Total
6537 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-3533 | 1 Chamilo | 1 Chamilo | 2024-11-21 | N/A | 9.8 CRITICAL |
| Path traversal in file upload functionality in `/main/webservices/additional_webservices.php` in Chamilo LMS <= v1.11.20 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via arbitrary file write. | |||||
| CVE-2023-3512 | 1 Setelsa-security | 1 Conacwin | 2024-11-21 | N/A | 7.5 HIGH |
| Relative path traversal vulnerability in Setelsa Security's ConacWin CB, in its 3.8.2.2 version and earlier, the exploitation of which could allow an attacker to perform an arbitrary download of files from the system via the "Download file" parameter. | |||||
| CVE-2023-3406 | 1 M-files | 1 Classic Web | 2024-11-21 | N/A | 7.7 HIGH |
| Path Traversal issue in M-Files Classic Web versions below 23.6.12695.3 and LTS Service Release Versions before 23.2 LTS SR3 allows authenticated user to read some restricted files on the web server | |||||
| CVE-2023-3385 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A | 6.3 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 8.10 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. Under specific circumstances, a user importing a project 'from export' could access and read unrelated files via uploading a specially crafted file. This was due to a bug in `tar`, fixed in [`tar-1.35`](https://lists.gnu.org/archive/html/info-gnu/2023-07/msg00005.html). | |||||
| CVE-2023-3348 | 1 Cloudflare | 1 Wrangler | 2024-11-21 | N/A | 5.7 MEDIUM |
| The Wrangler command line tool (<=wrangler@3.1.0 or <=wrangler@2.20.1) was affected by a directory traversal vulnerability when running a local development server for Pages (wrangler pages dev command). This vulnerability enabled an attacker in the same network as the victim to connect to the local development server and access the victim's files present outside of the directory for the development server. | |||||
| CVE-2023-3331 | 1 Nec | 34 Aterm Wf300hp, Aterm Wf300hp Firmware, Aterm Wg1400hp and 31 more | 2024-11-21 | N/A | 5.4 MEDIUM |
| Improper Limitation of a Pathname to a Restricted Directory vulnerability in NEC Corporation Aterm Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a attacker to delete specific files in the product. | |||||
| CVE-2023-3330 | 1 Nec | 34 Aterm Wf300hp, Aterm Wf300hp Firmware, Aterm Wg1400hp and 31 more | 2024-11-21 | N/A | 4.3 MEDIUM |
| Improper Limitation of a Pathname to a Restricted Directory vulnerability in NEC Corporation Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a attacker to obtain specific files in the product. | |||||
| CVE-2023-3329 | 1 Spidercontrol | 1 Scadawebserver | 2024-11-21 | N/A | 6.5 MEDIUM |
| SpiderControl SCADA Webserver versions 2.08 and prior are vulnerable to path traversal. An attacker with administrative privileges could overwrite files on the webserver using the HMI's upload file feature. This could create size zero files anywhere on the webserver, potentially overwriting system files and creating a denial-of-service condition. | |||||
| CVE-2023-3241 | 1 Otcms | 1 Otcms | 2024-11-21 | 2.7 LOW | 3.5 LOW |
| A vulnerability was found in OTCMS up to 6.62 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/read.php?mudi=announContent. The manipulation of the argument url leads to path traversal. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231512. | |||||
| CVE-2023-3172 | 1 Froxlor | 1 Froxlor | 2024-11-21 | N/A | 7.2 HIGH |
| Path Traversal in GitHub repository froxlor/froxlor prior to 2.0.20. | |||||
| CVE-2023-3098 | 1 Ubuntukylin | 1 Youker-assistant | 2024-11-21 | 3.2 LOW | 4.4 MEDIUM |
| A vulnerability classified as critical has been found in KylinSoft youker-assistant on KylinOS. Affected is the function restore_all_sound_file. The manipulation leads to path traversal: '../filedir'. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. Upgrading to version 3.0.2-0kylin6k70-23 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230688. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-3031 | 1 Webbax | 1 King-avis | 2024-11-21 | N/A | 4.9 MEDIUM |
| Improper Limitation of a Pathname leads to a Path Traversal vulnerability in the module King-Avis for Prestashop, allowing a user knowing the download token to read arbitrary local files.This issue affects King-Avis: before 17.3.15. | |||||
| CVE-2023-39964 | 1 Fit2cloud | 1 1panel | 2024-11-21 | N/A | 7.5 HIGH |
| 1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, arbitrary file reads allow an attacker to read arbitrary important configuration files on the server. In the `api/v1/file.go` file, there is a function called `LoadFromFile`, which directly reads the file by obtaining the requested path `parameter[path]`. The request parameters are not filtered, resulting in a background arbitrary file reading vulnerability. Version 1.5.0 has a patch for this issue. | |||||
| CVE-2023-39957 | 1 Nextcloud | 1 Talk | 2024-11-21 | N/A | 7.8 HIGH |
| Nextcloud Talk Android allows users to place video and audio calls through Nextcloud on Android. Prior to version 17.0.0, an unprotected intend allowed malicious third party apps to trick the Talk Android app into writing files outside of its intended cache directory. Nextcloud Talk Android version 17.0.0 has a patch for this issue. No known workarounds are available. | |||||
| CVE-2023-39916 | 1 Nlnetlabs | 1 Routinator | 2024-11-21 | N/A | 9.3 CRITICAL |
| NLnet Labs’ Routinator 0.9.0 up to and including 0.12.1 contains a possible path traversal vulnerability in the optional, off-by-default keep-rrdp-responses feature that allows users to store the content of responses received for RRDP requests. The location of these stored responses is constructed from the URL of the request. Due to insufficient sanitation of the URL, it is possible for an attacker to craft a URL that results in the response being stored outside of the directory specified for it. | |||||
| CVE-2023-39912 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2024-11-21 | N/A | 4.9 MEDIUM |
| Zoho ManageEngine ADManager Plus before 7203 allows Help Desk Technician users to read arbitrary files on the machine where this product is installed. | |||||
| CVE-2023-39810 | 1 Busybox | 1 Busybox | 2024-11-21 | N/A | 7.8 HIGH |
| An issue in the CPIO command of Busybox v1.33.2 allows attackers to execute a directory traversal. | |||||
| CVE-2023-39699 | 1 Icewarp | 1 Mail Server | 2024-11-21 | N/A | 9.8 CRITICAL |
| IceWarp Mail Server v10.4.5 was discovered to contain a local file inclusion (LFI) vulnerability via the component /calendar/minimizer/index.php. This vulnerability allows attackers to include or execute files from the local file system of the targeted server. | |||||
| CVE-2023-39611 | 1 Softwarefx | 1 Chart Fx | 2024-11-21 | N/A | 7.5 HIGH |
| An issue in Software FX Chart FX 7 version 7.0.4962.20829 allows attackers to enumerate and read files from the local filesystem by sending crafted web requests. | |||||
| CVE-2023-39584 | 1 Hexo | 1 Hexo | 2024-11-21 | N/A | 7.5 HIGH |
| Hexo up to v7.0.0 (RC2) was discovered to contain an arbitrary file read vulnerability. | |||||