Total
6547 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-30062 | 1 Ftcms | 1 Ftcms | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| ftcms <=2.1 was discovered to be vulnerable to Arbitrary File Read via tp.php | |||||
| CVE-2022-30061 | 1 Ftcms | 1 Ftcms | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| ftcms <=2.1 was discovered to be vulnerable to directory traversal attacks via the parameter tp. | |||||
| CVE-2022-30059 | 1 Shopwind | 1 Shopwind | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
| Shopwind <=v3.4.2 was discovered to contain a Arbitrary File Delete vulnerability via the neirong parameter at \backend\controllers\DbController.php. | |||||
| CVE-2022-30058 | 1 Shopwind | 1 Shopwind | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Shopwind <=v3.4.2 was discovered to contain a Arbitrary File Download vulnerability via the neirong parameter at \backend\controllers\DbController.php. | |||||
| CVE-2022-2969 | 1 Deltaww | 1 Dialink | 2024-11-21 | N/A | 8.1 HIGH |
| Delta Industrial Automation DIALink versions prior to v1.5.0.0 Beta 4 uses an external input to construct a pathname intended to identify a file or directory located underneath a restricted parent directory. However, the software does not properly neutralize special elements within the pathname, which can cause the pathname to resolve to a location outside of the restricted directory. | |||||
| CVE-2022-2945 | 1 Connekthq | 1 Ajax Load More | 2024-11-21 | N/A | 4.9 MEDIUM |
| The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 5.5.3 via the 'type' parameter found in the alm_get_layout() function. This makes it possible for authenticated attackers, with administrative permissions, to read the contents of arbitrary files on the server, which can contain sensitive information. | |||||
| CVE-2022-2926 | 1 Adobe | 1 Download Manager | 2024-11-21 | N/A | 4.9 MEDIUM |
| The Download Manager WordPress plugin before 3.2.55 does not validate one of its settings, which could allow high privilege users such as admin to list and read arbitrary files and folders outside of the blog directory | |||||
| CVE-2022-2922 | 1 Dnnsoftware | 1 Dotnetnuke | 2024-11-21 | N/A | 4.9 MEDIUM |
| Relative Path Traversal in GitHub repository dnnsoftware/dnn.platform prior to 9.11.0. | |||||
| CVE-2022-2893 | 1 Ronds | 1 Equipment Predictive Maintenance | 2024-11-21 | N/A | 8.2 HIGH |
| RONDS EPM version 1.19.5 does not properly validate the filename parameter, which could allow an unauthorized user to specify file paths and download files. | |||||
| CVE-2022-2863 | 1 Wpvivid | 1 Migration\, Backup\, Staging | 2024-11-21 | N/A | 4.9 MEDIUM |
| The Migration, Backup, Staging WordPress plugin before 0.9.76 does not sanitise and validate a parameter before using it to read the content of a file, allowing high privilege users to read any file from the web server via a Traversal attack | |||||
| CVE-2022-2788 | 1 Emerson | 1 Electric\'s Proficy | 2024-11-21 | N/A | 3.9 LOW |
| Emerson Electric's Proficy Machine Edition Version 9.80 and prior is vulnerable to CWE-29 Path Traversal: '\..\Filename', also known as a ZipSlip attack, through an upload procedure which enables attackers to implant a malicious .BLZ file on the PLC. The file can transfer through the engineering station onto Windows in a way that executes the malicious code. | |||||
| CVE-2022-2712 | 1 Eclipse | 1 Glassfish | 2024-11-21 | N/A | 6.5 MEDIUM |
| In Eclipse GlassFish versions 5.1.0 to 6.2.5, there is a vulnerability in relative path traversal because it does not filter request path starting with './'. Successful exploitation could allow an remote unauthenticated attacker to access critical data, such as configuration files and deployed application source code. | |||||
| CVE-2022-2711 | 1 Soflyy | 1 Wp All Import | 2024-11-21 | N/A | 7.2 HIGH |
| The Import any XML or CSV File to WordPress plugin before 3.6.9 is not validating the paths of files contained in uploaded zip archives, allowing highly privileged users, such as admins, to write arbitrary files to any part of the file system accessible by the web server via a path traversal vector. | |||||
| CVE-2022-2653 | 1 Planka | 1 Planka | 2024-11-21 | N/A | 6.5 MEDIUM |
| With this vulnerability an attacker can read many sensitive files like configuration files, or the /proc/self/environ file, that contains the environment variable used by the web server that includes database credentials. If the web server user is root, an attacker will be able to read any file in the system. | |||||
| CVE-2022-2560 | 1 Enterprisedt | 1 Completeftp Server | 2024-11-21 | N/A | 9.1 CRITICAL |
| This vulnerability allows remote attackers to delete arbitrary files on affected installations of EnterpriseDT CompleteFTP 22.1.0 Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HttpFile class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files in the context of SYSTEM. Was ZDI-CAN-17481. | |||||
| CVE-2022-2557 | 1 Radiustheme | 1 Team - Wordpress Team Members Showcase | 2024-11-21 | N/A | 8.8 HIGH |
| The Team WordPress plugin before 4.1.2 contains a file which could allow any authenticated users to download arbitrary files from the server via a path traversal vector. Furthermore, the file will also be deleted after its content is returned to the user | |||||
| CVE-2022-2554 | 1 Shortpixel | 1 Enable Media Replace | 2024-11-21 | N/A | 4.9 MEDIUM |
| The Enable Media Replace WordPress plugin before 4.0.0 does not ensure that renamed files are moved to the Upload folder, which could allow high privilege users such as admin to move them outside to the web root directory via a path traversal attack for example | |||||
| CVE-2022-2531 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A | 5.3 MEDIUM |
| An issue has been discovered in GitLab EE affecting all versions starting from 12.5 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. GitLab was not performing correct authentication on Grafana API under specific conditions allowing unauthenticated users to perform queries through a path traversal vulnerability. | |||||
| CVE-2022-2464 | 1 Rockwellautomation | 1 Isagraf Workbench | 2024-11-21 | N/A | 7.7 HIGH |
| Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6.6.9 are affected by a Path Traversal vulnerability. Crafted malicious files can allow an attacker to traverse the file system when opened by ISaGRAF Workbench. If successfully exploited, an attacker could overwrite existing files and create additional files with the same permissions of the ISaGRAF Workbench software. User interaction is required for this exploit to be successful. | |||||
| CVE-2022-2463 | 1 Rockwellautomation | 1 Isagraf Workbench | 2024-11-21 | N/A | 6.1 MEDIUM |
| Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6.6.9 are affected by a Path Traversal vulnerability. A crafted malicious .7z exchange file may allow an attacker to gain the privileges of the ISaGRAF Workbench software when opened. If the software is running at the SYSTEM level, then the attacker will gain admin level privileges. User interaction is required for this exploit to be successful. | |||||