Total
6542 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-27507 | 1 Microengine | 1 Mailform | 2024-11-21 | N/A | 9.8 CRITICAL |
| MicroEngine Mailform version 1.1.0 to 1.1.8 contains a path traversal vulnerability. If the product's file upload function and server save option are enabled, a remote attacker may save an arbitrary file on the server and execute it. | |||||
| CVE-2023-27501 | 1 Sap | 1 Netweaver Application Server Abap | 2024-11-21 | N/A | 8.7 HIGH |
| SAP NetWeaver AS for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker to exploit insufficient validation of path information provided by users, thus exploiting a directory traversal flaw in an available service to delete system files. In this attack, no data can be read but potentially critical OS files can be deleted making the system unavailable, causing significant impact on both availability and integrity | |||||
| CVE-2023-27500 | 1 Sap | 1 Netweaver Application Server Abap | 2024-11-21 | N/A | 9.6 CRITICAL |
| An attacker with non-administrative authorizations can exploit a directory traversal flaw in program SAPRSBRO to over-write system files. In this attack, no data can be read but potentially critical OS files can be over-written making the system unavailable. | |||||
| CVE-2023-27475 | 1 Goutil Project | 1 Goutil | 2024-11-21 | N/A | 8.8 HIGH |
| Goutil is a collection of miscellaneous functionality for the go language. In versions prior to 0.6.0 when users use fsutil.Unzip to unzip zip files from a malicious attacker, they may be vulnerable to path traversal. This vulnerability is known as a ZipSlip. This issue has been fixed in version 0.6.0, users are advised to upgrade. There are no known workarounds for this issue. | |||||
| CVE-2023-27409 | 1 Siemens | 2 Scalance Lpe9403, Scalance Lpe9403 Firmware | 2024-11-21 | N/A | 2.5 LOW |
| A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). A path traversal vulnerability was found in the `deviceinfo` binary via the `mac` parameter. This could allow an authenticated attacker with access to the SSH interface on the affected device to read the contents of any file named `address`. | |||||
| CVE-2023-27326 | 2024-11-21 | N/A | 8.2 HIGH | ||
| Parallels Desktop Toolgate Directory Traversal Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the current user on the host system. . Was ZDI-CAN-18933. | |||||
| CVE-2023-27311 | 1 Netapp | 1 Blue Xp Connector | 2024-11-21 | N/A | 5.3 MEDIUM |
| NetApp Blue XP Connector versions prior to 3.9.25 expose information via a directory listing. A new Connector architecture resolves this issue - obtaining the fix requires redeploying a fresh Connector. | |||||
| CVE-2023-27269 | 1 Sap | 1 Netweaver Application Server Abap | 2024-11-21 | N/A | 9.6 CRITICAL |
| SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker with non-administrative authorizations to exploit a directory traversal flaw in an available service to overwrite the system files. In this attack, no data can be read but potentially critical OS files can be overwritten making the system unavailable. | |||||
| CVE-2023-27170 | 1 Xpand-it | 1 Write-back Manager | 2024-11-21 | N/A | 7.5 HIGH |
| Xpand IT Write-back manager v2.3.1 allows attackers to perform a directory traversal via modification of the siteName parameter. | |||||
| CVE-2023-27105 | 1 Shanling | 3 Eddict Player, M2x, Mtouch Os | 2024-11-21 | N/A | 9.8 CRITICAL |
| A vulnerability in the Wi-Fi file transfer module of Shanling M5S Portable Music Player with Shanling MTouch OS v4.3 and Shanling M2X Portable Music Player with Shanling MTouch OS v3.3 allows attackers to arbitrarily read, delete, or modify any critical system files via directory traversal. | |||||
| CVE-2023-27067 | 1 Sitecore | 1 Experience Platform | 2024-11-21 | N/A | 7.5 HIGH |
| Directory Traversal vulnerability in Sitecore Experience Platform through 10.2 allows remote attackers to download arbitrary files via crafted command to download.aspx | |||||
| CVE-2023-27066 | 1 Sitecore | 1 Experience Platform | 2024-11-21 | N/A | 6.5 MEDIUM |
| Directory Traversal vulnerability in Site Core Experience Platform 10.2 and earlier allows authenticated remote attackers to download arbitrary files via Urlhandle. | |||||
| CVE-2023-27055 | 1 Aver | 1 Ptzapp 2 | 2024-11-21 | N/A | 7.5 HIGH |
| Aver Information Inc PTZApp2 v20.01044.48 allows attackers to access sensitive files via a crafted GET request. | |||||
| CVE-2023-26969 | 1 Atrocore | 1 Atropim | 2024-11-21 | N/A | 7.5 HIGH |
| Atropim 1.5.26 is vulnerable to Directory Traversal. | |||||
| CVE-2023-26820 | 1 Siteproxy Project | 1 Siteproxy | 2024-11-21 | N/A | 7.5 HIGH |
| siteproxy v1.0 was discovered to contain a path traversal vulnerability via the component index.js. | |||||
| CVE-2023-26802 | 1 Dcnglobal | 2 Dcbi-netlog-lab, Dcbi-netlog-lab Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue in the component /network_config/nsg_masq.cgi of DCN (Digital China Networks) DCBI-Netlog-LAB v1.0 allows attackers to bypass authentication and execute arbitrary commands via a crafted request. | |||||
| CVE-2023-26758 | 1 Smeup | 1 Erp | 2024-11-21 | N/A | 7.5 HIGH |
| Sme.UP TOKYO V6R1M220406 was discovered to contain an arbitrary file download vulnerabilty via the component /ResourceService. | |||||
| CVE-2023-26564 | 1 Syncfusion | 1 Ej2 Aspcore File Provider | 2024-11-21 | N/A | 9.8 CRITICAL |
| The Syncfusion EJ2 ASPCore File Provider 3ac357f is vulnerable to Models/PhysicalFileProvider.cs directory traversal. As a result, an unauthenticated attacker can list files within a directory, download any file, or upload any file to any directory accessible by the web server. | |||||
| CVE-2023-26563 | 1 Syncfusion | 1 Nodejs File System Provider | 2024-11-21 | N/A | 9.8 CRITICAL |
| The Syncfusion EJ2 Node File Provider 0102271 is vulnerable to filesystem-server.js directory traversal. As a result, an unauthenticated attacker can: - On Windows, list files in any directory, read any file, delete any file, upload any file to any directory accessible by the web server. - On Linux, read any file, download any directory, delete any file, upload any file to any directory accessible by the web server. | |||||
| CVE-2023-26559 | 1 Sync | 2 Oxygen Content Fusion, Oxygen Xml Web Author | 2024-11-21 | N/A | 5.3 MEDIUM |
| A directory traversal vulnerability in Oxygen XML Web Author before 25.0.0.3 build 2023021715 and Oxygen Content Fusion before 5.0.3 build 2023022015 allows an attacker to read files from a WEB-INF directory via a crafted HTTP request. (XML Web Author 24.1.0.3 build 2023021714 and 23.1.1.4 build 2023021715 are also fixed versions.) | |||||