Filtered by CWE-22
Total 7067 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-34939 1 Onlyoffice 1 Onlyoffice 2024-12-06 9.8 Critical
Onlyoffice Community Server before v12.5.2 was discovered to contain a remote code execution (RCE) vulnerability via the component UploadProgress.ashx.
CVE-2024-11585 1 Nsp-code 1 Wp Hide \& Security Enhancer 2024-12-06 7.5 High
The WP Hide & Security Enhancer plugin for WordPress is vulnerable to arbitrary file contents deletion due to a missing authorization and insufficient file path validation in the file-process.php in all versions up to, and including, 2.5.1. This makes it possible for unauthenticated attackers to delete the contents of arbitrary files on the server, which can break the site or lead to data loss.
CVE-2024-10516 1 Swteplugins 1 Swift Performance 2024-12-06 8.1 High
The Swift Performance Lite plugin for WordPress is vulnerable to Local PHP File Inclusion in all versions up to, and including, 2.3.7.1 via the 'ajaxify' function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
CVE-2023-5189 1 Redhat 7 Ansible Automation Platform, Ansible Automation Platform Developer, Ansible Automation Platform Inside and 4 more 2024-12-06 6.3 Medium
A path traversal vulnerability exists in Ansible when extracting tarballs. An attacker could craft a malicious tarball so that when using the galaxy importer of Ansible Automation Hub, a symlink could be dropped on the disk, resulting in files being overwritten.
CVE-2023-5115 2 Debian, Redhat 7 Debian Linux, Ansible Automation Platform, Ansible Automation Platform Developer and 4 more 2024-12-06 6.3 Medium
An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to craft a malicious Ansible role and make the victim execute the role. A symlink can be used to overwrite a file outside of the extraction path.
CVE-2024-11667 1 Zyxel 41 Atp, Atp100, Atp100 Firmware and 38 more 2024-12-06 7.5 High
A directory traversal vulnerability in the web management interface of Zyxel ATP series firmware versions V5.00 through V5.38, USG FLEX series firmware versions V5.00 through V5.38, USG FLEX 50(W) series firmware versions V5.10 through V5.38, and USG20(W)-VPN series firmware versions V5.10 through V5.38 could allow an attacker to download or upload files via a crafted URL.
CVE-2024-10933 2024-12-05 5 Medium
In OpenBSD 7.5 before errata 009 and OpenBSD 7.4 before errata 022, exclude any '/' in readdir name validation to avoid unexpected directory traversal on untrusted file systems.
CVE-2023-32608 1 Pleasanter 1 Pleasanter 2024-12-05 6.5 Medium
Directory traversal vulnerability in Pleasanter (Community Edition and Enterprise Edition) 1.3.39.2 and earlier versions allows a remote authenticated attacker to alter an arbitrary file on the server.
CVE-2023-32521 1 Trendmicro 1 Mobile Security 2024-12-05 9.1 Critical
A path traversal exists in a specific service dll of Trend Micro Mobile Security (Enterprise) 9.8 SP5 which could allow an unauthenticated remote attacker to delete arbitrary files.
CVE-2023-30945 1 Palantir 3 Clips2, Video Clip Distributor, Video History Service 2024-12-05 9.8 Critical
Multiple Services such as VHS(Video History Server) and VCD(Video Clip Distributor) and Clips2 were discovered to be vulnerable to an unauthenticated arbitrary file read/write vulnerability due to missing input validation on filenames. A malicious attacker could read sensitive files from the filesystem or write/delete arbitrary files on the filesystem as well.
CVE-2023-3330 1 Nec 34 Aterm Wf300hp, Aterm Wf300hp Firmware, Aterm Wg1400hp and 31 more 2024-12-04 4.3 Medium
Improper Limitation of a Pathname to a Restricted Directory vulnerability in NEC Corporation Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a attacker to obtain specific files in the product.
CVE-2024-54132 2024-12-04 N/A
The GitHub CLI is GitHub’s official command line tool. A security vulnerability has been identified in GitHub CLI that could create or overwrite files in unintended directories when users download a malicious GitHub Actions workflow artifact through gh run download. This vulnerability stems from a GitHub Actions workflow artifact named .. when downloaded using gh run download. The artifact name and --dir flag are used to determine the artifact’s download path. When the artifact is named .., the resulting files within the artifact are extracted exactly 1 directory higher than the specified --dir flag value. This vulnerability is fixed in 2.63.1.
CVE-2023-32557 3 Microsoft, Trend Micro Inc, Trendmicro 3 Windows, Trend Micro Apex One, Apex One 2024-12-04 9.8 Critical
A path traversal vulnerability in the Trend Micro Apex One and Apex One as a Service could allow an unauthenticated attacker to upload an arbitrary file to the Management Server which could lead to remote code execution with system privileges.
CVE-2020-19902 1 Wcms 1 Wcms 2024-12-04 9.8 Critical
Directory Traversal vulnerability found in Cryptoprof WCMS v.0.3.2 allows a remote attacker to execute arbitrary code via the wex/cssjs.php parameter.
CVE-2023-3331 1 Nec 34 Aterm Wf300hp, Aterm Wf300hp Firmware, Aterm Wg1400hp and 31 more 2024-12-04 5.4 Medium
Improper Limitation of a Pathname to a Restricted Directory vulnerability in NEC Corporation Aterm Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a attacker to delete specific files in the product.
CVE-2024-11664 1 Enms 1 Enms 2024-12-04 8.8 High
A vulnerability, which was classified as critical, has been found in eNMS up to 4.2. Affected by this issue is the function multiselect_filtering of the file eNMS/controller.py of the component TGZ File Handler. The manipulation leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The patch is identified as 22b0b443acca740fc83b5544165c1f53eff3f529. It is recommended to apply a patch to fix this issue.
CVE-2023-32522 1 Trendmicro 1 Mobile Security 2024-12-04 8.1 High
A path traversal exists in a specific dll of Trend Micro Mobile Security (Enterprise) 9.8 SP5 which could allow an authenticated remote attacker to delete arbitrary files. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVE-2023-25307 1 Mrpack-install Project 1 Mrpack-install 2024-12-04 7.8 High
nothub mrpack-install <= v0.16.2 is vulnerable to Directory Traversal.
CVE-2023-25306 1 Multimc 1 Multimc 2024-12-04 7.5 High
MultiMC Launcher <= 0.6.16 is vulnerable to Directory Traversal.
CVE-2023-35975 1 Arubanetworks 14 Arubaos, Mc-va-10, Mc-va-1k and 11 more 2024-12-04 6.5 Medium
An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability results in the ability to delete arbitrary files in the underlying operating system.