Total
7648 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-35860 | 1 Moderncampus | 1 Omni Cms | 2024-11-21 | 5.3 Medium |
| A Directory Traversal vulnerability in Modern Campus - Omni CMS 2023.1 allows a remote, unauthenticated attacker to enumerate file system information via the dir parameter to listing.php or rss.php. | ||||
| CVE-2023-35187 | 1 Solarwinds | 1 Access Rights Manager | 2024-11-21 | 8.8 High |
| The SolarWinds Access Rights Manager was susceptible to a Directory Traversal Remote Code Vulnerability. This vulnerability allows an unauthenticated user to achieve the Remote Code Execution. | ||||
| CVE-2023-35185 | 1 Solarwinds | 1 Access Rights Manager | 2024-11-21 | 6.8 Medium |
| The SolarWinds Access Rights Manager was susceptible to a Directory Traversal Remote Code Vulnerability using SYSTEM privileges. | ||||
| CVE-2023-35069 | 1 Biges | 1 Bullwark Momentum Series | 2024-11-21 | 7.5 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Bullwark allows Path Traversal.This issue affects Bullwark: before BLW-2016E-960H. | ||||
| CVE-2023-35020 | 3 Ibm, Linux, Microsoft | 5 Aix, Linux On Ibm Z, Sterling Control Center and 2 more | 2024-11-21 | 5.4 Medium |
| IBM Sterling Control Center 6.3.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 257874. | ||||
| CVE-2023-35016 | 1 Ibm | 1 Security Verify Governance | 2024-11-21 | 6.5 Medium |
| IBM Security Verify Governance, Identity Manager 10.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 257772. | ||||
| CVE-2023-35003 | 1 Intel | 1 Virtual Raid On Cpu | 2024-11-21 | 6.7 Medium |
| Path transversal in some Intel(R) VROC software before version 8.0.8.1001 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-34260 | 1 Kyocera | 2 D-copia253mf Plus, D-copia253mf Plus Firmware | 2024-11-21 | 7.5 High |
| Kyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow a denial of service (service outage) via /wlmdeu%2f%2e%2e%2f%2e%2e followed by a directory reference such as %2fetc%00index.htm to try to read the /etc directory. | ||||
| CVE-2023-34259 | 1 Kyocera | 2 D-copia253mf Plus, D-copia253mf Plus Firmware | 2024-11-21 | 4.9 Medium |
| Kyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow /wlmdeu%2f%2e%2e%2f%2e%2e directory traversal to read arbitrary files on the filesystem, even files that require root privileges. NOTE: this issue exists because of an incomplete fix for CVE-2020-23575. | ||||
| CVE-2023-34217 | 1 Moxa | 4 Tn-4900, Tn-4900 Firmware, Tn-5900 and 1 more | 2024-11-21 | 8.1 High |
| TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-delete function, which could potentially allow malicious users to delete arbitrary files. | ||||
| CVE-2023-34216 | 1 Moxa | 4 Tn-4900, Tn-4900 Firmware, Tn-5900 and 1 more | 2024-11-21 | 8.1 High |
| TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability derives from insufficient input validation in the key-delete function, which could potentially allow malicious users to delete arbitrary files. | ||||
| CVE-2023-34208 | 1 Easyuse | 1 Mailhunter Ultimate | 2024-11-21 | 6.5 Medium |
| Path Traversal in create template function in EasyUse MailHunter Ultimate 2023 and earlier allow remote authenticated users to extract files into arbitrary directories via a crafted ZIP archive. | ||||
| CVE-2023-34135 | 1 Sonicwall | 2 Analytics, Global Management System | 2024-11-21 | 6.5 Medium |
| Path Traversal vulnerability in SonicWall GMS and Analytics allows a remote authenticated attacker to read arbitrary files from the underlying file system via web service. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions. | ||||
| CVE-2023-34129 | 1 Sonicwall | 2 Analytics, Global Management System | 2024-11-21 | 8.8 High |
| Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in SonicWall GMS and Analytics allows an authenticated remote attacker to traverse the directory and extract arbitrary files using Zip Slip method to any location on the underlying filesystem with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions. | ||||
| CVE-2023-34125 | 1 Sonicwall | 2 Analytics, Global Management System | 2024-11-21 | 6.5 Medium |
| Path Traversal vulnerability in GMS and Analytics allows an authenticated attacker to read arbitrary files from the underlying filesystem with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions. | ||||
| CVE-2023-34117 | 1 Zoom | 1 Zoom Software Development Kit | 2024-11-21 | 3.3 Low |
| Relative path traversal in the Zoom Client SDK before version 5.15.0 may allow an unauthorized user to enable information disclosure via local access. | ||||
| CVE-2023-34062 | 1 Pivotal | 1 Reactor Netty | 2024-11-21 | 7.5 High |
| In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, a malicious user can send a request using a specially crafted URL that can lead to a directory traversal attack. Specifically, an application is vulnerable if Reactor Netty HTTP Server is configured to serve static resources. | ||||
| CVE-2023-33989 | 1 Sap | 1 Netweaver Bi Content | 2024-11-21 | 8.7 High |
| An attacker with non-administrative authorizations in SAP NetWeaver (BI CONT ADD ON) - versions 707, 737, 747, 757, can exploit a directory traversal flaw to over-write system files. Data from confidential files cannot be read but potentially some OS files can be over-written leading to system compromise. | ||||
| CVE-2023-33878 | 1 Intel | 2 Audio Install Package, Nuc P14e Laptop Element Cmcn1cc | 2024-11-21 | 6.7 Medium |
| Path transversal in some Intel(R) NUC P14E Laptop Element Audio Install Package software before version 156 for Windows may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-33777 | 1 Prestashop | 1 Amazon | 2024-11-21 | 5.3 Medium |
| An issue in /functions/fbaorder.php of Prestashop amazon before v5.2.24 allows attackers to execute a directory traversal attack. | ||||