Search Results (9680 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-13158 1 Articatech 1 Artica Proxy 2024-11-21 7.5 High
Artica Proxy before 4.30.000000 Community Edition allows Directory Traversal via the fw.progrss.details.php popup parameter.
CVE-2020-13093 1 Ispyconnect 1 Agent Dvr 2024-11-21 5.3 Medium
iSpyConnect.com Agent DVR before 2.7.1.0 allows directory traversal.
CVE-2020-12851 1 Pydio 1 Cells 2024-11-21 8.1 High
Pydio Cells 2.0.4 allows an authenticated user to write or overwrite existing files in another user’s personal and cells folders (repositories) by uploading a custom generated ZIP file and leveraging the file extraction feature present in the web application. The extracted files will be placed in the targeted user folders.
CVE-2020-12832 1 Simplefilelist 1 Simple-file-list 2024-11-21 9.8 Critical
WordPress Plugin Simple File List before 4.2.8 is prone to a vulnerability that lets attackers delete arbitrary files because the application fails to properly verify user-supplied input.
CVE-2020-12827 1 Mjml 1 Mjml 2024-11-21 7.2 High
MJML prior to 4.6.3 contains a path traversal vulnerability when processing the mj-include directive within an MJML document.
CVE-2020-12765 1 Solis 1 Miolo 2024-11-21 5.3 Medium
Solis Miolo 2.0 allows index.php?module=install&action=view&item= Directory Traversal.
CVE-2020-12764 1 Solis 1 Gnuteca 2024-11-21 5.3 Medium
Gnuteca 3.8 allows file.php?folder=/&file= Directory Traversal.
CVE-2020-12737 1 Maxum 1 Rumpus 2024-11-21 6.5 Medium
An issue was discovered in Maxum Rumpus before 8.2.12 on macOS. Authenticated users can perform a path traversal using double escaped characters, enabling read access to arbitrary files on the server.
CVE-2020-12649 1 Gurbalib Project 1 Gurbalib 2024-11-21 7.5 High
Gurbalib through 2020-04-30 allows lib/cmds/player/help.c directory traversal for reading administrative paths.
CVE-2020-12640 2 Opensuse, Roundcube 3 Backports Sle, Leap, Webmail 2024-11-21 9.8 Critical
Roundcube Webmail before 1.4.4 allows attackers to include local files and execute code via directory traversal in a plugin name to rcube_plugin_api.php.
CVE-2020-12499 1 Phoenixcontact 1 Plcnext Engineer 2024-11-21 8.2 High
In PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and earlier an improper path sanitation vulnerability exists on import of project files.
CVE-2020-12479 1 Teampass 1 Teampass 2024-11-21 8.8 High
TeamPass 2.1.27.36 allows any authenticated TeamPass user to trigger a PHP file include vulnerability via a crafted HTTP request with sources/users.queries.php newValue directory traversal.
CVE-2020-12475 1 Tp-link 1 Omada Controller 2024-11-21 5.5 Medium
TP-Link Omada Controller Software 3.2.6 allows Directory Traversal for reading arbitrary files via com.tp_link.eap.web.portal.PortalController.getAdvertiseFile in /opt/tplink/EAPController/lib/eap-web-3.2.6.jar.
CVE-2020-12448 1 Gitlab 1 Gitlab 2024-11-21 5.3 Medium
GitLab EE 12.8 and later allows Exposure of Sensitive Information to an Unauthorized Actor via NuGet.
CVE-2020-12447 1 Onkyo 2 Tx-nr585, Tx-nr585 Firmware 2024-11-21 7.5 High
A Local File Inclusion (LFI) issue on Onkyo TX-NR585 1000-0000-000-0008-0000 devices allows remote unauthenticated users on the network to read sensitive files via %2e%2e%2f directory traversal, as demonstrated by reading /etc/shadow.
CVE-2020-12443 1 Bigbluebutton 1 Bigbluebutton 2024-11-21 9.8 Critical
BigBlueButton before 2.2.6 allows remote attackers to read arbitrary files because the presfilename (lowercase) value can be a .pdf filename while the presFilename (mixed case) value has a ../ sequence. This can be leveraged for privilege escalation via a directory traversal to bigbluebutton.properties. NOTE: this issue exists because of an ineffective mitigation to CVE-2020-12112 in which there was an attempted fix within an NGINX configuration file, without considering that the relevant part of NGINX is case-insensitive.
CVE-2020-12415 2 Mozilla, Opensuse 2 Firefox, Leap 2024-11-21 6.5 Medium
When "%2F" was present in a manifest URL, Firefox's AppCache behavior may have become confused and allowed a manifest to be served from a subdirectory. This could cause the appcache to be used to service requests for the top level directory. This vulnerability affects Firefox < 78.
CVE-2020-12392 3 Canonical, Mozilla, Redhat 7 Ubuntu Linux, Firefox, Firefox Esr and 4 more 2024-11-21 5.5 Medium
The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP POST data of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in the disclosure of local files. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.
CVE-2020-12315 1 Intel 1 Endpoint Management Assistant 2024-11-21 9.8 Critical
Path traversal in the Intel(R) EMA before version 1.3.3 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
CVE-2020-12265 1 Decompress Project 1 Decompress 2024-11-21 9.8 Critical
The decompress package before 4.2.1 for Node.js is vulnerable to Arbitrary File Write via ../ in an archive member, when a symlink is used, because of Directory Traversal.