Total
6537 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-6618 | 2024-08-14 | N/A | N/A | ||
| In Ocean Data Systems Dream Report, a path traversal vulnerability could allow an attacker to perform remote code execution through the injection of a malicious dynamic-link library (DLL). | |||||
| CVE-2023-7249 | 1 Opentext | 1 Directory Services | 2024-08-13 | N/A | 9.8 CRITICAL |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in OpenText OpenText Directory Services allows Path Traversal.This issue affects OpenText Directory Services: from 16.4.2 before 24.1. | |||||
| CVE-2024-7399 | 1 Samsung | 1 Magicinfo 9 Server | 2024-08-13 | N/A | 7.5 HIGH |
| Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1050 allows attackers to write arbitrary file as system authority. | |||||
| CVE-2024-37129 | 1 Dell | 1 Inventory Collector | 2024-08-13 | N/A | 7.8 HIGH |
| Dell Inventory Collector, versions prior to 12.3.0.6 contains a Path Traversal vulnerability. A local authenticated malicious user could potentially exploit this vulnerability, leading to arbitrary code execution on the system. | |||||
| CVE-2024-39651 | 2024-08-13 | N/A | 8.6 HIGH | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WPWeb WooCommerce PDF Vouchers allows File Manipulation.This issue affects WooCommerce PDF Vouchers: from n/a before 4.9.5. | |||||
| CVE-2024-43165 | 2024-08-13 | N/A | 6.5 MEDIUM | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Rashid87 WPSection allows PHP Local File Inclusion.This issue affects WPSection: from n/a through 1.3.8. | |||||
| CVE-2024-37403 | 1 Ivanti | 1 Docs\@work | 2024-08-12 | N/A | 5.5 MEDIUM |
| Ivanti Docs@Work for Android, before 2.26.0 is affected by the 'Dirty Stream' vulnerability. The application fails to properly sanitize file names, resulting in a path traversal-affiliated vulnerability. This potentially enables other malicious apps on the device to read sensitive information stored in the app root. | |||||
| CVE-2024-7551 | 1 Juzaweb | 1 Cms | 2024-08-12 | 3.3 LOW | 4.9 MEDIUM |
| A vulnerability was found in juzaweb CMS up to 3.4.2. It has been classified as problematic. Affected is an unknown function of the file /admin-cp/theme/editor/default of the component Theme Editor. The manipulation leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273696. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-7564 | 1 Logsign | 1 Unified Secops Platform | 2024-08-07 | N/A | 6.5 MEDIUM |
| Logsign Unified SecOps Platform Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the get_response_json_result endpoint. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-24680. | |||||
| CVE-2024-7458 | 1 Eladmin | 1 Eladmin | 2024-08-06 | 5.2 MEDIUM | 9.8 CRITICAL |
| A vulnerability was found in elunez eladmin up to 2.7 and classified as critical. This issue affects some unknown processing of the file /api/deploy/upload /api/database/upload of the component Database Management/Deployment Management. The manipulation of the argument file leads to path traversal: 'dir/../../filename'. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273551. | |||||
| CVE-2024-5709 | 2024-08-06 | N/A | 8.8 HIGH | ||
| The WPBakery Visual Composer plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 7.7 via the 'layout_name' parameter. This makes it possible for authenticated attackers, with Author-level access and above, and with post permissions granted by an Administrator, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | |||||
| CVE-2024-39624 | 2024-08-02 | N/A | 8.5 HIGH | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CridioStudio ListingPro allows PHP Local File Inclusion.This issue affects ListingPro: from n/a through 2.9.3. | |||||
| CVE-2024-38746 | 2024-08-02 | N/A | 7.1 HIGH | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in MakeStories Team MakeStories (for Google Web Stories) allows Path Traversal, Server Side Request Forgery.This issue affects MakeStories (for Google Web Stories): from n/a through 3.0.3. | |||||
| CVE-2024-39619 | 2024-08-02 | N/A | 9.0 CRITICAL | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CridioStudio ListingPro allows PHP Local File Inclusion.This issue affects ListingPro: from n/a through 2.9.3. | |||||
| CVE-2024-39621 | 2024-08-02 | N/A | 8.0 HIGH | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CridioStudio ListingPro allows PHP Local File Inclusion.This issue affects ListingPro: from n/a through 2.9.3. | |||||
| CVE-2024-38772 | 2024-08-02 | N/A | 6.5 MEDIUM | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Crocoblock JetWidgets for Elementor and WooCommerce allows PHP Local File Inclusion.This issue affects JetWidgets for Elementor and WooCommerce: from n/a through 1.1.7. | |||||
| CVE-2024-38768 | 2024-08-02 | N/A | 4.3 MEDIUM | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Webangon The Pack Elementor addons allows PHP Local File Inclusion, Path Traversal.This issue affects The Pack Elementor addons: from n/a through 2.0.8.6. | |||||