• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-22

CVE-2021-37444

February 23, 2023 by

NCH IVM Attendant v5.12 and earlier suffers from a directory traversal weakness upon uploading plugins in a ZIP archive. This can lead to code execution if a ZIP element’s pathname is set to a Windows startup folder, a file for the inbuilt Out-Going Message function, or a file for the the inbuilt Autodial function.

CVE-2021-37445

February 23, 2023 by

In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via logprop?file=/.. for file reading.

CVE-2021-37446

February 23, 2023 by

In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via documentprop?file=/.. for file reading.

CVE-2021-37447

February 23, 2023 by

In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via documentdelete?file=/.. for file deletion.

CVE-2021-37469

February 23, 2023 by

In NCH WebDictate v2.13 and earlier, authenticated users can abuse logprop?file=/.. path traversal to read files on the filesystem.

CVE-2021-37367

February 23, 2023 by

CTparental before 4.45.07 is affected by a code execution vulnerability in the CTparental admin panel. Because The file “bl_categories_help.php” is vulnerable to directory traversal, an attacker can create a file that contains scripts and run arbitrary commands.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 353
  • Go to page 354
  • Go to page 355
  • Go to page 356
  • Go to page 357
  • Interim pages omitted …
  • Go to page 514
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE