Total
6537 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-2154 | 1 Monkey-project | 1 Monkey | 2024-11-20 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Monkey HTTP Daemon 0.1.4 allows remote attackers to read arbitrary files via .. (dot dot) sequences. | |||||
| CVE-2001-1586 | 1 Analogx | 1 Simpleserver Www | 2024-11-20 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in SimpleServer:WWW 1.13 and earlier allows remote attackers to execute arbitrary programs via encoded ../ ("%2E%2E%2F%") sequences in a request to the cgi-bin/ directory, a different vulnerability than CVE-2000-0664. | |||||
| CVE-2001-1432 | 1 Cherokee | 1 Cherokee Httpd | 2024-11-20 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in Cherokee Web Server allows remote attackers to read arbitrary files via a .. (dot dot) in the URL. | |||||
| CVE-2001-1205 | 1 Matrixs Cgi Vault | 1 Last Lines | 2024-11-20 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in lastlines.cgi for Last Lines 2.0 allows remote attackers to read arbitrary files via '..' sequences in the $error_log variable. | |||||
| CVE-2001-0925 | 2 Apache, Debian | 2 Http Server, Debian Linux | 2024-11-20 | 5.0 MEDIUM | N/A |
| The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex. | |||||
| CVE-2001-0780 | 1 Cosmicperl | 1 Directory Pro | 2024-11-20 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in cosmicpro.cgi in Cosmicperl Directory Pro 2.0 allows remote attackers to gain sensitive information via a .. (dot dot) in the SHOW parameter. | |||||
| CVE-2001-0054 | 1 Solarwinds | 1 Serv-u File Server | 2024-11-20 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in FTP Serv-U before 2.5i allows remote attackers to escape the FTP root and read arbitrary files by appending a string such as "/..%20." to a CD command, a variant of a .. (dot dot) attack. | |||||
| CVE-2024-11309 | 1 Trcore | 1 Dvc | 2024-11-20 | N/A | 7.5 HIGH |
| The DVC from TRCore has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files. | |||||
| CVE-2024-11310 | 1 Trcore | 1 Dvc | 2024-11-20 | N/A | 7.5 HIGH |
| The DVC from TRCore has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files. | |||||
| CVE-2024-11311 | 1 Trcore | 1 Dvc | 2024-11-20 | N/A | 9.8 CRITICAL |
| The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells. | |||||
| CVE-2024-11312 | 1 Trcore | 1 Dvc | 2024-11-20 | N/A | 9.8 CRITICAL |
| The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells. | |||||
| CVE-2024-11313 | 1 Trcore | 1 Dvc | 2024-11-20 | N/A | 9.8 CRITICAL |
| The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells. | |||||
| CVE-2024-11314 | 1 Trcore | 1 Dvc | 2024-11-20 | N/A | 9.8 CRITICAL |
| The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells. | |||||
| CVE-2024-11315 | 1 Trcore | 1 Dvc | 2024-11-20 | N/A | 9.8 CRITICAL |
| The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells. | |||||
| CVE-2024-41784 | 1 Ibm | 1 Sterling Secure Proxy | 2024-11-20 | N/A | 7.5 HIGH |
| IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, and 6.1.0.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot dot" sequences (/.../) to view arbitrary files on the system. | |||||
| CVE-2024-47820 | 2024-11-19 | N/A | 5.7 MEDIUM | ||
| MarkUs, a web application for the submission and grading of student assignments, is vulnerable to path traversal in versions prior to 2.4.8. Authenticated instructors may download any file on the web server MarkUs is running on, depending on the file permissions. MarkUs v2.4.8 has addressed this issue. No known workarounds are available at the application level aside from upgrading. | |||||
| CVE-2024-52600 | 2024-11-19 | N/A | 5.3 MEDIUM | ||
| Statmatic is a Laravel and Git powered content management system (CMS). Prior to version 5.17.0, assets uploaded with appropriately crafted filenames may result in them being placed in a location different than what was configured. The issue affects front-end forms with `assets` fields and other places where assets can be uploaded, although users would need upload permissions anyway. Files can be uploaded so they would be located on the server in a different location, and potentially override existing files. Traversal outside an asset container is not possible. This path traversal vulnerability has been fixed in 5.17.0. | |||||
| CVE-2024-11238 | 1 Landray | 1 Landray Ekp | 2024-11-19 | 6.4 MEDIUM | 5.3 MEDIUM |
| A vulnerability, which was classified as critical, was found in Landray EKP up to 16.0. This affects the function delPreviewFile of the file /sys/ui/sys_ui_component/sysUiComponent.do?method=delPreviewFile. The manipulation of the argument directoryPath leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-11239 | 1 Landray | 1 Landray Ekp | 2024-11-19 | 5.5 MEDIUM | 4.3 MEDIUM |
| A vulnerability has been found in Landray EKP up to 16.0 and classified as critical. This vulnerability affects the function deleteFile of the file /sys/common/import.do?method=deleteFile of the component API Interface. The manipulation of the argument folder leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-11210 | 1 Eyoucms | 1 Eyoucms | 2024-11-19 | 5.5 MEDIUM | 5.4 MEDIUM |
| A vulnerability was found in EyouCMS 1.51. It has been rated as critical. This issue affects the function editFile of the file application/admin/logic/FilemanagerLogic.php. The manipulation of the argument activepath leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||