Total
148 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-25172 | 1 Bbraun | 1 Onlinesuite Application Package | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
A relative path traversal attack in the B. Braun OnlineSuite Version AP 3.0 and earlier allows unauthenticated attackers to upload or download arbitrary files. | |||||
CVE-2019-19287 | 1 Siemens | 1 Xhq | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
A vulnerability has been identified in XHQ (All Versions < 6.1). The web interface could allow attackers to traverse through the file system of the server based by sending specially crafted packets over the network without authentication. | |||||
CVE-2019-18338 | 1 Siemens | 2 Sinvr 3 Central Control Server, Sinvr 3 Video Server | 2024-11-21 | 4.0 MEDIUM | 7.7 HIGH |
A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) contains a directory traversal vulnerability in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. An authenticated remote attacker with network access to the CCS server could exploit this vulnerability to list arbitrary directories or read files outside of the CCS application context. | |||||
CVE-2024-11309 | 1 Trcore | 1 Dvc | 2024-11-20 | N/A | 7.5 HIGH |
The DVC from TRCore has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files. | |||||
CVE-2024-11310 | 1 Trcore | 1 Dvc | 2024-11-20 | N/A | 7.5 HIGH |
The DVC from TRCore has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files. | |||||
CVE-2024-11311 | 1 Trcore | 1 Dvc | 2024-11-20 | N/A | 9.8 CRITICAL |
The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells. | |||||
CVE-2024-11312 | 1 Trcore | 1 Dvc | 2024-11-20 | N/A | 9.8 CRITICAL |
The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells. | |||||
CVE-2024-11313 | 1 Trcore | 1 Dvc | 2024-11-20 | N/A | 9.8 CRITICAL |
The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells. | |||||
CVE-2024-11314 | 1 Trcore | 1 Dvc | 2024-11-20 | N/A | 9.8 CRITICAL |
The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells. | |||||
CVE-2024-11315 | 1 Trcore | 1 Dvc | 2024-11-20 | N/A | 9.8 CRITICAL |
The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells. | |||||
CVE-2024-6985 | 1 Lollms | 1 Lollms | 2024-11-15 | N/A | 4.4 MEDIUM |
A path traversal vulnerability exists in the api open_personality_folder endpoint of parisneo/lollms-webui. This vulnerability allows an attacker to read any folder in the personality_folder on the victim's computer, even though sanitize_path is set. The issue arises due to improper sanitization of the personality_folder parameter, which can be exploited to traverse directories and access arbitrary files. | |||||
CVE-2024-47769 | 1 Idurarapp | 1 Idurar | 2024-11-13 | N/A | 7.5 HIGH |
IDURAR is open source ERP CRM accounting invoicing software. The vulnerability exists in the corePublicRouter.js file. Using the reference usage here, it is identified that the public endpoint is accessible to an unauthenticated user. The user's input is directly appended to the join statement without additional checks. This allows an attacker to send URL encoded malicious payload. The directory structure can be escaped to read system files by adding an encoded string (payload) at subpath location. | |||||
CVE-2024-10200 | 1 Wellchoose | 1 Administrative Management System | 2024-10-24 | N/A | 7.5 HIGH |
Administrative Management System from Wellchoose has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to download arbitrary files on the server. | |||||
CVE-2024-9923 | 1 Teamplus | 1 Team\+ Pro | 2024-10-24 | N/A | 4.9 MEDIUM |
The Team+ from TEAMPLUS TECHNOLOGY does not properly validate a specific page parameter, allowing remote attackers with administrator privileges to move arbitrary system files to the website root directory and access them. | |||||
CVE-2024-9922 | 1 Teamplus | 1 Team\+ Pro | 2024-10-24 | N/A | 7.5 HIGH |
The Team+ from TEAMPLUS TECHNOLOGY does not properly validate a specific page parameter, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files. | |||||
CVE-2024-43614 | 1 Microsoft | 1 Defender For Endpoint | 2024-10-21 | N/A | 5.5 MEDIUM |
Microsoft Defender for Endpoint for Linux Spoofing Vulnerability | |||||
CVE-2024-45731 | 2 Microsoft, Splunk | 2 Windows, Splunk | 2024-10-17 | N/A | 8.0 HIGH |
In Splunk Enterprise for Windows versions below 9.3.1, 9.2.3, and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could write a file to the Windows system root directory, which has a default location in the Windows System32 folder, when Splunk Enterprise for Windows is installed on a separate drive. | |||||
CVE-2024-9983 | 1 Ragic | 1 Enterprise Cloud Database | 2024-10-16 | N/A | 7.5 HIGH |
Enterprise Cloud Database from Ragic does not properly validate a specific page parameter, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files. | |||||
CVE-2024-49253 | 2024-10-16 | N/A | 8.6 HIGH | ||
Relative Path Traversal vulnerability in James Park Analyse Uploads allows Relative Path Traversal.This issue affects Analyse Uploads: from n/a through 0.5. | |||||
CVE-2024-47637 | 2024-10-16 | N/A | 8.8 HIGH | ||
: Relative Path Traversal vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Path Traversal.This issue affects LiteSpeed Cache: from n/a through 6.4.1. |