Total
8090 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-24983 | 1 Jqueryform | 1 Jqueryform | 2024-11-21 | 7.5 High |
| Forms generated by JQueryForm.com before 2022-02-05 allow remote attackers to obtain the URI to any uploaded file by capturing the POST response. When chained with CVE-2022-24984, this could lead to unauthenticated remote code execution on the underlying web server. This occurs because the Unique ID field is contained in the POST response upon submitting a form. | ||||
| CVE-2022-24977 | 1 Impresscms | 1 Impresscms | 2024-11-21 | 9.8 Critical |
| ImpressCMS before 1.4.2 allows unauthenticated remote code execution via ...../// directory traversal in origName or imageName, leading to unsafe interaction with the CKEditor processImage.php script. The payload may be placed in PHP_SESSION_UPLOAD_PROGRESS when the PHP installation supports upload_progress. | ||||
| CVE-2022-24659 | 1 Goldshell | 1 Goldshell Miner Firmware | 2024-11-21 | 7.5 High |
| Goldshell ASIC Miners v2.2.1 and below was discovered to contain a path traversal vulnerability which allows unauthenticated attackers to retrieve arbitrary files from the device. | ||||
| CVE-2022-24647 | 1 Cuppacms | 1 Cuppacms | 2024-11-21 | 8.1 High |
| Cuppa CMS v1.0 was discovered to contain an arbitrary file deletion vulnerability via the unlink() function. | ||||
| CVE-2022-24424 | 1 Dell | 1 Emc Appsync | 2024-11-21 | 7.5 High |
| Dell EMC AppSync versions from 3.9 to 4.3 contain a path traversal vulnerability in AppSync server. A remote unauthenticated attacker may potentially exploit this vulnerability to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application. | ||||
| CVE-2022-24348 | 2 Argoproj, Redhat | 2 Argo Cd, Openshift Gitops | 2024-11-21 | 7.7 High |
| Argo CD before 2.1.9 and 2.2.x before 2.2.4 allows directory traversal related to Helm charts because of an error in helmTemplate in repository.go. For example, an attacker may be able to discover credentials stored in a YAML file. | ||||
| CVE-2022-24312 | 1 Schneider-electric | 1 Interactive Graphical Scada System Data Server | 2024-11-21 | 9.8 Critical |
| A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause modification of an existing file by adding at end of file or create a new file in the context of the Data Server potentially leading to remote code execution when an attacker sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior) | ||||
| CVE-2022-24311 | 1 Schneider-electric | 1 Interactive Graphical Scada System Data Server | 2024-11-21 | 9.8 Critical |
| A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause modification of an existing file by inserting at beginning of file or create a new file in the context of the Data Server potentially leading to remote code execution when an attacker sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior) | ||||
| CVE-2022-24278 | 1 Convert-svg Project | 1 Convert-svg | 2024-11-21 | 7.5 High |
| The package convert-svg-core before 0.6.4 are vulnerable to Directory Traversal due to improper sanitization of SVG tags. Exploiting this vulnerability is possible by using a specially crafted SVG file. | ||||
| CVE-2022-24248 | 1 Ritecms | 1 Ritecms | 2024-11-21 | 6.5 Medium |
| RiteCMS version 3.1.0 and below suffers from an arbitrary file deletion via path traversal vulnerability in Admin Panel. Exploiting the vulnerability allows an authenticated attacker to delete any file in the web root (along with any other file on the server that the PHP process user has the proper permissions to delete). Furthermore, an attacker might leverage the capability of arbitrary file deletion to circumvent certain web server security mechanisms such as deleting .htaccess file that would deactivate those security constraints. | ||||
| CVE-2022-24247 | 1 Ritecms | 1 Ritecms | 2024-11-21 | 6.5 Medium |
| RiteCMS version 3.1.0 and below suffers from an arbitrary file overwrite via path traversal vulnerability in Admin Panel. Exploiting the vulnerability allows an authenticated attacker to overwrite any file in the web root (along with any other file on the server that the PHP process user has the proper permissions to write) resulting a remote code execution. | ||||
| CVE-2022-23971 | 1 Asus | 2 Rt-ax56u, Rt-ax56u Firmware | 2024-11-21 | 8.1 High |
| ASUS RT-AX56U’s update_PLC/PORT file has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. An unauthenticated LAN attacker can overwrite a system file by uploading another PLC/PORT file with the same file name, which results in service disruption. | ||||
| CVE-2022-23970 | 1 Asus | 2 Rt-ax56u, Rt-ax56u Firmware | 2024-11-21 | 8.1 High |
| ASUS RT-AX56U’s update_json function has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. An unauthenticated LAN attacker can overwrite a system file by uploading another file with the same file name, which results in service disruption. | ||||
| CVE-2022-23793 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 7.5 High |
| An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Extracting an specifilcy crafted tar package could write files outside of the intended path. | ||||
| CVE-2022-23732 | 1 Github | 1 Enterprise Server | 2024-11-21 | 8.8 High |
| A path traversal vulnerability was identified in GitHub Enterprise Server management console that allowed the bypass of CSRF protections. This could potentially lead to privilege escalation. To exploit this vulnerability, an attacker would need to target a user that was actively logged into the management console. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.5 and was fixed in versions 3.1.19, 3.2.11, 3.3.6, 3.4.1. This vulnerability was reported via the GitHub Bug Bounty program. | ||||
| CVE-2022-23447 | 1 Fortinet | 2 Fortiextender, Fortiextender Firmware | 2024-11-21 | 7.3 High |
| An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in FortiExtender management interface 7.0.0 through 7.0.3, 4.2.0 through 4.2.4, 4.1.1 through 4.1.8, 4.0.0 through 4.0.2, 3.3.0 through 3.3.2, 3.2.1 through 3.2.3, 5.3 all versions may allow an unauthenticated and remote attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests. | ||||
| CVE-2022-23409 | 1 Ethercreative | 1 Logs | 2024-11-21 | 4.9 Medium |
| The Logs plugin before 3.0.4 for Craft CMS allows remote attackers to read arbitrary files via input to actionStream in Controller.php. | ||||
| CVE-2022-23357 | 1 Mozilo | 1 Mozilocms | 2024-11-21 | 9.1 Critical |
| mozilo2.0 was discovered to be vulnerable to directory traversal attacks via the parameter curent_dir. | ||||
| CVE-2022-23347 | 1 Bigantsoft | 1 Bigant Server | 2024-11-21 | 7.5 High |
| BigAnt Software BigAnt Server v5.6.06 was discovered to be vulnerable to directory traversal attacks. | ||||
| CVE-2022-23166 | 1 Sysaid | 1 Sysaid | 2024-11-21 | 6.1 Medium |
| Sysaid – Sysaid Local File Inclusion (LFI) – An unauthenticated attacker can access to the system by accessing to "/lib/tinymce/examples/index.html" path. in the "Insert/Edit Embedded Media" window Choose Type : iFrame and File/URL : [here is the LFI] Solution: Update to 22.2.20 cloud version, or to 22.1.64 on premise version. | ||||