Total
6537 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-42129 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
| A10 Thunder ADC ShowTechDownloadView Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of A10 Thunder ADC. Authentication is required to exploit this vulnerability. The specific flaw exists within the ShowTechDownloadView class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of the service account. . Was ZDI-CAN-17899. | |||||
| CVE-2023-42033 | 2024-11-21 | N/A | 7.2 HIGH | ||
| Visualware MyConnection Server doPostUploadfiles Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Visualware MyConnection Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the doPostUploadfiles method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21612. | |||||
| CVE-2023-42000 | 1 Arcserve | 1 Udp | 2024-11-21 | N/A | 9.8 CRITICAL |
| Arcserve UDP prior to 9.2 contains a path traversal vulnerability in com.ca.arcflash.ui.server.servlet.FileHandlingServlet.doUpload(). An unauthenticated remote attacker can exploit it to upload arbitrary files to any location on the file system where the UDP agent is installed. | |||||
| CVE-2023-41973 | 2024-11-21 | N/A | 7.3 HIGH | ||
| ZSATray passes the previousInstallerName as a config parameter to TrayManager, and TrayManager constructs the path and appends previousInstallerName to get the full path of the exe. Fixed Version: Win ZApp 4.3.0.121 and later. | |||||
| CVE-2023-41930 | 1 Jenkins | 1 Job Configuration History | 2024-11-21 | N/A | 4.3 MEDIUM |
| Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not restrict the 'name' query parameter when rendering a history entry, allowing attackers to have Jenkins render a manipulated configuration history that was not created by the plugin. | |||||
| CVE-2023-41888 | 1 Glpi-project | 1 Glpi | 2024-11-21 | N/A | 5.3 MEDIUM |
| GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. The lack of path filtering on the GLPI URL may allow an attacker to transmit a malicious URL of login page that can be used to attempt a phishing attack on user credentials. Users are advised to upgrade to version 10.0.10. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-41877 | 2024-11-21 | N/A | 7.2 HIGH | ||
| GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A path traversal vulnerability in versions 2.23.4 and prior requires GeoServer Administrator with access to the admin console to misconfigure the Global Settings for log file location to an arbitrary location. The admin console GeoServer Logs page provides a preview of these contents. As this issue requires GeoServer administrators access, often representing a trusted party, the vulnerability has not received a patch as of time of publication. As a workaround, a system administrator responsible for running GeoServer can use the `GEOSERVER_LOG_FILE` setting to override any configuration option provided by the Global Settings page. The `GEOSERVER_LOG_LOCATION` parameter can be set as system property, environment variables, or servlet context parameters. | |||||
| CVE-2023-41825 | 2024-11-21 | N/A | 2.8 LOW | ||
| A path traversal vulnerability was reported in the Motorola Ready For application that could allow a local attacker to access local files. | |||||
| CVE-2023-41747 | 2 Acronis, Microsoft | 2 Cloud Manager, Windows | 2024-11-21 | N/A | 6.5 MEDIUM |
| Sensitive information disclosure due to unauthenticated path traversal. The following products are affected: Acronis Cloud Manager (Windows) before build 6.2.23089.203. | |||||
| CVE-2023-41682 | 1 Fortinet | 1 Fortisandbox | 2024-11-21 | N/A | 8.1 HIGH |
| A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiSandbox version 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 2.5.0 through 2.5.2 and 2.4.1 and 2.4.0 allows attacker to denial of service via crafted http requests. | |||||
| CVE-2023-41599 | 1 Jfinalcms Project | 1 Jfinalcms | 2024-11-21 | N/A | 5.3 MEDIUM |
| An issue in the component /common/DownController.java of JFinalCMS v5.0.0 allows attackers to execute a directory traversal. | |||||
| CVE-2023-41578 | 1 Jeecg | 1 Jeecg Boot | 2024-11-21 | N/A | 7.5 HIGH |
| Jeecg boot up to v3.5.3 was discovered to contain an arbitrary file read vulnerability via the interface /testConnection. | |||||
| CVE-2023-41474 | 1 Ivanti | 1 Avalanche | 2024-11-21 | N/A | 6.5 MEDIUM |
| Directory Traversal vulnerability in Ivanti Avalanche 6.3.4.153 allows a remote authenticated attacker to obtain sensitive information via the javax.faces.resource component. | |||||
| CVE-2023-41373 | 1 F5 | 18 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 15 more | 2024-11-21 | N/A | 9.9 CRITICAL |
| A directory traversal vulnerability exists in the BIG-IP Configuration Utility that may allow an authenticated attacker to execute commands on the BIG-IP system. For BIG-IP system running in Appliance mode, a successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2023-41356 | 1 Wisdomgarden | 1 Tronclass Ilearn | 2024-11-21 | N/A | 6.5 MEDIUM |
| NCSIST ManageEngine Mobile Device Manager(MDM) APP's special function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and read arbitrary system files. | |||||
| CVE-2023-41344 | 1 Ncsist | 1 Mobile Device Manager | 2024-11-21 | N/A | 7.5 HIGH |
| NCSIST ManageEngine Mobile Device Manager(MDM) APP's special function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and read arbitrary system files. | |||||
| CVE-2023-41291 | 2024-11-21 | N/A | 5.5 MEDIUM | ||
| A path traversal vulnerability has been reported to affect QuFirewall. If exploited, the vulnerability could allow authenticated administrators to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following version: QuFirewall 2.4.1 ( 2024/02/01 ) and later | |||||
| CVE-2023-41290 | 2024-11-21 | N/A | 4.1 MEDIUM | ||
| A path traversal vulnerability has been reported to affect QuFirewall. If exploited, the vulnerability could allow authenticated administrators to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following version: QuFirewall 2.4.1 ( 2024/02/01 ) and later | |||||
| CVE-2023-41182 | 2024-11-21 | N/A | 7.2 HIGH | ||
| NETGEAR ProSAFE Network Management System ZipUtils Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the ZipUtils class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-19716. | |||||
| CVE-2023-41181 | 2024-11-21 | N/A | 5.3 MEDIUM | ||
| LG SuperSign Media Editor getSubFolderList Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG SuperSign Media Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getSubFolderList method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. Was ZDI-CAN-20330. | |||||