Total
7624 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-46886 | 1 Iteachyou | 1 Dreamer Cms | 2025-04-04 | 9.1 Critical |
| Dreamer CMS before version 4.0.1 is vulnerable to Directory Traversal. Background template management allows arbitrary modification of the template file, allowing system sensitive files to be read. | ||||
| CVE-2022-3693 | 1 Fileorbis | 1 Fileorbis | 2025-04-04 | 7.5 High |
| Path Traversal vulnerability in Deytek Informatics FileOrbis File Management System allows Path Traversal.This issue affects FileOrbis File Management System: from unspecified before 10.6.3. | ||||
| CVE-2024-4790 | 1 Dedecms | 1 Dedecms | 2025-04-04 | 4.3 Medium |
| A vulnerability classified as problematic has been found in DedeCMS 5.7.114. This affects an unknown part of the file /sys_verifies.php?action=view. The manipulation of the argument filename with the input ../../../../../etc/passwd leads to path traversal: '../filedir'. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263889 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-40493 | 1 Lg | 1 Simple Editor | 2025-04-04 | 9.8 Critical |
| LG Simple Editor copySessionFolder Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the copySessionFolder command. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. . Was ZDI-CAN-19920. | ||||
| CVE-2023-40494 | 1 Lg | 1 Simple Editor | 2025-04-04 | 9.1 Critical |
| LG Simple Editor deleteFolder Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the deleteFolder method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files in the context of SYSTEM. . Was ZDI-CAN-19921. | ||||
| CVE-2023-40495 | 1 Lg | 1 Simple Editor | 2025-04-04 | 7.5 High |
| LG Simple Editor copyTemplateAll Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the copyTemplateAll method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. . Was ZDI-CAN-19922. | ||||
| CVE-2023-0290 | 1 Rapid7 | 1 Velociraptor | 2025-04-03 | 4.3 Medium |
| Rapid7 Velociraptor did not properly sanitize the client ID parameter to the CreateCollection API, allowing a directory traversal in where the collection task could be written. It was possible to provide a client id of "../clients/server" to schedule the collection for the server (as a server artifact), but only require privileges to schedule collections on the client. Normally, to schedule an artifact on the server, the COLLECT_SERVER permission is required. This permission is normally only granted to "administrator" role. Due to this issue, it is sufficient to have the COLLECT_CLIENT privilege, which is normally granted to the "investigator" role. To exploit this vulnerability, the attacker must already have a Velociraptor user account at least "investigator" level, and be able to authenticate to the GUI and issue an API call to the backend. Typically, most users deploy Velociraptor with limited access to a trusted group, and most users will already be administrators within the GUI. This issue affects Velociraptor versions before 0.6.7-5. Version 0.6.7-5, released January 16, 2023, fixes the issue. | ||||
| CVE-2023-0126 | 1 Sonicwall | 2 Sma1000, Sma1000 Firmware | 2025-04-03 | 7.5 High |
| Pre-authentication path traversal vulnerability in SMA1000 firmware version 12.4.2, which allows an unauthenticated attacker to access arbitrary files and directories stored outside the web root directory. | ||||
| CVE-2025-2264 | 1 Santesoft | 1 Sante Pacs Server | 2025-04-03 | 7.5 High |
| A Path Traversal Information Disclosure vulnerability exists in "Sante PACS Server.exe". An unauthenticated remote attacker can exploit it to download arbitrary files on the disk drive where the application is installed. | ||||
| CVE-2022-47747 | 1 Uber | 1 Kraken | 2025-04-03 | 7.5 High |
| kraken <= 0.1.4 has an arbitrary file read vulnerability via the component testfs. | ||||
| CVE-2025-25371 | 1 Nasa | 1 Cfs | 2025-04-03 | 7.5 High |
| NASA cFS (Core Flight System) Aquila is vulnerable to path traversal in the OSAL module, allowing the override of any arbitrary file on the system. | ||||
| CVE-2022-46639 | 1 Correos | 1 Correos | 2025-04-03 | 7.5 High |
| A vulnerability in the descarga_etiqueta.php component of Correos Prestashop 1.7.x allows attackers to execute a directory traversal. | ||||
| CVE-2022-46959 | 1 Sonic Project | 1 Sonic | 2025-04-03 | 4.3 Medium |
| An issue in the component /admin/backups/work-dir of Sonic v1.0.4 allows attackers to execute a directory traversal. | ||||
| CVE-2022-25377 | 1 Appwrite | 1 Appwrite | 2025-04-03 | 7.5 High |
| The ACME-challenge endpoint in Appwrite 0.5.0 through 0.12.x before 0.12.2 allows remote attackers to read arbitrary local files via ../ directory traversal. In order to be vulnerable, APP_STORAGE_CERTIFICATES/.well-known/acme-challenge must exist on disk. (This pathname is automatically created if the user chooses to install Let's Encrypt certificates via Appwrite.) | ||||
| CVE-2006-3360 | 1 Phpsysinfo | 1 Phpsysinfo | 2025-04-03 | N/A |
| Directory traversal vulnerability in index.php in phpSysInfo 2.5.1 allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) sequence and a trailing null (%00) byte in the lng parameter, which will display a different error message if the file exists. | ||||
| CVE-2006-0976 | 1 Spid | 1 Spid | 2025-04-03 | N/A |
| Directory traversal vulnerability in scan_lang_insert.php in Boris Herbiniere-Seve SPiD 1.3.1 allows remote attackers to read arbitrary files via the lang parameter. | ||||
| CVE-2003-1335 | 1 Kai Blankenhorn Bitfolge | 1 Simple And Nice Index File | 2025-04-03 | N/A |
| Directory traversal vulnerability in Kai Blankenhorn Bitfolge simple and nice index file (aka snif) before 1.2.5 allows remote attackers to download files from locations above the snif directory. | ||||
| CVE-2003-1545 | 2 Nukestyles, Phpnuke | 2 Viewpage, Nukestyles Viewpage Module | 2025-04-03 | N/A |
| Absolute path traversal vulnerability in nukestyles.com viewpage.php addon for PHP-Nuke allows remote attackers to read arbitrary files via a full pathname in the file parameter. NOTE: This was originally reported as an issue in PHP-Nuke 6.5, but this is an independent addon. | ||||
| CVE-2003-1542 | 1 Ondrej Jombik | 1 Phpwebfilemanager | 2025-04-03 | N/A |
| Directory traversal vulnerability in plugins/file.php in phpWebFileManager before 0.4.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the fm_path parameter. | ||||
| CVE-2006-0931 | 1 Pear | 1 Pear Archive Tar | 2025-04-03 | N/A |
| Directory traversal vulnerability in PEAR::Archive_Tar 1.2, and other versions before 1.3.2, allows remote attackers to create and overwrite arbitrary files via certain crafted pathnames in a TAR archive. | ||||