CVE-2024-1708

Public exploit
ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traversal vulnerability, which may allow an attacker the ability to execute remote code or directly impact confidential data or critical systems.
Max CVSS
8.4
EPSS Score
0.05%
Published
2024-02-21
Updated
2024-02-22

CVE-2023-49294

Public exploit
Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, it is possible to read any arbitrary file even when the `live_dangerously` is not enabled. This allows arbitrary files to be read. Asterisk versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, contain a fix for this issue.
Max CVSS
7.5
EPSS Score
0.10%
Published
2023-12-14
Updated
2023-12-29

CVE-2023-46455

Public exploit
In GL.iNET GL-AR300M routers with firmware v4.3.7 it is possible to write arbitrary files through a path traversal attack in the OpenVPN client file upload functionality.
Max CVSS
7.5
EPSS Score
0.05%
Published
2023-12-12
Updated
2023-12-14

CVE-2023-37607

Public exploit
Directory Traversal in Automatic-Systems SOC FL9600 FastLine lego_T04E00 allows a remote attacker to obtain sensitive information.
Max CVSS
7.5
EPSS Score
0.16%
Published
2024-01-03
Updated
2024-01-09

CVE-2023-32315

Known exploited
Public exploit
Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup Environment in an already configured Openfire environment to access restricted pages in the Openfire Admin Console reserved for administrative users. This vulnerability affects all versions of Openfire that have been released since April 2015, starting with version 3.10.0. The problem has been patched in Openfire release 4.7.5 and 4.6.8, and further improvements will be included in the yet-to-be released first version on the 4.8 branch (which is expected to be version 4.8.0). Users are advised to upgrade. If an Openfire upgrade isn’t available for a specific release, or isn’t quickly actionable, users may see the linked github advisory (GHSA-gw42-f939-fhvm) for mitigation advice.
Max CVSS
8.6
EPSS Score
97.38%
Published
2023-05-26
Updated
2023-07-21
CISA KEV Added
2023-08-24

CVE-2023-30451

Public exploit
In TYPO3 11.5.24, the filelist component allows attackers (who have access to the administrator panel) to read arbitrary files via directory traversal in the baseuri field, as demonstrated by POST /typo3/record/edit with ../../../ in data[sys_file_storage]*[data][sDEF][lDEF][basePath][vDEF].
Max CVSS
4.9
EPSS Score
0.05%
Published
2023-12-25
Updated
2024-01-03

CVE-2023-26469

Public exploit
In Jorani 1.0.0, an attacker could leverage path traversal to access files and execute code on the server.
Max CVSS
9.8
EPSS Score
94.37%
Published
2023-08-17
Updated
2023-08-23

CVE-2023-2825

Public exploit
An issue has been discovered in GitLab CE/EE affecting only version 16.0.0. An unauthenticated malicious user can use a path traversal vulnerability to read arbitrary files on the server when an attachment exists in a public project nested within at least five groups.
Max CVSS
10.0
EPSS Score
9.13%
Published
2023-05-26
Updated
2023-05-29

CVE-2022-41352

Known exploited
Public exploit
An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitrary files through amavis via a cpio loophole (extraction to /opt/zimbra/jetty/webapps/zimbra/public) that can lead to incorrect access to any other user accounts. Zimbra recommends pax over cpio. Also, pax is in the prerequisites of Zimbra on Ubuntu; however, pax is no longer part of a default Red Hat installation after RHEL 6 (or CentOS 6). Once pax is installed, amavis automatically prefers it over cpio.
Max CVSS
9.8
EPSS Score
95.69%
Published
2022-09-26
Updated
2024-02-01
CISA KEV Added
2022-10-20

CVE-2022-37042

Known exploited
Public exploit
Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. By bypassing authentication (i.e., not having an authtoken), an attacker can upload arbitrary files to the system, leading to directory traversal and remote code execution. NOTE: this issue exists because of an incomplete fix for CVE-2022-27925.
Max CVSS
9.8
EPSS Score
97.54%
Published
2022-08-12
Updated
2022-10-28
CISA KEV Added
2022-08-11

CVE-2022-35919

Public exploit
MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. In affected versions all 'admin' users authorized for `admin:ServerUpdate` can selectively trigger an error that in response, returns the content of the path requested. Any normal OS system would allow access to contents at any arbitrary paths that are readable by MinIO process. Users are advised to upgrade. Users unable to upgrade may disable ServerUpdate API by denying the `admin:ServerUpdate` action for your admin users via IAM policies.
Max CVSS
7.4
EPSS Score
0.25%
Published
2022-08-01
Updated
2023-10-10

CVE-2022-31706

Public exploit
The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.
Max CVSS
9.8
EPSS Score
0.73%
Published
2023-01-26
Updated
2023-09-11

CVE-2022-30333

Known exploited
Public exploit
RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. NOTE: WinRAR and Android RAR are unaffected.
Max CVSS
7.5
EPSS Score
88.00%
Published
2022-05-09
Updated
2023-09-17
CISA KEV Added
2022-08-09

CVE-2022-29806

Public exploit
ZoneMinder before 1.36.13 allows remote code execution via an invalid language. Ability to create a debug log file at an arbitrary pathname contributes to exploitability.
Max CVSS
9.8
EPSS Score
38.40%
Published
2022-04-26
Updated
2022-05-06

CVE-2022-29464

Known exploited
Public exploit
Used for ransomware
Certain WSO2 products allow unrestricted file upload with resultant remote code execution. The attacker must use a /fileupload endpoint with a Content-Disposition directory traversal sequence to reach a directory under the web root, such as a ../../../../repository/deployment/server/webapps directory. This affects WSO2 API Manager 2.2.0 up to 4.0.0, WSO2 Identity Server 5.2.0 up to 5.11.0, WSO2 Identity Server Analytics 5.4.0, 5.4.1, 5.5.0 and 5.6.0, WSO2 Identity Server as Key Manager 5.3.0 up to 5.11.0, WSO2 Enterprise Integrator 6.2.0 up to 6.6.0, WSO2 Open Banking AM 1.4.0 up to 2.0.0 and WSO2 Open Banking KM 1.4.0, up to 2.0.0.
Max CVSS
10.0
EPSS Score
97.15%
Published
2022-04-18
Updated
2023-10-23
CISA KEV Added
2022-04-25

CVE-2022-27925

Known exploited
Public exploit
Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. An authenticated user with administrator rights has the ability to upload arbitrary files to the system, leading to directory traversal.
Max CVSS
7.2
EPSS Score
96.50%
Published
2022-04-21
Updated
2022-10-28
CISA KEV Added
2022-08-11

CVE-2022-26352

Known exploited
Public exploit
Used for ransomware
An issue was discovered in the ContentResource API in dotCMS 3.0 through 22.02. Attackers can craft a multipart form request to post a file whose filename is not initially sanitized. This allows directory traversal, in which the file is saved outside of the intended storage location. If anonymous content creation is enabled, this allows an unauthenticated attacker to upload an executable file, such as a .jsp file, that can lead to remote code execution.
Max CVSS
9.8
EPSS Score
97.53%
Published
2022-07-17
Updated
2022-07-25
CISA KEV Added
2022-08-25

CVE-2022-24716

Public exploit
Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Unauthenticated users can leak the contents of files of the local system accessible to the web-server user, including `icingaweb2` configuration files with database credentials. This issue has been resolved in versions 2.9.6 and 2.10 of Icinga Web 2. Database credentials should be rotated.
Max CVSS
7.5
EPSS Score
25.38%
Published
2022-03-08
Updated
2023-04-10

CVE-2021-43798

Public exploit
Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is: `<grafana_host_url>/public/plugins//`, where is the plugin ID for any installed plugin. At no time has Grafana Cloud been vulnerable. Users are advised to upgrade to patched versions 8.0.7, 8.1.8, 8.2.7, or 8.3.1. The GitHub Security Advisory contains more information about vulnerable URL paths, mitigation, and the disclosure timeline.
Max CVSS
7.5
EPSS Score
97.47%
Published
2021-12-07
Updated
2022-04-12

CVE-2021-42013

Known exploited
Public exploit
Used for ransomware
It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue only affects Apache 2.4.49 and Apache 2.4.50 and not earlier versions.
Max CVSS
9.8
EPSS Score
97.39%
Published
2021-10-07
Updated
2023-08-31
CISA KEV Added
2021-11-03

CVE-2021-41773

Known exploited
Public exploit
Used for ransomware
A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete, see CVE-2021-42013.
Max CVSS
7.5
EPSS Score
97.46%
Published
2021-10-05
Updated
2022-10-28
CISA KEV Added
2021-11-03

CVE-2021-40444

Known exploited
Public exploit
Used for ransomware
<p>Microsoft is investigating reports of a remote code execution vulnerability in MSHTML that affects Microsoft Windows. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents.</p> <p>An attacker could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine. The attacker would then have to convince the user to open the malicious document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p> <p>Microsoft Defender Antivirus and Microsoft Defender for Endpoint both provide detection and protections for the known vulnerability. Customers should keep antimalware products up to date. Customers who utilize automatic updates do not need to take additional action. Enterprise customers who manage updates should select the detection build 1.349.22.0 or newer and deploy it across their environments. Microsoft Defender for Endpoint alerts will be displayed as: “Suspicious Cpl File Execution”.</p> <p>Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.</p> <p>Please see the <strong>Mitigations</strong> and <strong>Workaround</strong> sections for important information about steps you can take to protect your system from this vulnerability.</p> <p><strong>UPDATE</strong> September 14, 2021: Microsoft has released security updates to address this vulnerability. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. Please see the FAQ for important information about which updates are applicable to your system.</p>
Max CVSS
8.8
EPSS Score
96.94%
Published
2021-09-15
Updated
2023-12-28
CISA KEV Added
2021-11-03

CVE-2021-37343

Public exploit
A path traversal vulnerability exists in Nagios XI below version 5.8.5 AutoDiscovery component and could lead to post authenticated RCE under security context of the user running Nagios.
Max CVSS
8.8
EPSS Score
48.46%
Published
2021-08-13
Updated
2022-02-22

CVE-2021-32682

Public exploit
elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Several vulnerabilities affect elFinder 2.1.58. These vulnerabilities can allow an attacker to execute arbitrary code and commands on the server hosting the elFinder PHP connector, even with minimal configuration. The issues were patched in version 2.1.59. As a workaround, ensure the connector is not exposed without authentication.
Max CVSS
9.8
EPSS Score
97.31%
Published
2021-06-14
Updated
2022-11-09

CVE-2021-31207

Known exploited
Public exploit
Used for ransomware
Microsoft Exchange Server Security Feature Bypass Vulnerability
Max CVSS
7.2
EPSS Score
97.13%
Published
2021-05-11
Updated
2023-08-02
CISA KEV Added
2021-11-03
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!