Total
6541 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-33756 | 1 Foswiki | 1 Foswiki | 2024-11-21 | N/A | 7.5 HIGH |
| An issue in the SpreadSheetPlugin component of Foswiki v2.1.7 and below allows attackers to execute a directory traversal. | |||||
| CVE-2023-33747 | 1 Mgt-commerce | 1 Cloudpanel | 2024-11-21 | N/A | 7.8 HIGH |
| CloudPanel v2.2.2 allows attackers to execute a path traversal. | |||||
| CVE-2023-33690 | 1 Sonicjs | 1 Sonicjs | 2024-11-21 | N/A | 6.5 MEDIUM |
| SonicJS up to v0.7.0 allows attackers to execute an authenticated path traversal when an attacker injects special characters into the filename of a backup CMS. | |||||
| CVE-2023-33544 | 1 Hawt | 1 Hawtio | 2024-11-21 | N/A | 5.5 MEDIUM |
| hawtio 2.17.2 is vulnerable to Path Traversal. it is possible to input malicious zip files, which can result in the high-risk files after decompression being stored in any location, even leading to file overwrite. | |||||
| CVE-2023-33524 | 1 Advent | 1 Tamale Rms | 2024-11-21 | N/A | 5.3 MEDIUM |
| Advent/SSC Inc. Tamale RMS < 23.1 is vulnerable to Directory Traversal. If one traverses to the affected URL, one enumerates Contact information on the host which contains usernames, e-mail addresses, and other internal information stored within the web app. | |||||
| CVE-2023-33411 | 1 Supermicro | 724 B12dpe-6, B12dpe-6 Firmware, B12dpt-6 and 721 more | 2024-11-21 | N/A | 7.5 HIGH |
| A web server in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions up to 3.17.02, allows remote unauthenticated users to perform directory traversal, potentially disclosing sensitive information. | |||||
| CVE-2023-33369 | 1 Assaabloy | 1 Control Id Idsecure | 2024-11-21 | N/A | 9.1 CRITICAL |
| A path traversal vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing attackers to delete arbitrary files on IDSecure filesystem, causing a denial of service. | |||||
| CVE-2023-33365 | 1 Supremainc | 1 Biostar 2 | 2024-11-21 | N/A | 7.5 HIGH |
| A path traversal vulnerability exists in Suprema BioStar 2 before 2.9.1, which allows unauthenticated attackers to fetch arbitrary files from the server's web server. | |||||
| CVE-2023-33310 | 2024-11-21 | N/A | 6.0 MEDIUM | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Valiano Unite Gallery Lite allows PHP Local File Inclusion.This issue affects Unite Gallery Lite: from n/a through 1.7.59. | |||||
| CVE-2023-33277 | 1 Gira | 2 Knx Ip Router, Knx Ip Router Firmware | 2024-11-21 | N/A | 7.5 HIGH |
| The web interface of Gira Giersiepen Gira KNX/IP-Router 3.1.3683.0 and 3.3.8.0 allows a remote attacker to read sensitive files via directory-traversal sequences in the URL. | |||||
| CVE-2023-33227 | 1 Solarwinds | 1 Network Configuration Manager | 2024-11-21 | N/A | 8.0 HIGH |
| The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability This vulnerability allows a low level user to perform the actions with SYSTEM privileges. | |||||
| CVE-2023-33226 | 1 Solarwinds | 1 Network Configuration Manager | 2024-11-21 | N/A | 8.0 HIGH |
| The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows a low-level user to perform the actions with SYSTEM privileges. | |||||
| CVE-2023-33177 | 1 Xibosignage | 1 Xibo | 2024-11-21 | N/A | 8.8 HIGH |
| Xibo is a content management system (CMS). A path traversal vulnerability exists in the Xibo CMS whereby a specially crafted zip file can be uploaded to the CMS via the layout import function by an authenticated user which would allow creation of files outside of the CMS library directory as the webserver user. This can be used to upload a PHP webshell inside the web root directory and achieve remote code execution as the webserver user. Users should upgrade to version 2.3.17 or 3.3.5, which fix this issue. Customers who host their CMS with Xibo Signage have already received an upgrade or patch to resolve this issue regardless of the CMS version that they are running. | |||||
| CVE-2023-32985 | 1 Jenkins | 1 Sidebar Link | 2024-11-21 | N/A | 4.3 MEDIUM |
| Jenkins Sidebar Link Plugin 2.2.1 and earlier does not restrict the path of files in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. | |||||
| CVE-2023-32974 | 1 Qnap | 3 Qts, Quts Hero, Qutscloud | 2024-11-21 | N/A | 7.5 HIGH |
| A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.0.2444 build 20230629 and later QuTS hero h5.1.0.2424 build 20230609 and later QuTScloud c5.1.0.2498 and later | |||||
| CVE-2023-32767 | 1 Symcon | 1 Ip Symcon | 2024-11-21 | N/A | 7.5 HIGH |
| The web interface of Symcon IP-Symcon before 6.3 (i.e., before 2023-05-12) allows a remote attacker to read sensitive files via .. directory-traversal sequences in the URL. | |||||
| CVE-2023-32756 | 1 Edetw | 1 U-office Force | 2024-11-21 | N/A | 7.5 HIGH |
| e-Excellence U-Office Force has a path traversal vulnerability within its file uploading and downloading functions. An unauthenticated remote attacker can exploit this vulnerability to read arbitrary system files, but can’t control system or disrupt service. | |||||
| CVE-2023-32714 | 1 Splunk | 2 Splunk, Splunk App For Lookup File Editing | 2024-11-21 | N/A | 8.1 HIGH |
| In the Splunk App for Lookup File Editing versions below 4.0.1, a low-privileged user can, with a specially crafted web request, trigger a path traversal exploit that can then be used to read and write to restricted areas of the Splunk installation directory. | |||||
| CVE-2023-32676 | 1 Autolabproject | 1 Autolab | 2024-11-21 | N/A | 6.7 MEDIUM |
| Autolab is a course management service that enables auto-graded programming assignments. A Tar slip vulnerability was found in the Install assessment functionality of Autolab. To exploit this vulnerability an authenticated attacker with instructor permissions needs to upload a specially crafted Tar file. Using the install assessment functionality an attacker can feed a Tar file that contain files with paths pointing outside of the target directory (e.g., `../../../../tmp/tarslipped1.sh`). When the Install assessment form is submitted the files inside of the archives are expanded to the attacker-chosen locations. This issue has been addressed in version 2.11.0. Users are advised to upgrade. | |||||
| CVE-2023-32655 | 1 Intel | 6 Nuc 8 Business Nuc8i7hnkqc, Nuc 8 Enthusiast Nuc8i7hvkva, Nuc 8 Enthusiast Nuc8i7hvkvaw and 3 more | 2024-11-21 | N/A | 6.7 MEDIUM |
| Path transversal in some Intel(R) NUC Kits & Mini PCs - NUC8i7HVK & NUC8HNK USB Type C power delivery controller installatio software before version 1.0.10.3 for Windows may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||