Total
7217 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-39034 | 1 Lcnet | 1 Smart Evision | 2024-11-21 | N/A | 6.5 MEDIUM |
| Smart eVision has a path traversal vulnerability in the Report API function due to insufficient filtering for special characters in URLs. A remote attacker with general user privilege can exploit this vulnerability to bypass authentication, access restricted paths and download system files. | |||||
| CVE-2022-39033 | 1 Lcnet | 1 Smart Evision | 2024-11-21 | N/A | 9.8 CRITICAL |
| Smart eVision’s file acquisition function has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication, access restricted paths to download and delete arbitrary system files to disrupt service. | |||||
| CVE-2022-39023 | 1 Edetw | 1 U-office Force | 2024-11-21 | N/A | 6.5 MEDIUM |
| U-Office Force Download function has a path traversal vulnerability. A remote attacker with general user privilege can exploit this vulnerability to download arbitrary system file. | |||||
| CVE-2022-39022 | 1 Edetw | 1 U-office Force | 2024-11-21 | N/A | 6.5 MEDIUM |
| U-Office Force Download function has a path traversal vulnerability. A remote attacker with general user privilege can exploit this vulnerability to download arbitrary system file. | |||||
| CVE-2022-38794 | 1 Zaver Project | 1 Zaver | 2024-11-21 | N/A | 7.5 HIGH |
| Zaver through 2020-12-15 allows directory traversal via the GET /.. substring. | |||||
| CVE-2022-38638 | 1 Casbin | 1 Casdoor | 2024-11-21 | N/A | 9.1 CRITICAL |
| Casdoor v1.97.3 was discovered to contain an arbitrary file write vulnerability via the fullFilePath parameter at /api/upload-resource. | |||||
| CVE-2022-38614 | 1 Bpcbt | 1 Smartvista Cardgen | 2024-11-21 | N/A | 7.5 HIGH |
| An issue in the IGB Files and OutfileService features of SmartVista Cardgen v3.28.0 allows attackers to list and download arbitrary files via modifying the PATH parameter. | |||||
| CVE-2022-38613 | 1 Bpcbt | 1 Smartvista Cardgen | 2024-11-21 | N/A | 6.5 MEDIUM |
| A Path Traversal vulnerability in SmartVista Cardgen v3.28.0 allows authenticated attackers to read arbitrary files in the system. | |||||
| CVE-2022-38485 | 1 Agevolt | 1 Agevolt | 2024-11-21 | N/A | 6.5 MEDIUM |
| A directory traversal vulnerability exists in the AgeVolt Portal prior to version 0.1 that leads to Information Disclosure. A remote authenticated attacker could leverage this vulnerability to read files from any location on the target operating system with web server privileges. | |||||
| CVE-2022-38484 | 1 Agevolt | 1 Agevolt | 2024-11-21 | N/A | 8.8 HIGH |
| An arbitrary file upload and directory traversal vulnerability exist in the file upload functionality of the System Setup menu in AgeVolt Portal prior to version 0.1. A remote authenticated attacker could leverage this vulnerability to upload files to any location on the target operating system with web server privileges. | |||||
| CVE-2022-38451 | 2 Freshtomato, Siretta | 3 Freshtomato, Quartz-gold, Quartz-gold Firmware | 2024-11-21 | N/A | 7.5 HIGH |
| A directory traversal vulnerability exists in the httpd update.cgi functionality of FreshTomato 2022.5. A specially crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2022-38424 | 1 Adobe | 1 Coldfusion | 2024-11-21 | N/A | 7.2 HIGH |
| Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in arbitrary file system write. Exploitation of this issue does not require user interaction, but does require administrator privileges. | |||||
| CVE-2022-38423 | 1 Adobe | 1 Coldfusion | 2024-11-21 | N/A | 4.9 MEDIUM |
| Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in information disclosure. Exploitation of this issue does not require user interaction, but does require administrator privileges. | |||||
| CVE-2022-38422 | 1 Adobe | 1 Coldfusion | 2024-11-21 | N/A | 7.5 HIGH |
| Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in information disclosure. Exploitation of this issue does not require user interaction. | |||||
| CVE-2022-38421 | 1 Adobe | 1 Coldfusion | 2024-11-21 | N/A | 7.2 HIGH |
| Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, but does require administrator privileges. | |||||
| CVE-2022-38418 | 1 Adobe | 1 Coldfusion | 2024-11-21 | N/A | 9.8 CRITICAL |
| Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. | |||||
| CVE-2022-38301 | 1 Onedev Project | 1 Onedev | 2024-11-21 | N/A | 8.8 HIGH |
| Onedev v7.4.14 contains a path traversal vulnerability which allows attackers to access restricted files and directories via uploading a crafted JAR file into the directory /opt/onedev/lib. | |||||
| CVE-2022-38258 | 1 Dlink | 2 Dir-819, Dir-819 Firmware | 2024-11-21 | N/A | 8.1 HIGH |
| A local file inclusion (LFI) vulnerability in D-Link DIR 819 v1.06 allows attackers to cause a Denial of Service (DoS) or access sensitive server information via manipulation of the getpage parameter in a crafted web request. | |||||
| CVE-2022-38205 | 1 Esri | 1 Portal For Arcgis | 2024-11-21 | N/A | 8.6 HIGH |
| In some non-default installations of Esri Portal for ArcGIS versions 10.9.1 and below, a directory traversal issue may allow a remote, unauthenticated attacker to traverse the file system and lead to the disclosure of sensitive data (not customer-published content). | |||||
| CVE-2022-38202 | 1 Esri | 1 Arcgis Server | 2024-11-21 | N/A | 7.5 HIGH |
| There is a path traversal vulnerability in Esri ArcGIS Server versions 10.9.1 and below. Successful exploitation may allow a remote, unauthenticated attacker traverse the file system to access files outside of the intended directory on ArcGIS Server. This could lead to the disclosure of sensitive site configuration information (not user datasets). | |||||