Total
150 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-34605 | 1 Xinje | 1 Xd\/e Series Plc Program Tool | 2024-11-21 | 6.0 MEDIUM | 7.3 HIGH |
| A zip slip vulnerability in XINJE XD/E Series PLC Program Tool up to version v3.5.1 can provide an attacker with arbitrary file write privilege when opening a specially-crafted project file. This vulnerability can be triggered by manually opening an infected project file, or by initiating an upload program request from an infected Xinje PLC. This can result in remote code execution, information disclosure and denial of service of the system running the XINJE XD/E Series PLC Program Tool. | |||||
| CVE-2021-29488 | 4 Apple, Linux, Microsoft and 1 more | 4 Macos, Linux Kernel, Windows and 1 more | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
| SABnzbd is an open source binary newsreader. A vulnerability was discovered in SABnzbd that could trick the `filesystem.renamer()` function into writing downloaded files outside the configured Download Folder via malicious PAR2 files. A patch was released as part of SABnzbd 3.2.1RC1. As a workaround, limit downloads to NZBs without PAR2 files, deny write permissions to the SABnzbd process outside areas it must access to perform its job, or update to a fixed version. | |||||
| CVE-2020-25172 | 1 Bbraun | 1 Onlinesuite Application Package | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A relative path traversal attack in the B. Braun OnlineSuite Version AP 3.0 and earlier allows unauthenticated attackers to upload or download arbitrary files. | |||||
| CVE-2019-19287 | 1 Siemens | 1 Xhq | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability has been identified in XHQ (All Versions < 6.1). The web interface could allow attackers to traverse through the file system of the server based by sending specially crafted packets over the network without authentication. | |||||
| CVE-2019-18338 | 1 Siemens | 2 Sinvr 3 Central Control Server, Sinvr 3 Video Server | 2024-11-21 | 4.0 MEDIUM | 7.7 HIGH |
| A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) contains a directory traversal vulnerability in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. An authenticated remote attacker with network access to the CCS server could exploit this vulnerability to list arbitrary directories or read files outside of the CCS application context. | |||||
| CVE-2024-11309 | 1 Trcore | 1 Dvc | 2024-11-20 | N/A | 7.5 HIGH |
| The DVC from TRCore has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files. | |||||
| CVE-2024-11310 | 1 Trcore | 1 Dvc | 2024-11-20 | N/A | 7.5 HIGH |
| The DVC from TRCore has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files. | |||||
| CVE-2024-11311 | 1 Trcore | 1 Dvc | 2024-11-20 | N/A | 9.8 CRITICAL |
| The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells. | |||||
| CVE-2024-11312 | 1 Trcore | 1 Dvc | 2024-11-20 | N/A | 9.8 CRITICAL |
| The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells. | |||||
| CVE-2024-11313 | 1 Trcore | 1 Dvc | 2024-11-20 | N/A | 9.8 CRITICAL |
| The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells. | |||||
| CVE-2024-11314 | 1 Trcore | 1 Dvc | 2024-11-20 | N/A | 9.8 CRITICAL |
| The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells. | |||||
| CVE-2024-11315 | 1 Trcore | 1 Dvc | 2024-11-20 | N/A | 9.8 CRITICAL |
| The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells. | |||||
| CVE-2024-6985 | 1 Lollms | 1 Lollms | 2024-11-15 | N/A | 4.4 MEDIUM |
| A path traversal vulnerability exists in the api open_personality_folder endpoint of parisneo/lollms-webui. This vulnerability allows an attacker to read any folder in the personality_folder on the victim's computer, even though sanitize_path is set. The issue arises due to improper sanitization of the personality_folder parameter, which can be exploited to traverse directories and access arbitrary files. | |||||
| CVE-2024-47769 | 1 Idurarapp | 1 Idurar | 2024-11-13 | N/A | 7.5 HIGH |
| IDURAR is open source ERP CRM accounting invoicing software. The vulnerability exists in the corePublicRouter.js file. Using the reference usage here, it is identified that the public endpoint is accessible to an unauthenticated user. The user's input is directly appended to the join statement without additional checks. This allows an attacker to send URL encoded malicious payload. The directory structure can be escaped to read system files by adding an encoded string (payload) at subpath location. | |||||
| CVE-2024-10200 | 1 Wellchoose | 1 Administrative Management System | 2024-10-24 | N/A | 7.5 HIGH |
| Administrative Management System from Wellchoose has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to download arbitrary files on the server. | |||||
| CVE-2024-9923 | 1 Teamplus | 1 Team\+ Pro | 2024-10-24 | N/A | 4.9 MEDIUM |
| The Team+ from TEAMPLUS TECHNOLOGY does not properly validate a specific page parameter, allowing remote attackers with administrator privileges to move arbitrary system files to the website root directory and access them. | |||||
| CVE-2024-9922 | 1 Teamplus | 1 Team\+ Pro | 2024-10-24 | N/A | 7.5 HIGH |
| The Team+ from TEAMPLUS TECHNOLOGY does not properly validate a specific page parameter, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files. | |||||
| CVE-2024-43614 | 1 Microsoft | 1 Defender For Endpoint | 2024-10-21 | N/A | 5.5 MEDIUM |
| Microsoft Defender for Endpoint for Linux Spoofing Vulnerability | |||||
| CVE-2024-45731 | 2 Microsoft, Splunk | 2 Windows, Splunk | 2024-10-17 | N/A | 8.0 HIGH |
| In Splunk Enterprise for Windows versions below 9.3.1, 9.2.3, and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could write a file to the Windows system root directory, which has a default location in the Windows System32 folder, when Splunk Enterprise for Windows is installed on a separate drive. | |||||
| CVE-2024-9983 | 1 Ragic | 1 Enterprise Cloud Database | 2024-10-16 | N/A | 7.5 HIGH |
| Enterprise Cloud Database from Ragic does not properly validate a specific page parameter, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files. | |||||