Total
7225 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-34208 | 1 Easyuse | 1 Mailhunter Ultimate | 2024-11-21 | N/A | 6.5 MEDIUM |
| Path Traversal in create template function in EasyUse MailHunter Ultimate 2023 and earlier allow remote authenticated users to extract files into arbitrary directories via a crafted ZIP archive. | |||||
| CVE-2023-34135 | 1 Sonicwall | 2 Analytics, Global Management System | 2024-11-21 | N/A | 6.5 MEDIUM |
| Path Traversal vulnerability in SonicWall GMS and Analytics allows a remote authenticated attacker to read arbitrary files from the underlying file system via web service. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions. | |||||
| CVE-2023-34129 | 1 Sonicwall | 2 Analytics, Global Management System | 2024-11-21 | N/A | 8.8 HIGH |
| Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in SonicWall GMS and Analytics allows an authenticated remote attacker to traverse the directory and extract arbitrary files using Zip Slip method to any location on the underlying filesystem with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions. | |||||
| CVE-2023-34125 | 1 Sonicwall | 2 Analytics, Global Management System | 2024-11-21 | N/A | 6.5 MEDIUM |
| Path Traversal vulnerability in GMS and Analytics allows an authenticated attacker to read arbitrary files from the underlying filesystem with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions. | |||||
| CVE-2023-34117 | 1 Zoom | 1 Zoom Software Development Kit | 2024-11-21 | N/A | 3.3 LOW |
| Relative path traversal in the Zoom Client SDK before version 5.15.0 may allow an unauthorized user to enable information disclosure via local access. | |||||
| CVE-2023-34096 | 1 Thruk | 1 Thruk | 2024-11-21 | N/A | 6.5 MEDIUM |
| Thruk is a multibackend monitoring webinterface which currently supports Naemon, Icinga, Shinken and Nagios as backends. In versions 3.06 and prior, the file `panorama.pm` is vulnerable to a Path Traversal vulnerability which allows an attacker to upload a file to any folder which has write permissions on the affected system. The parameter location is not filtered, validated or sanitized and it accepts any kind of characters. For a path traversal attack, the only characters required were the dot (`.`) and the slash (`/`). A fix is available in version 3.06.2. | |||||
| CVE-2023-34062 | 1 Pivotal | 1 Reactor Netty | 2024-11-21 | N/A | 7.5 HIGH |
| In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, a malicious user can send a request using a specially crafted URL that can lead to a directory traversal attack. Specifically, an application is vulnerable if Reactor Netty HTTP Server is configured to serve static resources. | |||||
| CVE-2023-33989 | 1 Sap | 1 Netweaver Bi Content | 2024-11-21 | N/A | 8.7 HIGH |
| An attacker with non-administrative authorizations in SAP NetWeaver (BI CONT ADD ON) - versions 707, 737, 747, 757, can exploit a directory traversal flaw to over-write system files. Data from confidential files cannot be read but potentially some OS files can be over-written leading to system compromise. | |||||
| CVE-2023-33878 | 1 Intel | 2 Audio Install Package, Nuc P14e Laptop Element Cmcn1cc | 2024-11-21 | N/A | 6.7 MEDIUM |
| Path transversal in some Intel(R) NUC P14E Laptop Element Audio Install Package software before version 156 for Windows may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-33777 | 1 Prestashop | 1 Amazon | 2024-11-21 | N/A | 5.3 MEDIUM |
| An issue in /functions/fbaorder.php of Prestashop amazon before v5.2.24 allows attackers to execute a directory traversal attack. | |||||
| CVE-2023-33756 | 1 Foswiki | 1 Foswiki | 2024-11-21 | N/A | 7.5 HIGH |
| An issue in the SpreadSheetPlugin component of Foswiki v2.1.7 and below allows attackers to execute a directory traversal. | |||||
| CVE-2023-33690 | 1 Sonicjs | 1 Sonicjs | 2024-11-21 | N/A | 6.5 MEDIUM |
| SonicJS up to v0.7.0 allows attackers to execute an authenticated path traversal when an attacker injects special characters into the filename of a backup CMS. | |||||
| CVE-2023-33411 | 1 Supermicro | 724 B12dpe-6, B12dpe-6 Firmware, B12dpt-6 and 721 more | 2024-11-21 | N/A | 7.5 HIGH |
| A web server in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions up to 3.17.02, allows remote unauthenticated users to perform directory traversal, potentially disclosing sensitive information. | |||||
| CVE-2023-33369 | 1 Assaabloy | 1 Control Id Idsecure | 2024-11-21 | N/A | 9.1 CRITICAL |
| A path traversal vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing attackers to delete arbitrary files on IDSecure filesystem, causing a denial of service. | |||||
| CVE-2023-33365 | 1 Supremainc | 1 Biostar 2 | 2024-11-21 | N/A | 7.5 HIGH |
| A path traversal vulnerability exists in Suprema BioStar 2 before 2.9.1, which allows unauthenticated attackers to fetch arbitrary files from the server's web server. | |||||
| CVE-2023-33310 | 2024-11-21 | N/A | 6.0 MEDIUM | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Valiano Unite Gallery Lite allows PHP Local File Inclusion.This issue affects Unite Gallery Lite: from n/a through 1.7.59. | |||||
| CVE-2023-33277 | 1 Gira | 2 Knx Ip Router, Knx Ip Router Firmware | 2024-11-21 | N/A | 7.5 HIGH |
| The web interface of Gira Giersiepen Gira KNX/IP-Router 3.1.3683.0 and 3.3.8.0 allows a remote attacker to read sensitive files via directory-traversal sequences in the URL. | |||||
| CVE-2023-33227 | 1 Solarwinds | 1 Network Configuration Manager | 2024-11-21 | N/A | 8.0 HIGH |
| The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability This vulnerability allows a low level user to perform the actions with SYSTEM privileges. | |||||
| CVE-2023-33226 | 1 Solarwinds | 1 Network Configuration Manager | 2024-11-21 | N/A | 8.0 HIGH |
| The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows a low-level user to perform the actions with SYSTEM privileges. | |||||
| CVE-2023-33177 | 1 Xibosignage | 1 Xibo | 2024-11-21 | N/A | 8.8 HIGH |
| Xibo is a content management system (CMS). A path traversal vulnerability exists in the Xibo CMS whereby a specially crafted zip file can be uploaded to the CMS via the layout import function by an authenticated user which would allow creation of files outside of the CMS library directory as the webserver user. This can be used to upload a PHP webshell inside the web root directory and achieve remote code execution as the webserver user. Users should upgrade to version 2.3.17 or 3.3.5, which fix this issue. Customers who host their CMS with Xibo Signage have already received an upgrade or patch to resolve this issue regardless of the CMS version that they are running. | |||||