Search Results (522 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-20160 1 Flitto 1 Express-param 2024-11-21 6.3 Medium
A vulnerability was found in flitto express-param up to 0.x. It has been classified as critical. This affects an unknown part of the file lib/fetchParams.js. The manipulation leads to improper handling of extra parameters. It is possible to initiate the attack remotely. Upgrading to version 1.0.0 is able to address this issue. The identifier of the patch is db94f7391ad0a16dcfcba8b9be1af385b25c42db. It is recommended to upgrade the affected component. The identifier VDB-217149 was assigned to this vulnerability.
CVE-2017-0918 2 Debian, Gitlab 2 Debian Linux, Gitlab 2024-11-21 N/A
Gitlab Community Edition version 10.3 is vulnerable to a path traversal issue in the GitLab CI runner component resulting in remote code execution.
CVE-2024-11309 1 Trcore 1 Dvc 2024-11-20 7.5 High
The DVC from TRCore has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files.
CVE-2024-11310 1 Trcore 1 Dvc 2024-11-20 7.5 High
The DVC from TRCore has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files.
CVE-2024-11311 1 Trcore 1 Dvc 2024-11-20 9.8 Critical
The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells.
CVE-2024-11312 1 Trcore 1 Dvc 2024-11-20 9.8 Critical
The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells.
CVE-2024-11313 1 Trcore 1 Dvc 2024-11-20 9.8 Critical
The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells.
CVE-2024-11314 1 Trcore 1 Dvc 2024-11-20 9.8 Critical
The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells.
CVE-2024-11315 1 Trcore 1 Dvc 2024-11-20 9.8 Critical
The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells.
CVE-2024-6985 2 Lollms, Parisneo 2 Lollms, Lollms 2024-11-15 4.4 Medium
A path traversal vulnerability exists in the api open_personality_folder endpoint of parisneo/lollms-webui. This vulnerability allows an attacker to read any folder in the personality_folder on the victim's computer, even though sanitize_path is set. The issue arises due to improper sanitization of the personality_folder parameter, which can be exploited to traverse directories and access arbitrary files.
CVE-2024-47769 2 Idurar Project, Idurarapp 2 Idurar, Idurar 2024-11-13 7.5 High
IDURAR is open source ERP CRM accounting invoicing software. The vulnerability exists in the corePublicRouter.js file. Using the reference usage here, it is identified that the public endpoint is accessible to an unauthenticated user. The user's input is directly appended to the join statement without additional checks. This allows an attacker to send URL encoded malicious payload. The directory structure can be escaped to read system files by adding an encoded string (payload) at subpath location.
CVE-2024-10200 1 Wellchoose 1 Administrative Management System 2024-10-24 7.5 High
Administrative Management System from Wellchoose has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to download arbitrary files on the server.
CVE-2024-9923 1 Teamplus 1 Team\+ Pro 2024-10-24 4.9 Medium
The Team+ from TEAMPLUS TECHNOLOGY does not properly validate a specific page parameter, allowing remote attackers with administrator privileges to move arbitrary system files to the website root directory and access them.
CVE-2024-9922 1 Teamplus 2 Team\+, Team\+ Pro 2024-10-24 7.5 High
The Team+ from TEAMPLUS TECHNOLOGY does not properly validate a specific page parameter, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files.
CVE-2024-9983 1 Ragic 1 Enterprise Cloud Database 2024-10-16 7.5 High
Enterprise Cloud Database from Ragic does not properly validate a specific page parameter, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files.
CVE-2024-47949 1 Jetbrains 1 Teamcity 2024-10-11 4.9 Medium
In JetBrains TeamCity before 2024.07.3 path traversal allowed backup file write to arbitrary location
CVE-2024-47948 1 Jetbrains 1 Teamcity 2024-10-11 4.9 Medium
In JetBrains TeamCity before 2024.07.3 path traversal leading to information disclosure was possible via server backups
CVE-2024-47651 1 Shilpi 1 Client Dashboard 2024-10-10 6.5 Medium
This vulnerability exists in Shilpi Client Dashboard due to improper handling of multiple parameters in the API endpoint. An authenticated remote attacker could exploit this vulnerability by including multiple “userid” parameters in the API request body leading to unauthorized access of sensitive information belonging to other users.
CVE-2024-20449 1 Cisco 2 Data Center Network Manager, Nexus Dashboard Fabric Controller 2024-10-08 8.8 High
A vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, remote attacker with low privileges to execute arbitrary code on an affected device. This vulnerability is due to improper path validation. An attacker could exploit this vulnerability by using the Secure Copy Protocol (SCP) to upload malicious code to an affected device using path traversal techniques. A successful exploit could allow the attacker to execute arbitrary code in a specific container with the privileges of root.
CVE-2024-7693 2 Raidenmaild, Team Johnlong 2 Raidenmaild, Raiden Maild Remote Management System 2024-09-06 7.5 High
Raiden MAILD Remote Management System from Team Johnlong Software has a Relative Path Traversal vulnerability, allowing unauthenticated remote attackers to read arbitrary file on the remote server.