameter in a URL, inserting directory traversal sequences in order to access unauthorized files. This manipulation allows the attacker to retrieve sensitive files, such as /etc/passwd, potentially compromising the system's security. This issue poses a significant risk to confidentiality and is remotely exploitable over the internet. | ||||
| CVE-2023-45855 | 1 Qdpm | 1 Qdpm | 2024-11-21 | 7.5 High |
| qdPM 9.2 allows Directory Traversal to list files and directories by navigating to the /uploads URI. | ||||
| CVE-2023-45823 | 1 Artifacthub | 1 Hub | 2024-11-21 | 7.5 High |
| Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub's code base a security researcher identified a bug in which by using symbolic links in certain kinds of repositories loaded into Artifact Hub, it was possible to read internal files. Artifact Hub indexes content from a variety of sources, including git repositories. When processing git based repositories, Artifact Hub clones the repository and, depending on the artifact kind, reads some files from it. During this process, in some cases, no validation was done to check if the file was a symbolic link. This made possible to read arbitrary files in the system, potentially leaking sensitive information. This issue has been resolved in version `1.16.0`. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-45689 | 1 Southrivertech | 2 Titan Mft Server, Titan Sftp Server | 2024-11-21 | 6.5 Medium |
| Lack of sufficient path validation in South River Technologies' Titan MFT and Titan SFTP servers on Windows and Linux allows an authenticated attacker with administrative privileges to read any file on the filesystem via path traversal | ||||
| CVE-2023-45688 | 1 Southrivertech | 2 Titan Mft Server, Titan Sftp Server | 2024-11-21 | 4.3 Medium |
| Lack of sufficient path validation in South River Technologies' Titan MFT and Titan SFTP servers on Linux allows an authenticated attacker to get the size of an arbitrary file on the filesystem using path traversal in the ftp "SIZE" command | ||||
| CVE-2023-45686 | 1 Southrivertech | 1 Titan Mfp Server | 2024-11-21 | 7.2 High |
| Insufficient path validation when writing a file via WebDAV in South River Technologies' Titan MFT and Titan SFTP servers on Linux allows an authenticated attacker to write a file to any location on the filesystem via path traversal | ||||
| CVE-2023-45685 | 1 Southrivertech | 2 Titan Mft Server, Titan Sftp Server | 2024-11-21 | 9.1 Critical |
| Insufficient path validation when extracting a zip archive in South River Technologies' Titan MFT and Titan SFTP servers on Windows and Linux allows an authenticated attacker to write a file to any location on the filesystem via path traversal | ||||
| CVE-2023-45652 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 6.5 Medium |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Justin Silver Remote Content Shortcode allows PHP Local File Inclusion.This issue affects Remote Content Shortcode: from n/a through 1.5. | ||||
| CVE-2023-45385 | 2024-11-21 | 7.5 High | ||
| ProQuality pqprintshippinglabels before v.4.15.0 is vulnerable to Directory Traversal via the pqprintshippinglabels module. | ||||
| CVE-2023-45383 | 1 Common-services | 1 Sonice Etiquetage | 2024-11-21 | 7.5 High |
| In the module "SoNice etiquetage" (sonice_etiquetage) up to version 2.5.9 from Common-Services for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack. Due to a lack of permissions control and a lack of control in the path name construction, a guest can perform a path traversal to view all files on the information system. | ||||
| CVE-2023-45382 | 1 Common-services | 1 Sonice Retour | 2024-11-21 | 7.5 High |
| In the module "SoNice Retour" (sonice_retour) up to version 2.1.0 from Common-Services for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack. Due to a lack of permissions control and a lack of control in the path name construction, a guest can perform a path traversal to view all files on the information system. | ||||
| CVE-2023-45352 | 1 Atos | 1 Unify Openscape Common Management | 2024-11-21 | 8.8 High |
| Atos Unify OpenScape Common Management Portal V10 before V10 R4.17.0 and V10 R5.1.0 allows an authenticated attacker to execute arbitrary code on the operating system via a Common Management Portal web interface Path traversal vulnerability allowing write access outside the intended folders. This is also known as OCMP-6592. | ||||
| CVE-2023-45278 | 1 Spaceapplications | 1 Yamcs | 2024-11-21 | 9.1 Critical |
| Directory Traversal vulnerability in the storage functionality of the API in Yamcs 5.8.6 allows attackers to delete arbitrary files via crafted HTTP DELETE request. | ||||
| CVE-2023-45277 | 1 Spaceapplications | 1 Yamcs | 2024-11-21 | 7.5 High |
| Yamcs 5.8.6 is vulnerable to directory traversal (issue 1 of 2). The vulnerability is in the storage functionality of the API and allows one to escape the base directory of the buckets, freely navigate system directories, and read arbitrary files. | ||||
| CVE-2023-45197 | 2 Adminer, Adminerevo | 2 Adminer, Adminerevo | 2024-11-21 | 9.8 Critical |
| The file upload plugin in Adminer and AdminerEvo allows an attacker to upload a file with a table name of “..” to the root of the Adminer directory. The attacker can effectively guess the name of the uploaded file and execute it. Adminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.3. | ||||
| CVE-2023-45027 | 1 Qnap | 3 Qts, Quts Hero, Qutscloud | 2024-11-21 | 5.5 Medium |
| A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTScloud c5.1.5.2651 and later | ||||
| CVE-2023-45026 | 1 Qnap | 3 Qts, Quts Hero, Qutscloud | 2024-11-21 | 5.5 Medium |
| A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTScloud c5.1.5.2651 and later | ||||
| CVE-2023-44395 | 1 Autolabproject | 1 Autolab | 2024-11-21 | 4.9 Medium |
| Autolab is a course management service that enables instructors to offer autograded programming assignments to their students over the Web. Path traversal vulnerabilities were discovered in Autolab's assessment functionality in versions of Autolab prior to 2.12.0, whereby instructors can perform arbitrary file reads. Version 2.12.0 contains a patch. There are no feasible workarounds for this issue. | ||||
| CVE-2023-44306 | 1 Dell | 2 Dm5500, Dm5500 Firmware | 2024-11-21 | 6.5 Medium |
| Dell DM5500 contains a path traversal vulnerability in the appliance. A remote attacker with high privileges could potentially exploit this vulnerability to overwrite configuration files stored on the server filesystem. | ||||
| CVE-2023-44278 | 1 Dell | 12 Apex Protection Storage, Dd3300, Dd6400 and 9 more | 2024-11-21 | 6.7 Medium |
| Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain a path traversal vulnerability. A local high privileged attacker could potentially exploit this vulnerability, to gain unauthorized read and write access to the OS files stored on the server filesystem, with the privileges of the running application. | ||||