Total
6555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-25623 | 1 Erlang | 1 Erlang\/otp | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
| Erlang/OTP 22.3.x before 22.3.4.6 and 23.x before 23.1 allows Directory Traversal. An attacker can send a crafted HTTP request to read arbitrary files, if httpd in the inets application is used. | |||||
| CVE-2020-25617 | 1 Solarwinds | 1 N-central | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered in SolarWinds N-Central 12.3.0.670. The AdvancedScripts HTTP endpoint allows Relative Path Traversal by an authenticated user of the N-Central Administration Console (NAC), leading to execution of OS commands as root. | |||||
| CVE-2020-25540 | 1 Thinkadmin | 1 Thinkadmin | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| ThinkAdmin v6 is affected by a directory traversal vulnerability. An unauthorized attacker can read arbitrarily file on a remote server via GET request encode parameter. | |||||
| CVE-2020-25248 | 1 Hyland | 1 Onbase | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Hyland OnBase through 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. Directory traversal exists for reading files, as demonstrated by the FileName parameter. | |||||
| CVE-2020-25247 | 1 Hyland | 1 Onbase | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. Directory traversal exists for writing to files, as demonstrated by the FileName parameter. | |||||
| CVE-2020-25243 | 1 Siemens | 1 Logo\! Soft Comfort | 2024-11-21 | 7.2 HIGH | 5.1 MEDIUM |
| A vulnerability has been identified in LOGO! Soft Comfort (All versions < V8.4). A zip slip vulnerability could be triggered while importing a compromised project file to the affected software. Chained with other vulnerabilities this vulnerability could ultimately lead to a system takeover by an attacker. | |||||
| CVE-2020-25237 | 1 Siemens | 2 Sinec Network Management System, Sinema Server | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
| A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP1 Update 1), SINEMA Server (All versions < V14.0 SP2 Update 2). When uploading files to an affected system using a zip container, the system does not correctly check if the relative file path of the extracted files is still within the intended target directory. With this an attacker could create or overwrite arbitrary files on an affected system. This type of vulnerability is also known as 'Zip-Slip'. (ZDI-CAN-12054) | |||||
| CVE-2020-25176 | 3 Rockwellautomation, Schneider-electric, Xylem | 31 Aadvance Controller, Isagraf Free Runtime, Isagraf Runtime and 28 more | 2024-11-21 | 9.3 HIGH | 9.1 CRITICAL |
| Some commands used by the Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x eXchange Layer (IXL) protocol perform various file operations in the file system. Since the parameter pointing to the file name is not checked for reserved characters, it is possible for a remote, unauthenticated attacker to traverse an application’s directory, which could lead to remote code execution. | |||||
| CVE-2020-25150 | 1 Bbraun | 2 Datamodule Compactplus, Spacecom | 2024-11-21 | 9.0 HIGH | 7.6 HIGH |
| A relative path traversal attack in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers with service user privileges to upload arbitrary files. By uploading a specially crafted tar file an attacker can execute arbitrary commands. | |||||
| CVE-2020-25149 | 1 Observium | 1 Observium | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /device/device=345/?tab=health&metric=../ because of device/health.inc.php. | |||||
| CVE-2020-25145 | 1 Observium | 1 Observium | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /device/device=345/?tab=ports&view=../ URIs because of device/port.inc.php. | |||||
| CVE-2020-25144 | 1 Observium | 1 Observium | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /apps/?app=../ URIs. | |||||
| CVE-2020-25136 | 1 Observium | 1 Observium | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /device/device=345/?tab=routing&proto=../ URIs to device/routing.inc.php. | |||||
| CVE-2020-25134 | 1 Observium | 1 Observium | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /settings/?format=../ URIs to pages/settings.inc.php. | |||||
| CVE-2020-25133 | 1 Observium | 1 Observium | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /ports/?format=../ URIs to pages/ports.inc.php. | |||||
| CVE-2020-25074 | 2 Debian, Moinmo | 2 Debian Linux, Moinmoin | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The cache action in action/cache.py in MoinMoin through 1.9.10 allows directory traversal through a crafted HTTP request. An attacker who can upload attachments to the wiki can use this to achieve remote code execution. | |||||
| CVE-2020-25068 | 1 Setelsa-security | 1 Conacwin | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Setelsa Conacwin v3.7.1.2 is vulnerable to a local file inclusion vulnerability. This vulnerability allows a remote unauthenticated attacker to read internal files on the server via an http:IP:PORT/../../path/file_to_disclose Directory Traversal URI. NOTE: The manufacturer indicated that the affected version does not exist. Furthermore, they indicated that they detected this problem in an internal audit more than 3 years ago and fixed it in 2017. | |||||
| CVE-2020-25032 | 3 Debian, Flask-cors Project, Opensuse | 4 Debian Linux, Flask-cors, Backports Sle and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Flask-CORS (aka CORS Middleware for Flask) before 3.0.9. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format. | |||||
| CVE-2020-24990 | 1 Qsc | 1 Q-sys Core Manager | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in QSC Q-SYS Core Manager 8.2.1. By utilizing the TFTP service running on UDP port 69, a remote attacker can perform a directory traversal and obtain operating system files via a TFTP GET request, as demonstrated by reading /etc/passwd or /proc/version. | |||||
| CVE-2020-24855 | 1 Easyjs | 1 Easywebpack-cli | 2024-11-21 | N/A | 5.3 MEDIUM |
| Directory Traversal vulnerability in easywebpack-cli before 4.5.2 allows attackers to obtain sensitive information via crafted GET request. | |||||