Total
7364 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-36647 | 1 Yunohost | 1 Transmission Ynh | 2024-11-21 | 5.2 MEDIUM | 5.5 MEDIUM |
| A vulnerability classified as critical has been found in YunoHost-Apps transmission_ynh. Affected is an unknown function of the file conf/nginx.conf. The manipulation leads to path traversal. The patch is identified as f136dfd44eda128129e5fd2d850a3a3c600e6a4a. It is recommended to apply a patch to fix this issue. VDB-217638 is the identifier assigned to this vulnerability. | |||||
| CVE-2020-36629 | 2024-11-21 | N/A | 5.5 MEDIUM | ||
| A vulnerability classified as critical was found in SimbCo httpster. This vulnerability affects the function fs.realpathSync of the file src/server.coffee. The manipulation leads to path traversal. The exploit has been disclosed to the public and may be used. The name of the patch is d3055b3e30b40b65d30c5a06d6e053dffa7f35d0. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216748. | |||||
| CVE-2020-36628 | 2024-11-21 | N/A | 5.5 MEDIUM | ||
| A vulnerability classified as critical has been found in Calsign APDE. This affects the function handleExtract of the file APDE/src/main/java/com/calsignlabs/apde/build/dag/CopyBuildTask.java of the component ZIP File Handler. The manipulation leads to path traversal. Upgrading to version 0.5.2-pre2-alpha is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216747. | |||||
| CVE-2020-36488 | 1 Sky File Project | 1 Sky File | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue in the FTP server of Sky File v2.1.0 allows attackers to perform directory traversal via `/null//` path commands. | |||||
| CVE-2020-36364 | 1 Smartstore | 1 Smartstorenet | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in Smartstore (aka SmartStoreNET) before 4.1.0. Administration/Controllers/ImportController.cs allows path traversal (for copy and delete actions) in the ImportController.Create method via a TempFileName field. | |||||
| CVE-2020-36321 | 1 Vaadin | 2 Flow, Vaadin | 2024-11-21 | 5.0 MEDIUM | 5.9 MEDIUM |
| Improper URL validation in development mode handler in com.vaadin:flow-server versions 2.0.0 through 2.4.1 (Vaadin 14.0.0 through 14.4.2), and 3.0 prior to 5.0 (Vaadin 15 prior to 18) allows attacker to request arbitrary files stored outside of intended frontend resources folder. | |||||
| CVE-2020-36314 | 2 Fedoraproject, Gnome | 2 Fedora, File-roller | 2024-11-21 | 2.6 LOW | 3.9 LOW |
| fr-archive-libarchive.c in GNOME file-roller through 3.38.0, as used by GNOME Shell and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations. NOTE: this issue exists because of an incomplete fix for CVE-2020-11736. | |||||
| CVE-2020-36241 | 2 Fedoraproject, Gnome | 2 Fedora, Gnome-autoar | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location. | |||||
| CVE-2020-36142 | 1 Bloofox | 1 Bloofoxcms | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| BloofoxCMS 0.5.2.1 allows Directory traversal vulnerability by inserting '../' payloads within the 'fileurl' parameter. | |||||
| CVE-2020-36052 | 1 1234n | 1 Minicms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Directory traversal vulnerability in post-edit.php in MiniCMS V1.10 allows remote attackers to include and execute arbitrary files via the state parameter. | |||||
| CVE-2020-36051 | 1 1234n | 1 Minicms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in page_edit.php in MiniCMS V1.10 allows remote attackers to read arbitrary files via the state parameter. | |||||
| CVE-2020-35883 | 1 Mozwire Project | 1 Mozwire | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in the mozwire crate through 2020-08-18 for Rust. A ../ directory-traversal situation allows overwriting local files that have .conf at the end of the filename. | |||||
| CVE-2020-35762 | 1 Bloofox | 1 Bloofoxcms | 2024-11-21 | 4.0 MEDIUM | 2.7 LOW |
| bloofoxCMS 0.5.2.1 is infected with Path traversal in the 'fileurl' parameter that allows attackers to read local files. | |||||
| CVE-2020-35749 | 1 Presstigers | 1 Simple Board Job | 2024-11-21 | 4.0 MEDIUM | 7.7 HIGH |
| Directory traversal vulnerability in class-simple_job_board_resume_download_handler.php in the Simple Board Job plugin 2.9.3 and earlier for WordPress allows remote attackers to read arbitrary files via the sjb_file parameter to wp-admin/post.php. | |||||
| CVE-2020-35736 | 1 Liftoffsoftware | 1 Gateone | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| GateOne 1.1 allows arbitrary file download without authentication via /downloads/.. directory traversal because os.path.join is misused. | |||||
| CVE-2020-35709 | 1 Bloofox | 1 Bloofoxcms | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| bloofoxCMS 0.5.2.1 allows admins to upload arbitrary .php files (with "Content-Type: application/octet-stream") to ../media/images/ via the admin/index.php?mode=tools&page=upload URI, aka directory traversal. | |||||
| CVE-2020-35612 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Joomla! 2.5.0 through 3.9.22. The folder parameter of mod_random_image lacked input validation, leading to a path traversal vulnerability. | |||||
| CVE-2020-35598 | 1 Advanced Comment System Project | 1 Advanced Comment System | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| ACS Advanced Comment System 1.0 is affected by Directory Traversal via an advanced_component_system/index.php?ACS_path=..%2f URI. NOTE: this might be the same as CVE-2009-4623 | |||||
| CVE-2020-35580 | 1 Searchblox | 1 Searchblox | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A local file inclusion vulnerability in the FileServlet in all SearchBlox before 9.2.2 allows remote, unauthenticated users to read arbitrary files from the operating system via a /searchblox/servlet/FileServlet?col=url= request. Additionally, this may be used to read the contents of the SearchBlox configuration file (e.g., searchblox/WEB-INF/config.xml), which contains both the Super Admin's API key and the base64 encoded SHA1 password hashes of other SearchBlox users. | |||||
| CVE-2020-35362 | 1 Dext5 | 1 Dext5upload | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| DEXT5Upload 2.7.1262310 and earlier is affected by Directory Traversal in handler/dext5handler.jsp. This could allow remote files to be downloaded via a dext5CMD=downloadRequest action with traversal in the fileVirtualPath parameter (the attacker must provide the correct fileOrgName value). | |||||