Vulnerabilities (CVE)

Filtered by CWE-22
Total 6016 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-28993 2024-07-17 N/A 7.6 HIGH
The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. This vulnerability allows an unauthenticated user to perform arbitrary file deletion and leak sensitive information.
CVE-2024-23475 2024-07-17 N/A 9.6 CRITICAL
The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. This vulnerability allows an unauthenticated user to perform arbitrary file deletion and leak sensitive information.
CVE-2024-23474 2024-07-17 N/A 7.6 HIGH
The SolarWinds Access Rights Manager was found to be susceptible to an Arbitrary File Deletion and Information Disclosure vulnerability.
CVE-2024-23472 2024-07-17 N/A 9.6 CRITICAL
SolarWinds Access Rights Manager (ARM) is susceptible to Directory Traversal vulnerability. This vulnerability allows an authenticated user to arbitrary read and delete files in ARM.
CVE-2024-23468 2024-07-17 N/A 7.6 HIGH
The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. This vulnerability allows an unauthenticated user to perform arbitrary file deletion and leak sensitive information.
CVE-2024-23467 2024-07-17 N/A 9.6 CRITICAL
The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. This vulnerability allows an unauthenticated user to perform remote code execution.
CVE-2024-23466 2024-07-17 N/A 9.6 CRITICAL
SolarWinds Access Rights Manager (ARM) is susceptible to a Directory Traversal Remote Code Execution vulnerability. If exploited, this vulnerability allows an unauthenticated user to perform the actions with SYSTEM privileges.
CVE-2015-4068 1 Arcserve 1 Udp 2024-07-16 9.4 HIGH 9.1 CRITICAL
Directory traversal vulnerability in Arcserve UDP before 5.0 Update 4 allows remote attackers to obtain sensitive information or cause a denial of service via a crafted file path to the (1) reportFileServlet or (2) exportServlet servlet.
CVE-2015-3035 1 Tp-link 26 Archer C5 \(1.2\), Archer C5 \(1.2\) Firmware, Archer C7 \(2.0\) and 23 more 2024-07-16 7.8 HIGH 7.5 HIGH
Directory traversal vulnerability in TP-LINK Archer C5 (1.2) with firmware before 150317, C7 (2.0) with firmware before 150304, and C8 (1.0) with firmware before 150316, Archer C9 (1.0), TL-WDR3500 (1.0), TL-WDR3600 (1.0), and TL-WDR4300 (1.0) with firmware before 150302, TL-WR740N (5.0) and TL-WR741ND (5.0) with firmware before 150312, and TL-WR841N (9.0), TL-WR841N (10.0), TL-WR841ND (9.0), and TL-WR841ND (10.0) with firmware before 150310 allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to login/.
CVE-2014-0130 2 Redhat, Rubyonrails 3 Enterprise Linux Server, Subscription Asset Manager, Rails 2024-07-16 4.3 MEDIUM 7.5 HIGH
Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails before 3.2.18, 4.0.x before 4.0.5, and 4.1.x before 4.1.1, when certain route globbing configurations are enabled, allows remote attackers to read arbitrary files via a crafted request.
CVE-2016-0752 5 Debian, Opensuse, Redhat and 2 more 6 Debian Linux, Leap, Opensuse and 3 more 2024-07-16 5.0 MEDIUM 7.5 HIGH
Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname.
CVE-2010-2861 1 Adobe 1 Coldfusion 2024-07-16 7.5 HIGH 9.8 CRITICAL
Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files via the locale parameter to (1) CFIDE/administrator/settings/mappings.cfm, (2) logging/settings.cfm, (3) datasources/index.cfm, (4) j2eepackaging/editarchive.cfm, and (5) enter.cfm in CFIDE/administrator/.
CVE-2022-21999 1 Microsoft 17 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 14 more 2024-07-16 4.6 MEDIUM 7.8 HIGH
Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2024-39741 1 Ibm 2 Datacap, Datacap Navigator 2024-07-16 N/A 5.3 MEDIUM
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 296010.
CVE-2024-39918 2024-07-16 N/A 4.3 MEDIUM
@jmondi/url-to-png is an open source URL to PNG utility featuring parallel rendering using Playwright for screenshots and with storage caching via Local, S3, or CouchDB. Input of the `ImageId` in the code is not sanitized and may lead to path traversal. This allows an attacker to store an image in an arbitrary location that the server has permission to access. This issue has been addressed in version 2.1.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2024-39171 1 Phpvibe 1 Phpvibe 2024-07-12 N/A 9.8 CRITICAL
Directory Travel in PHPVibe v11.0.46 due to incomplete blacklist checksums and directory checks, which can lead to code execution via writing specific statements to .htaccess and code to a file with a .png suffix.
CVE-2024-2602 1 Schneider-electric 1 Foxrtu Station 2024-07-12 N/A 7.8 HIGH
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could result in remote code execution when an authenticated user executes a saved project file that has been tampered by a malicious actor.
CVE-2024-38716 2024-07-12 N/A 6.5 MEDIUM
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Blue Plugins Events Calendar for Google allows PHP Local File Inclusion.This issue affects Events Calendar for Google: from n/a through 2.1.0.
CVE-2024-37928 2024-07-12 N/A 8.6 HIGH
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in NooTheme Jobmonster allows File Manipulation.This issue affects Jobmonster: from n/a through 4.7.0.
CVE-2024-37932 2024-07-12 N/A 8.6 HIGH
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in anhvnit Woocommerce OpenPos allows File Manipulation.This issue affects Woocommerce OpenPos: from n/a through 6.4.4.