Total
7648 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-3406 | 1 M-files | 1 Classic Web | 2024-11-21 | 7.7 High |
| Path Traversal issue in M-Files Classic Web versions below 23.6.12695.3 and LTS Service Release Versions before 23.2 LTS SR3 allows authenticated user to read some restricted files on the web server | ||||
| CVE-2023-3348 | 1 Cloudflare | 1 Wrangler | 2024-11-21 | 5.7 Medium |
| The Wrangler command line tool (<=wrangler@3.1.0 or <=wrangler@2.20.1) was affected by a directory traversal vulnerability when running a local development server for Pages (wrangler pages dev command). This vulnerability enabled an attacker in the same network as the victim to connect to the local development server and access the victim's files present outside of the directory for the development server. | ||||
| CVE-2023-3329 | 1 Spidercontrol | 1 Scadawebserver | 2024-11-21 | 6.5 Medium |
| SpiderControl SCADA Webserver versions 2.08 and prior are vulnerable to path traversal. An attacker with administrative privileges could overwrite files on the webserver using the HMI's upload file feature. This could create size zero files anywhere on the webserver, potentially overwriting system files and creating a denial-of-service condition. | ||||
| CVE-2023-3241 | 1 Otcms | 1 Otcms | 2024-11-21 | 3.5 Low |
| A vulnerability was found in OTCMS up to 6.62 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/read.php?mudi=announContent. The manipulation of the argument url leads to path traversal. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231512. | ||||
| CVE-2023-3098 | 1 Ubuntukylin | 1 Youker-assistant | 2024-11-21 | 4.4 Medium |
| A vulnerability classified as critical has been found in KylinSoft youker-assistant on KylinOS. Affected is the function restore_all_sound_file. The manipulation leads to path traversal: '../filedir'. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. Upgrading to version 3.0.2-0kylin6k70-23 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230688. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-39964 | 1 Fit2cloud | 1 1panel | 2024-11-21 | 7.5 High |
| 1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, arbitrary file reads allow an attacker to read arbitrary important configuration files on the server. In the `api/v1/file.go` file, there is a function called `LoadFromFile`, which directly reads the file by obtaining the requested path `parameter[path]`. The request parameters are not filtered, resulting in a background arbitrary file reading vulnerability. Version 1.5.0 has a patch for this issue. | ||||
| CVE-2023-39957 | 1 Nextcloud | 1 Talk | 2024-11-21 | 7.8 High |
| Nextcloud Talk Android allows users to place video and audio calls through Nextcloud on Android. Prior to version 17.0.0, an unprotected intend allowed malicious third party apps to trick the Talk Android app into writing files outside of its intended cache directory. Nextcloud Talk Android version 17.0.0 has a patch for this issue. No known workarounds are available. | ||||
| CVE-2023-39916 | 1 Nlnetlabs | 1 Routinator | 2024-11-21 | 9.3 Critical |
| NLnet Labs’ Routinator 0.9.0 up to and including 0.12.1 contains a possible path traversal vulnerability in the optional, off-by-default keep-rrdp-responses feature that allows users to store the content of responses received for RRDP requests. The location of these stored responses is constructed from the URL of the request. Due to insufficient sanitation of the URL, it is possible for an attacker to craft a URL that results in the response being stored outside of the directory specified for it. | ||||
| CVE-2023-39699 | 1 Icewarp | 1 Mail Server | 2024-11-21 | 9.8 Critical |
| IceWarp Mail Server v10.4.5 was discovered to contain a local file inclusion (LFI) vulnerability via the component /calendar/minimizer/index.php. This vulnerability allows attackers to include or execute files from the local file system of the targeted server. | ||||
| CVE-2023-39584 | 1 Hexo | 1 Hexo | 2024-11-21 | 7.5 High |
| Hexo up to v7.0.0 (RC2) was discovered to contain an arbitrary file read vulnerability. | ||||
| CVE-2023-39559 | 1 Web-audimex | 1 Audimexee | 2024-11-21 | 5.3 Medium |
| AudimexEE 15.0 was discovered to contain a full path disclosure vulnerability. | ||||
| CVE-2023-39528 | 1 Prestashop | 1 Prestashop | 2024-11-21 | 6.8 Medium |
| PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, the `displayAjaxEmailHTML` method can be used to read any file on the server, potentially even outside of the project if the server is not correctly configured. Version 8.1.1 contains a patch for this issue. There are no known workarounds. | ||||
| CVE-2023-39525 | 1 Prestashop | 1 Prestashop | 2024-11-21 | 6.5 Medium |
| PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, in the back office, files can be compromised using path traversal by replaying the import file deletion query with a specified file path that uses the traversal path. Version 8.1.1 contains a patch for this issue. There are no known workarounds. | ||||
| CVE-2023-39448 | 1 Ss-proj | 1 Shirasagi | 2024-11-21 | 8.8 High |
| Path traversal vulnerability in SHIRASAGI prior to v1.18.0 allows a remote authenticated attacker to alter or create arbitrary files on the server, resulting in arbitrary code execution. | ||||
| CVE-2023-39407 | 1 Huawei | 1 Harmonyos | 2024-11-21 | 9.1 Critical |
| The Watchkit has a risk of unauthorized file access.Successful exploitation of this vulnerability may affect confidentiality and integrity. | ||||
| CVE-2023-39402 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 9.1 Critical |
| Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization. | ||||
| CVE-2023-39401 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 9.1 Critical |
| Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization. | ||||
| CVE-2023-39400 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 9.1 Critical |
| Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization. | ||||
| CVE-2023-39299 | 1 Qnap | 1 Music Station | 2024-11-21 | 7.5 High |
| A path traversal vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions: Music Station 4.8.11 and later Music Station 5.1.16 and later Music Station 5.3.23 and later | ||||
| CVE-2023-39163 | 2024-11-21 | 8.6 High | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Averta Phlox Shop allows PHP Local File Inclusion.This issue affects Phlox Shop: from n/a through 2.0.0. | ||||