Total
7028 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-36639 | 2 Alliedmods, Microsoft | 2 Amx Mod X, Windows | 2024-11-21 | 4.7 MEDIUM | 4.3 MEDIUM |
| A vulnerability has been found in AlliedModders AMX Mod X on Windows and classified as critical. This vulnerability affects the function cmdVoteMap of the file plugins/adminvote.sma of the component Console Command Handler. The manipulation of the argument amx_votemap leads to path traversal. The patch is identified as a5f2b5539f6d61050b68df8b22ebb343a2862681. It is recommended to apply a patch to fix this issue. VDB-217354 is the identifier assigned to this vulnerability. | |||||
| CVE-2020-36629 | 1 Httpster Project | 1 Httpster | 2024-11-21 | N/A | 5.5 MEDIUM |
| A vulnerability classified as critical was found in SimbCo httpster. This vulnerability affects the function fs.realpathSync of the file src/server.coffee. The manipulation leads to path traversal. The exploit has been disclosed to the public and may be used. The name of the patch is d3055b3e30b40b65d30c5a06d6e053dffa7f35d0. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216748. | |||||
| CVE-2020-36628 | 1 Android Processing Development Environment Project | 1 Android Processing Development Environment | 2024-11-21 | N/A | 5.5 MEDIUM |
| A vulnerability classified as critical has been found in Calsign APDE. This affects the function handleExtract of the file APDE/src/main/java/com/calsignlabs/apde/build/dag/CopyBuildTask.java of the component ZIP File Handler. The manipulation leads to path traversal. Upgrading to version 0.5.2-pre2-alpha is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216747. | |||||
| CVE-2020-36488 | 1 Sky File Project | 1 Sky File | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue in the FTP server of Sky File v2.1.0 allows attackers to perform directory traversal via `/null//` path commands. | |||||
| CVE-2020-36364 | 1 Smartstore | 1 Smartstorenet | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in Smartstore (aka SmartStoreNET) before 4.1.0. Administration/Controllers/ImportController.cs allows path traversal (for copy and delete actions) in the ImportController.Create method via a TempFileName field. | |||||
| CVE-2020-36321 | 1 Vaadin | 2 Flow, Vaadin | 2024-11-21 | 5.0 MEDIUM | 5.9 MEDIUM |
| Improper URL validation in development mode handler in com.vaadin:flow-server versions 2.0.0 through 2.4.1 (Vaadin 14.0.0 through 14.4.2), and 3.0 prior to 5.0 (Vaadin 15 prior to 18) allows attacker to request arbitrary files stored outside of intended frontend resources folder. | |||||
| CVE-2020-36241 | 2 Fedoraproject, Gnome | 2 Fedora, Gnome-autoar | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location. | |||||
| CVE-2020-36142 | 1 Bloofox | 1 Bloofoxcms | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| BloofoxCMS 0.5.2.1 allows Directory traversal vulnerability by inserting '../' payloads within the 'fileurl' parameter. | |||||
| CVE-2020-36052 | 1 1234n | 1 Minicms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Directory traversal vulnerability in post-edit.php in MiniCMS V1.10 allows remote attackers to include and execute arbitrary files via the state parameter. | |||||
| CVE-2020-36051 | 1 1234n | 1 Minicms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in page_edit.php in MiniCMS V1.10 allows remote attackers to read arbitrary files via the state parameter. | |||||
| CVE-2020-35883 | 1 Mozwire Project | 1 Mozwire | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in the mozwire crate through 2020-08-18 for Rust. A ../ directory-traversal situation allows overwriting local files that have .conf at the end of the filename. | |||||
| CVE-2020-35762 | 1 Bloofox | 1 Bloofoxcms | 2024-11-21 | 4.0 MEDIUM | 2.7 LOW |
| bloofoxCMS 0.5.2.1 is infected with Path traversal in the 'fileurl' parameter that allows attackers to read local files. | |||||
| CVE-2020-35749 | 1 Presstigers | 1 Simple Board Job | 2024-11-21 | 4.0 MEDIUM | 7.7 HIGH |
| Directory traversal vulnerability in class-simple_job_board_resume_download_handler.php in the Simple Board Job plugin 2.9.3 and earlier for WordPress allows remote attackers to read arbitrary files via the sjb_file parameter to wp-admin/post.php. | |||||
| CVE-2020-35736 | 1 Liftoffsoftware | 1 Gateone | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| GateOne 1.1 allows arbitrary file download without authentication via /downloads/.. directory traversal because os.path.join is misused. | |||||
| CVE-2020-35709 | 1 Bloofox | 1 Bloofoxcms | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| bloofoxCMS 0.5.2.1 allows admins to upload arbitrary .php files (with "Content-Type: application/octet-stream") to ../media/images/ via the admin/index.php?mode=tools&page=upload URI, aka directory traversal. | |||||
| CVE-2020-35612 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Joomla! 2.5.0 through 3.9.22. The folder parameter of mod_random_image lacked input validation, leading to a path traversal vulnerability. | |||||
| CVE-2020-35598 | 1 Advanced Comment System Project | 1 Advanced Comment System | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| ACS Advanced Comment System 1.0 is affected by Directory Traversal via an advanced_component_system/index.php?ACS_path=..%2f URI. NOTE: this might be the same as CVE-2009-4623 | |||||
| CVE-2020-35580 | 1 Searchblox | 1 Searchblox | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A local file inclusion vulnerability in the FileServlet in all SearchBlox before 9.2.2 allows remote, unauthenticated users to read arbitrary files from the operating system via a /searchblox/servlet/FileServlet?col=url= request. Additionally, this may be used to read the contents of the SearchBlox configuration file (e.g., searchblox/WEB-INF/config.xml), which contains both the Super Admin's API key and the base64 encoded SHA1 password hashes of other SearchBlox users. | |||||
| CVE-2020-35370 | 1 Raysync | 1 Raysync | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
| A RCE vulnerability exists in Raysync below 3.3.3.8. An unauthenticated unauthorized attacker sending a specifically crafted request to override the specific file in server with malicious content can login as "admin", then to modify specific shell file to achieve remote code execution(RCE) on the hosting server. | |||||
| CVE-2020-35362 | 1 Dext5 | 1 Dext5upload | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| DEXT5Upload 2.7.1262310 and earlier is affected by Directory Traversal in handler/dext5handler.jsp. This could allow remote files to be downloaded via a dext5CMD=downloadRequest action with traversal in the fileVirtualPath parameter (the attacker must provide the correct fileOrgName value). | |||||