| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2020-35883 |
22 |
|
Dir. Trav. |
2020-12-31 |
2021-01-07 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
An issue was discovered in the mozwire crate through 2020-08-18 for Rust. A ../ directory-traversal situation allows overwriting local files that have .conf at the end of the filename. |
|
2 |
CVE-2020-35736 |
22 |
|
Dir. Trav. |
2020-12-27 |
2020-12-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
GateOne 1.1 allows arbitrary file download without authentication via /downloads/.. directory traversal because os.path.join is misused. |
|
3 |
CVE-2020-35709 |
22 |
|
Dir. Trav. |
2020-12-25 |
2021-06-09 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
bloofoxCMS 0.5.2.1 allows admins to upload arbitrary .php files (with "Content-Type: application/octet-stream") to ../media/images/ via the admin/index.php?mode=tools&page=upload URI, aka directory traversal. |
|
4 |
CVE-2020-35612 |
22 |
|
Dir. Trav. |
2020-12-28 |
2020-12-30 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in Joomla! 2.5.0 through 3.9.22. The folder parameter of mod_random_image lacked input validation, leading to a path traversal vulnerability. |
|
5 |
CVE-2020-35598 |
22 |
|
Dir. Trav. |
2020-12-23 |
2021-02-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
ACS Advanced Comment System 1.0 is affected by Directory Traversal via an advanced_component_system/index.php?ACS_path=..%2f URI. NOTE: this might be the same as CVE-2009-4623 |
|
6 |
CVE-2020-35460 |
22 |
|
Dir. Trav. |
2020-12-14 |
2021-01-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
common/InputStreamHelper.java in Packwood MPXJ before 8.3.5 allows directory traversal in the zip stream handler flow, leading to the writing of files to arbitrary locations. |
|
7 |
CVE-2020-35362 |
22 |
|
Dir. Trav. |
2020-12-26 |
2020-12-30 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
DEXT5Upload 2.7.1262310 and earlier is affected by Directory Traversal in handler/dext5handler.jsp. This could allow remote files to be downloaded via a dext5CMD=downloadRequest action with traversal in the fileVirtualPath parameter (the attacker must provide the correct fileOrgName value). |
|
8 |
CVE-2020-35284 |
22 |
|
Dir. Trav. |
2020-12-26 |
2020-12-30 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Flamingo (aka FlamingoIM) through 2020-09-29 allows ../ directory traversal because the only ostensibly unpredictable part of a file-transfer request is an MD5 computation; however, this computation occurs on the client side, and the computation details can be easily determined because the product's source code is available. |
|
9 |
CVE-2020-35176 |
22 |
|
Dir. Trav. |
2020-12-12 |
2021-01-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname (omitting the initial /etc), even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501 and CVE-2020-29600. |
|
10 |
CVE-2020-29600 |
22 |
|
Dir. Trav. |
2020-12-07 |
2021-03-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
In AWStats through 7.7, cgi-bin/awstats.pl?config= accepts an absolute pathname, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501. |
|
11 |
CVE-2020-29529 |
22 |
|
Dir. Trav. Bypass |
2020-12-03 |
2021-03-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
HashiCorp go-slug up to 0.4.3 did not fully protect against directory traversal while unpacking tar archives, and protections could be bypassed with specific constructions of multiple symlinks. Fixed in 0.5.0. |
|
12 |
CVE-2020-29373 |
22 |
|
Dir. Trav. |
2020-11-28 |
2020-12-02 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in fs/io_uring.c in the Linux kernel before 5.6. It unsafely handles the root directory during path lookups, and thus a process inside a mount namespace can escape to unintended filesystem locations, aka CID-ff002b30181d. |
|
13 |
CVE-2020-28993 |
22 |
|
Dir. Trav. |
2020-12-01 |
2020-12-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A Directory Traversal vulnerability exists in ATX miniCMTS200a Broadband Gateway through 2.0 and Pico CMTS through 2.0. Successful exploitation of this vulnerability would allow an unauthenticated attacker to retrieve administrator credentials by sending a malicious POST request. |
|
14 |
CVE-2020-28574 |
22 |
|
Dir. Trav. |
2020-11-18 |
2020-12-02 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
A unauthenticated path traversal arbitrary remote file deletion vulnerability in Trend Micro Worry-Free Business Security 10 SP1 could allow an unauthenticated attacker to exploit the vulnerability and modify or delete arbitrary files on the product's management console. |
|
15 |
CVE-2020-28348 |
22 |
|
Dir. Trav. |
2020-11-24 |
2020-12-04 |
6.3 |
None |
Remote |
Medium |
??? |
Complete |
None |
None |
|
HashiCorp Nomad and Nomad Enterprise 0.9.0 up to 0.12.7 client Docker file sandbox feature may be subverted when not explicitly disabled or when using a volume mount type. Fixed in 0.12.8, 0.11.7, and 0.10.8. |
|
16 |
CVE-2020-28187 |
22 |
|
Dir. Trav. |
2020-12-24 |
2020-12-28 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple directory traversal vulnerabilities in TerraMaster TOS <= 4.2.06 allow remote authenticated attackers to read, edit or delete any file within the filesystem via the (1) filename parameter to /tos/index.php?editor/fileGet, Event parameter to /include/ajax/logtable.php, or opt parameter to /include/core/index.php. |
|
17 |
CVE-2020-27993 |
22 |
|
Dir. Trav. |
2020-10-29 |
2020-11-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Hrsale 2.0.0 allows download?type=files&filename=../ directory traversal to read arbitrary files. |
|
18 |
CVE-2020-27896 |
22 |
|
Dir. Trav. |
2020-12-08 |
2020-12-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A path handling issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.0.1. A remote attacker may be able to modify the file system. |
|
19 |
CVE-2020-27730 |
22 |
|
Dir. Trav. |
2020-12-11 |
2021-01-15 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
In versions 3.0.0-3.9.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller Agent does not use absolute paths when calling system utilities. |
|
20 |
CVE-2020-27553 |
22 |
|
Dir. Trav. |
2020-11-17 |
2020-12-01 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In BASETech GE-131 BT-1837836 firmware 20180921, the web-server on the system is configured with the option “DocumentRoot /etc“. This allows an attacker with network access to the web-server to download any files from the “/etc” folder without authentication. No path traversal sequences are needed to exploit this vulnerability. |
|
21 |
CVE-2020-27534 |
22 |
|
Dir. Trav. |
2020-12-30 |
2021-01-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
util/binfmt_misc/check.go in Builder in Docker Engine before 19.03.9 calls os.OpenFile with a potentially unsafe qemu-check temporary pathname, constructed with an empty first argument in an ioutil.TempDir call. |
|
22 |
CVE-2020-27385 |
|
|
Dir. Trav. |
2020-11-12 |
2020-11-30 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
None |
|
Incorrect Access Control in the FileEditor (/Admin/Views/FileEditor/) in FlexDotnetCMS before v1.5.11 allows an authenticated remote attacker to read and write to existing files outside the web root. The files can be accessed via directory traversal, i.e., by entering a .. (dot dot) path such as ..\..\..\..\..\<file> in the input field of the FileEditor. In FlexDotnetCMS before v1.5.8, it is also possible to access files by specifying the full path (e.g., C:\<file>). The files can then be edited via the FileEditor. |
|
23 |
CVE-2020-27130 |
|
|
Dir. Trav. |
2020-11-17 |
2020-11-30 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of directory traversal character sequences within requests to an affected device. An attacker could exploit this vulnerability by sending a crafted request to the affected device. A successful exploit could allow the attacker to download arbitrary files from the affected device. |
|
24 |
CVE-2020-27128 |
22 |
|
Dir. Trav. |
2020-11-06 |
2020-11-20 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
A vulnerability in the application data endpoints of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to write arbitrary files to an affected system. The vulnerability is due to improper validation of requests to APIs. An attacker could exploit this vulnerability by sending malicious requests to an API within the affected application. A successful exploit could allow the attacker to conduct directory traversal attacks and write files to an arbitrary location on the targeted system. |
|
25 |
CVE-2020-26837 |
22 |
|
Dir. Trav. |
2020-12-09 |
2020-12-10 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
SAP Solution Manager 7.2 (User Experience Monitoring), version - 7.2, allows an authenticated user to upload a malicious script that can exploit an existing path traversal vulnerability to compromise confidentiality exposing elements of the file system, partially compromise integrity allowing the modification of some configurations and partially compromise availability by making certain services unavailable. |
|
26 |
CVE-2020-26603 |
22 |
|
Dir. Trav. |
2020-10-06 |
2020-10-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Sticker Center allows directory traversal for an unprivileged process to read arbitrary files. The Samsung ID is SVE-2020-18433 (October 2020). |
|
27 |
CVE-2020-26405 |
22 |
|
Dir. Trav. |
2020-11-17 |
2020-12-01 |
5.5 |
None |
Remote |
Low |
??? |
None |
Partial |
Partial |
|
Path traversal vulnerability in package upload functionality in GitLab CE/EE starting from 12.8 allows an attacker to save packages in arbitrary locations. Affected versions are >=12.8, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. |
|
28 |
CVE-2020-26078 |
22 |
|
Dir. Trav. |
2020-11-18 |
2020-11-25 |
5.5 |
None |
Remote |
Low |
??? |
None |
Partial |
Partial |
|
A vulnerability in the file system of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to overwrite files on an affected system. The vulnerability is due to insufficient file system protections. An attacker could exploit this vulnerability by crafting API requests and sending them to an affected system. A successful exploit could allow the attacker to overwrite files on an affected system. |
|
29 |
CVE-2020-25985 |
22 |
|
Dir. Trav. |
2020-10-07 |
2020-10-07 |
5.5 |
None |
Remote |
Low |
??? |
None |
Partial |
Partial |
|
MonoCMS Blog 1.0 is affected by: Arbitrary File Deletion. Any authenticated user can delete files on and off the webserver (php files can be unlinked and not deleted). |
|
30 |
CVE-2020-25780 |
22 |
|
Dir. Trav. |
2020-10-29 |
2020-11-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In CommCell in Commvault before 14.68, 15.x before 15.58, 16.x before 16.44, 17.x before 17.29, and 18.x before 18.13, Directory Traversal can occur such that an attempt to view a log file can instead view a file outside of the log-files folder. |
|
31 |
CVE-2020-25734 |
22 |
|
Dir. Trav. |
2020-09-18 |
2020-09-24 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
webTareas through 2.1 allows files/Default/ Directory Listing. |
|
32 |
CVE-2020-25623 |
22 |
|
Dir. Trav. |
2020-10-02 |
2020-10-09 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Erlang/OTP 22.3.x before 22.3.4.6 and 23.x before 23.1 allows Directory Traversal. An attacker can send a crafted HTTP request to read arbitrary files, if httpd in the inets application is used. |
|
33 |
CVE-2020-25617 |
22 |
|
Exec Code Dir. Trav. |
2020-12-16 |
2020-12-18 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
An issue was discovered in SolarWinds N-Central 12.3.0.670. The AdvancedScripts HTTP endpoint allows Relative Path Traversal by an authenticated user of the N-Central Administration Console (NAC), leading to execution of OS commands as root. |
|
34 |
CVE-2020-25540 |
22 |
|
Dir. Trav. |
2020-09-14 |
2020-09-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
ThinkAdmin v6 is affected by a directory traversal vulnerability. An unauthorized attacker can read arbitrarily file on a remote server via GET request encode parameter. |
|
35 |
CVE-2020-25248 |
22 |
|
Dir. Trav. |
2020-09-11 |
2020-11-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in Hyland OnBase through 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. Directory traversal exists for reading files, as demonstrated by the FileName parameter. |
|
36 |
CVE-2020-25247 |
22 |
|
Dir. Trav. |
2020-09-11 |
2020-10-06 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. Directory traversal exists for writing to files, as demonstrated by the FileName parameter. |
|
37 |
CVE-2020-25149 |
22 |
|
Exec Code Dir. Trav. File Inclusion |
2020-09-25 |
2020-09-30 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /device/device=345/?tab=health&metric=../ because of device/health.inc.php. |
|
38 |
CVE-2020-25145 |
22 |
|
Exec Code Dir. Trav. File Inclusion |
2020-09-25 |
2020-09-30 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /device/device=345/?tab=ports&view=../ URIs because of device/port.inc.php. |
|
39 |
CVE-2020-25144 |
22 |
|
Exec Code Dir. Trav. File Inclusion |
2020-09-25 |
2020-09-30 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /apps/?app=../ URIs. |
|
40 |
CVE-2020-25136 |
22 |
|
Exec Code Dir. Trav. File Inclusion |
2020-09-25 |
2020-09-30 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /device/device=345/?tab=routing&proto=../ URIs to device/routing.inc.php. |
|
41 |
CVE-2020-25134 |
22 |
|
Exec Code Dir. Trav. File Inclusion |
2020-09-25 |
2020-09-30 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /settings/?format=../ URIs to pages/settings.inc.php. |
|
42 |
CVE-2020-25133 |
22 |
|
Exec Code Dir. Trav. File Inclusion |
2020-09-25 |
2020-09-30 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /ports/?format=../ URIs to pages/ports.inc.php. |
|
43 |
CVE-2020-25074 |
22 |
|
Exec Code Dir. Trav. |
2020-11-10 |
2020-11-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The cache action in action/cache.py in MoinMoin through 1.9.10 allows directory traversal through a crafted HTTP request. An attacker who can upload attachments to the wiki can use this to achieve remote code execution. |
|
44 |
CVE-2020-25068 |
22 |
|
Dir. Trav. File Inclusion |
2020-09-03 |
2020-11-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Setelsa Conacwin v3.7.1.2 is vulnerable to a local file inclusion vulnerability. This vulnerability allows a remote unauthenticated attacker to read internal files on the server via an http:IP:PORT/../../path/file_to_disclose Directory Traversal URI. NOTE: The manufacturer indicated that the affected version does not exist. Furthermore, they indicated that they detected this problem in an internal audit more than 3 years ago and fixed it in 2017. |
|
45 |
CVE-2020-25032 |
1188 |
|
Dir. Trav. |
2020-08-31 |
2020-10-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in Flask-CORS (aka CORS Middleware for Flask) before 3.0.9. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format. |
|
46 |
CVE-2020-24990 |
22 |
|
Dir. Trav. |
2020-10-28 |
2020-11-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in QSC Q-SYS Core Manager 8.2.1. By utilizing the TFTP service running on UDP port 69, a remote attacker can perform a directory traversal and obtain operating system files via a TFTP GET request, as demonstrated by reading /etc/passwd or /proc/version. |
|
47 |
CVE-2020-24626 |
22 |
|
Exec Code Dir. Trav. |
2020-09-23 |
2020-09-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Unathenticated directory traversal in the ReceiverServlet class doPost() method can lead to arbitrary remote code execution in HPE Pay Per Use (PPU) Utility Computing Service (UCS) Meter version 1.9. |
|
48 |
CVE-2020-24625 |
22 |
|
Dir. Trav. |
2020-09-23 |
2020-09-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Unathenticated directory traversal in the ReceiverServlet class doGet() method can lead to arbitrary file reads in HPE Pay Per Use (PPU) Utility Computing Service (UCS) Meter version 1.9. |
|
49 |
CVE-2020-24624 |
22 |
|
Dir. Trav. |
2020-09-23 |
2020-09-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Unathenticated directory traversal in the DownloadServlet class execute() method can lead to arbitrary file reads in HPE Pay Per Use (PPU) Utility Computing Service (UCS) Meter version 1.9. |
|
50 |
CVE-2020-24621 |
22 |
|
Exec Code Dir. Trav. |
2020-09-25 |
2020-10-05 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
A remote code execution (RCE) vulnerability was discovered in the htmlformentry (aka HTML Form Entry) module before 3.11.0 for OpenMRS. By leveraging path traversal, a malicious Velocity Template Language file could be written to a directory. This file could then be accessed and executed. |
