Total
8698 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-1558 | 1 Lfprojects | 1 Mlflow | 2025-02-03 | 7.5 High |
| A path traversal vulnerability exists in the `_create_model_version()` function within `server/handlers.py` of the mlflow/mlflow repository, due to improper validation of the `source` parameter. Attackers can exploit this vulnerability by crafting a `source` parameter that bypasses the `_validate_non_local_source_contains_relative_paths(source)` function's checks, allowing for arbitrary file read access on the server. The issue arises from the handling of unquoted URL characters and the subsequent misuse of the original `source` value for model version creation, leading to the exposure of sensitive files when interacting with the `/model-versions/get-artifact` handler. | ||||
| CVE-2024-1483 | 1 Lfprojects | 1 Mlflow | 2025-02-03 | 7.5 High |
| A path traversal vulnerability exists in mlflow/mlflow version 2.9.2, allowing attackers to access arbitrary files on the server. By crafting a series of HTTP POST requests with specially crafted 'artifact_location' and 'source' parameters, using a local URI with '#' instead of '?', an attacker can traverse the server's directory structure. The issue occurs due to insufficient validation of user-supplied input in the server's handlers. | ||||
| CVE-2024-57728 | 1 Simple-help | 1 Simplehelp | 2025-01-31 | 7.2 High |
| SimpleHelp remote support software v5.5.7 and before allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e. zip slip). This can be exploited to execute arbitrary code on the host in the context of the SimpleHelp server user. | ||||
| CVE-2023-31483 | 1 Cauldrondevelopment | 1 Cbang | 2025-01-31 | 7.5 High |
| tar/TarFileReader.cpp in Cauldron cbang before bastet-v8.1.17 has a directory traversal during extraction that allows the attacker to create or write to files outside the current directory via a crafted tar archive. | ||||
| CVE-2023-30380 | 1 Dedecms | 1 Dedecms | 2025-01-31 | 7.5 High |
| An issue in the component /dialog/select_media.php of DedeCMS v5.7.107 allows attackers to execute a directory traversal. | ||||
| CVE-2021-39312 | 1 Trueranker | 1 True Ranker | 2025-01-31 | 7.5 High |
| The True Ranker plugin <= 2.2.2 for WordPress allows arbitrary files, including sensitive configuration files such as wp-config.php, to be accessed via the src parameter found in the ~/admin/vendor/datatables/examples/resources/examples.php file. | ||||
| CVE-2023-2336 | 1 Pimcore | 1 Pimcore | 2025-01-31 | 6.5 Medium |
| Path Traversal in GitHub repository pimcore/pimcore prior to 10.5.21. | ||||
| CVE-2017-20184 | 1 Gavazzionline | 1 Powersoft | 2025-01-31 | 7.5 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Carlo Gavazzi Powersoft up to version 2.1.1.1 allows an unauthenticated, remote attacker to download any file from the affected device. | ||||
| CVE-2024-46664 | 1 Fortinet | 1 Fortirecorder | 2025-01-31 | 5.2 Medium |
| A relative path traversal in Fortinet FortiRecorder [CWE-23] version 7.2.0 through 7.2.1 and before 7.0.4 allows a privileged attacker to read files from the underlying filesystem via crafted HTTP or HTTPs requests. | ||||
| CVE-2024-36512 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2025-01-31 | 7 High |
| An improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiManager, FortiAnalyzer 7.4.0 through 7.4.3 and 7.2.0 through 7.2.5 and 7.0.2 through 7.0.12 and 6.2.10 through 6.2.13 allows attacker to execute unauthorized code or commands via crafted HTTP or HTTPS requests. | ||||
| CVE-2024-47566 | 1 Fortinet | 1 Fortirecorder | 2025-01-31 | 4.8 Medium |
| A improper limitation of a pathname to a restricted directory ('path traversal') [CWE-23] in Fortinet FortiRecorder version 7.2.0 through 7.2.1 and before 7.0.4 allows a privileged attacker to delete files from the underlying filesystem via crafted CLI requests. | ||||
| CVE-2023-2273 | 1 Rapid7 | 1 Insight Agent | 2025-01-31 | 5.8 Medium |
| Rapid7 Insight Agent token handler versions 3.2.6 and below, suffer from a Directory Traversal vulnerability whereby unsanitized input from a CLI argument flows into io.ioutil.WriteFile, where it is used as a path. This can result in a Path Traversal vulnerability and allow an attacker to write arbitrary files. This issue is remediated in version 3.3.0 via safe guards that reject inputs that attempt to do path traversal. | ||||
| CVE-2023-30507 | 1 Arubanetworks | 1 Edgeconnect Enterprise | 2025-01-31 | 4.9 Medium |
| Multiple authenticated path traversal vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface. Successful exploitation of these vulnerabilities result in the ability to read arbitrary files on the underlying operating system, including sensitive system files. | ||||
| CVE-2024-54154 | 1 Jetbrains | 1 Youtrack | 2025-01-31 | 8 High |
| In JetBrains YouTrack before 2024.3.51866 system takeover was possible through path traversal in plugin sandbox | ||||
| CVE-2023-28413 | 1 Snow Monkey Forms Project | 1 Snow Monkey Forms | 2025-01-31 | 9.8 Critical |
| Directory traversal vulnerability in Snow Monkey Forms versions v5.0.6 and earlier allows a remote unauthenticated attacker to obtain sensitive information, alter the website, or cause a denial-of-service (DoS) condition. | ||||
| CVE-2023-27507 | 1 Microengine | 1 Mailform | 2025-01-31 | 9.8 Critical |
| MicroEngine Mailform version 1.1.0 to 1.1.8 contains a path traversal vulnerability. If the product's file upload function and server save option are enabled, a remote attacker may save an arbitrary file on the server and execute it. | ||||
| CVE-2023-27067 | 1 Sitecore | 1 Experience Platform | 2025-01-31 | 7.5 High |
| Directory Traversal vulnerability in Sitecore Experience Platform through 10.2 allows remote attackers to download arbitrary files via crafted command to download.aspx | ||||
| CVE-2023-27066 | 1 Sitecore | 1 Experience Platform | 2025-01-31 | 6.5 Medium |
| Directory Traversal vulnerability in Site Core Experience Platform 10.2 and earlier allows authenticated remote attackers to download arbitrary files via Urlhandle. | ||||
| CVE-2023-22901 | 1 Changingtec | 1 Mobile One Time Password | 2025-01-30 | 4.9 Medium |
| ChangingTec MOTP system has a path traversal vulnerability. A remote attacker with administrator’s privilege can exploit this vulnerability to access arbitrary system files. | ||||
| CVE-2023-30852 | 1 Pimcore | 1 Pimcore | 2025-01-30 | 4.4 Medium |
| Pimcore is an open source data and experience management platform. Prior to version 10.5.21, the `/admin/misc/script-proxy` API endpoint that is accessible by an authenticated administrator user is vulnerable to arbitrary JavaScript and CSS file read via the `scriptPath` and `scripts` parameters. The `scriptPath` parameter is not sanitized properly and is vulnerable to path traversal attack. Any JavaScript/CSS file from the application server can be read by specifying sufficient number of `../` patterns to go out from the application webroot followed by path of the folder where the file is located in the "scriptPath" parameter and the file name in the "scripts" parameter. The JavaScript file is successfully read only if the web application has read access to it. Users should update to version 10.5.21 to receive a patch or, as a workaround, apply the patch manual. | ||||