Security Vulnerabilities, CVEs, (Directory traversal)
CVE-2024-1708
Public exploit
ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traversal vulnerability, which may allow an attacker
the ability to execute remote code or directly impact confidential data or critical systems.
Max CVSS
8.4
EPSS Score
0.05%
Published
2024-02-21
Updated
2024-02-22
CVE-2023-49294
Public exploit
Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, it is possible to read any arbitrary file even when the `live_dangerously` is not enabled. This allows arbitrary files to be read. Asterisk versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, contain a fix for this issue.
Max CVSS
7.5
EPSS Score
0.10%
Published
2023-12-14
Updated
2023-12-29
CVE-2023-46455
Public exploit
In GL.iNET GL-AR300M routers with firmware v4.3.7 it is possible to write arbitrary files through a path traversal attack in the OpenVPN client file upload functionality.
Max CVSS
7.5
EPSS Score
0.05%
Published
2023-12-12
Updated
2023-12-14
CVE-2023-37607
Public exploit
Directory Traversal in Automatic-Systems SOC FL9600 FastLine lego_T04E00 allows a remote attacker to obtain sensitive information.
Max CVSS
7.5
EPSS Score
0.16%
Published
2024-01-03
Updated
2024-01-09
CVE-2023-32315
Known exploited
Public exploit
Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup Environment in an already configured Openfire environment to access restricted pages in the Openfire Admin Console reserved for administrative users. This vulnerability affects all versions of Openfire that have been released since April 2015, starting with version 3.10.0. The problem has been patched in Openfire release 4.7.5 and 4.6.8, and further improvements will be included in the yet-to-be released first version on the 4.8 branch (which is expected to be version 4.8.0). Users are advised to upgrade. If an Openfire upgrade isn’t available for a specific release, or isn’t quickly actionable, users may see the linked github advisory (GHSA-gw42-f939-fhvm) for mitigation advice.
Max CVSS
8.6
EPSS Score
97.38%
Published
2023-05-26
Updated
2023-07-21
CISA KEV Added
2023-08-24
CVE-2023-30451
Public exploit
In TYPO3 11.5.24, the filelist component allows attackers (who have access to the administrator panel) to read arbitrary files via directory traversal in the baseuri field, as demonstrated by POST /typo3/record/edit with ../../../ in data[sys_file_storage]*[data][sDEF][lDEF][basePath][vDEF].
Max CVSS
4.9
EPSS Score
0.05%
Published
2023-12-25
Updated
2024-01-03
CVE-2023-26469
Public exploit
In Jorani 1.0.0, an attacker could leverage path traversal to access files and execute code on the server.
Max CVSS
9.8
EPSS Score
94.37%
Published
2023-08-17
Updated
2023-08-23
CVE-2023-2825
Public exploit
An issue has been discovered in GitLab CE/EE affecting only version 16.0.0. An unauthenticated malicious user can use a path traversal vulnerability to read arbitrary files on the server when an attachment exists in a public project nested within at least five groups.
Max CVSS
10.0
EPSS Score
9.13%
Published
2023-05-26
Updated
2023-05-29
CVE-2022-41352
Known exploited
Public exploit
An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitrary files through amavis via a cpio loophole (extraction to /opt/zimbra/jetty/webapps/zimbra/public) that can lead to incorrect access to any other user accounts. Zimbra recommends pax over cpio. Also, pax is in the prerequisites of Zimbra on Ubuntu; however, pax is no longer part of a default Red Hat installation after RHEL 6 (or CentOS 6). Once pax is installed, amavis automatically prefers it over cpio.
Max CVSS
9.8
EPSS Score
95.69%
Published
2022-09-26
Updated
2024-02-01
CISA KEV Added
2022-10-20
CVE-2022-37042
Known exploited
Public exploit
Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. By bypassing authentication (i.e., not having an authtoken), an attacker can upload arbitrary files to the system, leading to directory traversal and remote code execution. NOTE: this issue exists because of an incomplete fix for CVE-2022-27925.
Max CVSS
9.8
EPSS Score
97.54%
Published
2022-08-12
Updated
2022-10-28
CISA KEV Added
2022-08-11
CVE-2022-35919
Public exploit
MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. In affected versions all 'admin' users authorized for `admin:ServerUpdate` can selectively trigger an error that in response, returns the content of the path requested. Any normal OS system would allow access to contents at any arbitrary paths that are readable by MinIO process. Users are advised to upgrade. Users unable to upgrade may disable ServerUpdate API by denying the `admin:ServerUpdate` action for your admin users via IAM policies.
Max CVSS
7.4
EPSS Score
0.25%
Published
2022-08-01
Updated
2023-10-10
CVE-2022-31706
Public exploit
The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.
Max CVSS
9.8
EPSS Score
0.73%
Published
2023-01-26
Updated
2023-09-11
CVE-2022-30333
Known exploited
Public exploit
RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. NOTE: WinRAR and Android RAR are unaffected.
Max CVSS
7.5
EPSS Score
88.00%
Published
2022-05-09
Updated
2023-09-17
CISA KEV Added
2022-08-09
CVE-2022-29806
Public exploit
ZoneMinder before 1.36.13 allows remote code execution via an invalid language. Ability to create a debug log file at an arbitrary pathname contributes to exploitability.
Max CVSS
9.8
EPSS Score
38.40%
Published
2022-04-26
Updated
2022-05-06
CVE-2022-29464
Known exploited
Public exploit
Used for ransomware
Certain WSO2 products allow unrestricted file upload with resultant remote code execution. The attacker must use a /fileupload endpoint with a Content-Disposition directory traversal sequence to reach a directory under the web root, such as a ../../../../repository/deployment/server/webapps directory. This affects WSO2 API Manager 2.2.0 up to 4.0.0, WSO2 Identity Server 5.2.0 up to 5.11.0, WSO2 Identity Server Analytics 5.4.0, 5.4.1, 5.5.0 and 5.6.0, WSO2 Identity Server as Key Manager 5.3.0 up to 5.11.0, WSO2 Enterprise Integrator 6.2.0 up to 6.6.0, WSO2 Open Banking AM 1.4.0 up to 2.0.0 and WSO2 Open Banking KM 1.4.0, up to 2.0.0.
Max CVSS
10.0
EPSS Score
97.15%
Published
2022-04-18
Updated
2023-10-23
CISA KEV Added
2022-04-25
CVE-2022-27925
Known exploited
Public exploit
Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. An authenticated user with administrator rights has the ability to upload arbitrary files to the system, leading to directory traversal.
Max CVSS
7.2
EPSS Score
96.50%
Published
2022-04-21
Updated
2022-10-28
CISA KEV Added
2022-08-11
CVE-2022-26352
Known exploited
Public exploit
Used for ransomware
An issue was discovered in the ContentResource API in dotCMS 3.0 through 22.02. Attackers can craft a multipart form request to post a file whose filename is not initially sanitized. This allows directory traversal, in which the file is saved outside of the intended storage location. If anonymous content creation is enabled, this allows an unauthenticated attacker to upload an executable file, such as a .jsp file, that can lead to remote code execution.
Max CVSS
9.8
EPSS Score
97.53%
Published
2022-07-17
Updated
2022-07-25
CISA KEV Added
2022-08-25
CVE-2022-24716
Public exploit
Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Unauthenticated users can leak the contents of files of the local system accessible to the web-server user, including `icingaweb2` configuration files with database credentials. This issue has been resolved in versions 2.9.6 and 2.10 of Icinga Web 2. Database credentials should be rotated.
Max CVSS
7.5
EPSS Score
25.38%
Published
2022-03-08
Updated
2023-04-10
CVE-2021-43798
Public exploit
Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is: `<grafana_host_url>/public/plugins//`, where is the plugin ID for any installed plugin. At no time has Grafana Cloud been vulnerable. Users are advised to upgrade to patched versions 8.0.7, 8.1.8, 8.2.7, or 8.3.1. The GitHub Security Advisory contains more information about vulnerable URL paths, mitigation, and the disclosure timeline.
Max CVSS
7.5
EPSS Score
97.47%
Published
2021-12-07
Updated
2022-04-12
CVE-2021-42013
Known exploited
Public exploit
Used for ransomware
It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue only affects Apache 2.4.49 and Apache 2.4.50 and not earlier versions.
Max CVSS
9.8
EPSS Score
97.39%
Published
2021-10-07
Updated
2023-08-31
CISA KEV Added
2021-11-03
CVE-2021-41773
Known exploited
Public exploit
Used for ransomware
A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete, see CVE-2021-42013.
Max CVSS
7.5
EPSS Score
97.46%
Published
2021-10-05
Updated
2022-10-28
CISA KEV Added
2021-11-03
CVE-2021-40444
Known exploited
Public exploit
Used for ransomware
<p>Microsoft is investigating reports of a remote code execution vulnerability in MSHTML that affects Microsoft Windows. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents.</p>
<p>An attacker could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine. The attacker would then have to convince the user to open the malicious document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p>
<p>Microsoft Defender Antivirus and Microsoft Defender for Endpoint both provide detection and protections for the known vulnerability. Customers should keep antimalware products up to date. Customers who utilize automatic updates do not need to take additional action. Enterprise customers who manage updates should select the detection build 1.349.22.0 or newer and deploy it across their environments. Microsoft Defender for Endpoint alerts will be displayed as: “Suspicious Cpl File Execution”.</p>
<p>Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.</p>
<p>Please see the <strong>Mitigations</strong> and <strong>Workaround</strong> sections for important information about steps you can take to protect your system from this vulnerability.</p>
<p><strong>UPDATE</strong> September 14, 2021: Microsoft has released security updates to address this vulnerability. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. Please see the FAQ for important information about which updates are applicable to your system.</p>
Max CVSS
8.8
EPSS Score
96.94%
Published
2021-09-15
Updated
2023-12-28
CISA KEV Added
2021-11-03
CVE-2021-37343
Public exploit
A path traversal vulnerability exists in Nagios XI below version 5.8.5 AutoDiscovery component and could lead to post authenticated RCE under security context of the user running Nagios.
Max CVSS
8.8
EPSS Score
48.46%
Published
2021-08-13
Updated
2022-02-22
CVE-2021-32682
Public exploit
elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Several vulnerabilities affect elFinder 2.1.58. These vulnerabilities can allow an attacker to execute arbitrary code and commands on the server hosting the elFinder PHP connector, even with minimal configuration. The issues were patched in version 2.1.59. As a workaround, ensure the connector is not exposed without authentication.
Max CVSS
9.8
EPSS Score
97.31%
Published
2021-06-14
Updated
2022-11-09
CVE-2021-31207
Known exploited
Public exploit
Used for ransomware
Microsoft Exchange Server Security Feature Bypass Vulnerability
Max CVSS
7.2
EPSS Score
97.13%
Published
2021-05-11
Updated
2023-08-02
CISA KEV Added
2021-11-03
7180 vulnerabilities found
1
2
3
4
5
6 ......
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288