Total
6555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-27128 | 1 Cisco | 1 Sd-wan | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the application data endpoints of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to write arbitrary files to an affected system. The vulnerability is due to improper validation of requests to APIs. An attacker could exploit this vulnerability by sending malicious requests to an API within the affected application. A successful exploit could allow the attacker to conduct directory traversal attacks and write files to an arbitrary location on the targeted system. | |||||
| CVE-2020-26837 | 1 Sap | 1 Solution Manager | 2024-11-21 | 6.5 MEDIUM | 9.1 CRITICAL |
| SAP Solution Manager 7.2 (User Experience Monitoring), version - 7.2, allows an authenticated user to upload a malicious script that can exploit an existing path traversal vulnerability to compromise confidentiality exposing elements of the file system, partially compromise integrity allowing the modification of some configurations and partially compromise availability by making certain services unavailable. | |||||
| CVE-2020-26806 | 1 Objectplanet | 1 Opinio | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| admin/file.do in ObjectPlanet Opinio before 7.15 allows Unrestricted File Upload of executable JSP files, resulting in remote code execution, because filePath can have directory traversal and fileContent can be valid JSP code. | |||||
| CVE-2020-26650 | 1 Atomx | 1 Atomxcms | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| AtomXCMS 2.0 is affected by Arbitrary File Read via admin/dump.php | |||||
| CVE-2020-26603 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Sticker Center allows directory traversal for an unprivileged process to read arbitrary files. The Samsung ID is SVE-2020-18433 (October 2020). | |||||
| CVE-2020-26405 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.5 MEDIUM | 7.1 HIGH |
| Path traversal vulnerability in package upload functionality in GitLab CE/EE starting from 12.8 allows an attacker to save packages in arbitrary locations. Affected versions are >=12.8, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. | |||||
| CVE-2020-26299 | 1 Ftp-srv Project | 1 Ftp-srv | 2024-11-21 | 5.5 MEDIUM | 6.3 MEDIUM |
| ftp-srv is an open-source FTP server designed to be simple yet configurable. In ftp-srv before version 4.4.0 there is a path-traversal vulnerability. Clients of FTP servers utilizing ftp-srv hosted on Windows machines can escape the FTP user's defined root folder using the expected FTP commands, for example, CWD and UPDR. When windows separators exist within the path (`\`), `path.resolve` leaves the upper pointers intact and allows the user to move beyond the root folder defined for that user. We did not take that into account when creating the path resolve function. The issue is patched in version 4.4.0 (commit 457b859450a37cba10ff3c431eb4aa67771122e3). | |||||
| CVE-2020-26295 | 1 Openmage | 1 Openmage | 2024-11-21 | 6.5 MEDIUM | 8.7 HIGH |
| OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.5, an administrator with permission to import/export data and to edit cms pages was able to inject an executable file on the server via layout xml. The latest OpenMage Versions up from 19.4.9 and 20.0.5 have this Issue solved | |||||
| CVE-2020-26285 | 1 Openmage | 1 Openmage | 2024-11-21 | 6.5 MEDIUM | 8.7 HIGH |
| OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.5, there is a vulnerability which enables remote code execution. In affected versions an administrator with permission to import/export data and to create widget instances was able to inject an executable file on the server. The latest OpenMage Versions up from 19.4.9 and 20.0.5 have this Issue solved | |||||
| CVE-2020-26279 | 1 Protocol | 1 Go-ipfs | 2024-11-21 | 5.5 MEDIUM | 7.7 HIGH |
| go-ipfs is an open-source golang implementation of IPFS which is a global, versioned, peer-to-peer filesystem. In go-ipfs before version 0.8.0-rc1, it is possible for path traversal to occur with DAGs containing relative paths during retrieval. This can cause files to be overwritten, or written to incorrect output directories. The issue can only occur when a get is done on an affected DAG. This is fixed in version 0.8.0-rc1. | |||||
| CVE-2020-26252 | 1 Openmage | 1 Openmage | 2024-11-21 | 6.5 MEDIUM | 8.7 HIGH |
| OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.6, there is a vulnerability which enables remote code execution. In affected versions an administrator with permission to update product data to be able to store an executable file on the server and load it via layout xml. The latest OpenMage Versions up from 19.4.10 and 20.0.6 have this issue solved. | |||||
| CVE-2020-26078 | 1 Cisco | 1 Iot Field Network Director | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the file system of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to overwrite files on an affected system. The vulnerability is due to insufficient file system protections. An attacker could exploit this vulnerability by crafting API requests and sending them to an affected system. A successful exploit could allow the attacker to overwrite files on an affected system. | |||||
| CVE-2020-26065 | 1 Cisco | 1 Catalyst Sd-wan Manager | 2024-11-21 | N/A | 6.5 MEDIUM |
| A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct path traversal attacks and obtain read access to sensitive files on an affected system. The vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to view arbitrary files on the affected system. | |||||
| CVE-2020-26037 | 1 Evenbalance | 1 Punkbuster | 2024-11-21 | N/A | 9.8 CRITICAL |
| Directory Traversal vulnerability in Server functionalty in Even Balance Punkbuster version 1.902 before 1.905 allows remote attackers to execute arbitrary code. | |||||
| CVE-2020-25985 | 1 Monocms | 1 Monocms | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
| MonoCMS Blog 1.0 is affected by: Arbitrary File Deletion. Any authenticated user can delete files on and off the webserver (php files can be unlinked and not deleted). | |||||
| CVE-2020-25881 | 1 Ranko | 1 Rkcms | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| A vulnerability was discovered in the filename parameter in pathindex.php?r=cms-backend/attachment/delete&sub=&filename=../../../../111.txt&filetype=image/jpeg of the master version of RKCMS. This vulnerability allows for an attacker to perform a directory traversal via a crafted .txt file. | |||||
| CVE-2020-25873 | 1 Baijiacms Project | 1 Baijiacms | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A directory traversal vulnerability in the component system/manager/class/web/database.php was discovered in Baijiacms V4 which allows attackers to arbitrarily delete folders on the server via the "id" parameter. | |||||
| CVE-2020-25872 | 1 Frogcms Project | 1 Frogcms | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| A vulnerability exists within the FileManagerController.php function in FrogCMS 0.9.5 which allows an attacker to perform a directory traversal attack via a GET request urlencode parameter. | |||||
| CVE-2020-25780 | 1 Commvault | 1 Commcell | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In CommCell in Commvault before 14.68, 15.x before 15.58, 16.x before 16.44, 17.x before 17.29, and 18.x before 18.13, Directory Traversal can occur such that an attempt to view a log file can instead view a file outside of the log-files folder. | |||||
| CVE-2020-25734 | 1 Webtareas Project | 1 Webtareas | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| webTareas through 2.1 allows files/Default/ Directory Listing. | |||||