Total
6555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-13227 | 1 Sysax | 1 Multi Server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Sysax Multi Server 6.90. An attacker can determine the username (under which the web server is running) by triggering an invalid path permission error. This bypasses the fakepath protection mechanism. | |||||
| CVE-2020-13158 | 1 Articatech | 1 Artica Proxy | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Artica Proxy before 4.30.000000 Community Edition allows Directory Traversal via the fw.progrss.details.php popup parameter. | |||||
| CVE-2020-13093 | 1 Ispyconnect | 1 Agent Dvr | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| iSpyConnect.com Agent DVR before 2.7.1.0 allows directory traversal. | |||||
| CVE-2020-12851 | 1 Pydio | 1 Cells | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
| Pydio Cells 2.0.4 allows an authenticated user to write or overwrite existing files in another user’s personal and cells folders (repositories) by uploading a custom generated ZIP file and leveraging the file extraction feature present in the web application. The extracted files will be placed in the targeted user folders. | |||||
| CVE-2020-12832 | 1 Simplefilelist | 1 Simple-file-list | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| WordPress Plugin Simple File List before 4.2.8 is prone to a vulnerability that lets attackers delete arbitrary files because the application fails to properly verify user-supplied input. | |||||
| CVE-2020-12827 | 1 Mjml | 1 Mjml | 2024-11-21 | 6.4 MEDIUM | 7.2 HIGH |
| MJML prior to 4.6.3 contains a path traversal vulnerability when processing the mj-include directive within an MJML document. | |||||
| CVE-2020-12765 | 1 Solis | 1 Miolo | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Solis Miolo 2.0 allows index.php?module=install&action=view&item= Directory Traversal. | |||||
| CVE-2020-12764 | 1 Solis | 1 Gnuteca | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Gnuteca 3.8 allows file.php?folder=/&file= Directory Traversal. | |||||
| CVE-2020-12737 | 1 Maxum | 1 Rumpus | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Maxum Rumpus before 8.2.12 on macOS. Authenticated users can perform a path traversal using double escaped characters, enabling read access to arbitrary files on the server. | |||||
| CVE-2020-12649 | 1 Gurbalib Project | 1 Gurbalib | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Gurbalib through 2020-04-30 allows lib/cmds/player/help.c directory traversal for reading administrative paths. | |||||
| CVE-2020-12640 | 2 Opensuse, Roundcube | 3 Backports Sle, Leap, Webmail | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Roundcube Webmail before 1.4.4 allows attackers to include local files and execute code via directory traversal in a plugin name to rcube_plugin_api.php. | |||||
| CVE-2020-12509 | 1 Badgermeter | 1 Moni\ | 2024-11-21 | N/A | 7.5 HIGH |
| In s::can moni::tools in versions below 4.2 an unauthenticated attacker could get any file from the device by path traversal in the camera-file module. | |||||
| CVE-2020-12508 | 1 Badgermeter | 1 Moni\ | 2024-11-21 | N/A | 7.5 HIGH |
| In s::can moni::tools in versions below 4.2 an unauthenticated attacker could get any file from the device by path traversal in the image-relocator module. | |||||
| CVE-2020-12499 | 1 Phoenixcontact | 1 Plcnext Engineer | 2024-11-21 | 4.4 MEDIUM | 8.2 HIGH |
| In PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and earlier an improper path sanitation vulnerability exists on import of project files. | |||||
| CVE-2020-12479 | 1 Teampass | 1 Teampass | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| TeamPass 2.1.27.36 allows any authenticated TeamPass user to trigger a PHP file include vulnerability via a crafted HTTP request with sources/users.queries.php newValue directory traversal. | |||||
| CVE-2020-12475 | 1 Tp-link | 1 Omada Controller | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| TP-Link Omada Controller Software 3.2.6 allows Directory Traversal for reading arbitrary files via com.tp_link.eap.web.portal.PortalController.getAdvertiseFile in /opt/tplink/EAPController/lib/eap-web-3.2.6.jar. | |||||
| CVE-2020-12456 | 1 Mitel | 1 Mivoice Connect | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A remote code execution vulnerability in Mitel MiVoice Connect Client before 214.100.1223.0 could allow an attacker to execute arbitrary code in the chat notification window, due to improper rendering of chat messages. A successful exploit could allow an attacker to steal session cookies, perform directory traversal, and execute arbitrary scripts in the context of the Connect client. | |||||
| CVE-2020-12448 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| GitLab EE 12.8 and later allows Exposure of Sensitive Information to an Unauthorized Actor via NuGet. | |||||
| CVE-2020-12447 | 1 Onkyo | 2 Tx-nr585, Tx-nr585 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A Local File Inclusion (LFI) issue on Onkyo TX-NR585 1000-0000-000-0008-0000 devices allows remote unauthenticated users on the network to read sensitive files via %2e%2e%2f directory traversal, as demonstrated by reading /etc/shadow. | |||||
| CVE-2020-12443 | 1 Bigbluebutton | 1 Bigbluebutton | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| BigBlueButton before 2.2.6 allows remote attackers to read arbitrary files because the presfilename (lowercase) value can be a .pdf filename while the presFilename (mixed case) value has a ../ sequence. This can be leveraged for privilege escalation via a directory traversal to bigbluebutton.properties. NOTE: this issue exists because of an ineffective mitigation to CVE-2020-12112 in which there was an attempted fix within an NGINX configuration file, without considering that the relevant part of NGINX is case-insensitive. | |||||