CVE-2015-2862

MEDIUM Year: 2015
CVSS v2 Score
4.0
Medium
Weakness Type
CWE-22
View all →

Vulnerability Description

Directory traversal vulnerability in Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 allows remote authenticated users to read arbitrary files via a crafted HTTP request.

Related Vulnerabilities

CVE-2017-12815

CRITICAL
CVSS:10.0(Critical)

Analysis of the Bomgar Remote Support Portal JavaStart.jar Applet 52790 and earlier revealed that it is vulnerable to a path traversal vulnerability. The archive can be downloaded from a given Bomgar ...

CWE-222017

CVE-2019-18253

CRITICAL
CVSS:10.0(Critical)

An attacker could use specially crafted paths in a specific request to read or delete files from Relion 670 Series (versions 1p1r26, 1.2.3.17, 2.0.0.10, RES670 2.0.0.4, 2.1.0.1, and prior) outside the...

CWE-222019

CVE-2020-29495

CRITICAL
CVSS:10.0(Critical)

DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain an OS Command Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, le...

CWE-222020

CVE-2022-1992

CRITICAL
CVSS:10.0(Critical)

Path Traversal in GitHub repository gogs/gogs prior to 0.12.9.

CWE-222022

CVE-2023-2909

CRITICAL
CVSS:10.0(Critical)

EZ Sync service fails to adequately handle user input, allowing an attacker to navigate beyond the intended directory structure and delete files. Affected products and versions include: ADM 4.0.6.REG2...

CWE-222023

CVE-2023-6015

CRITICAL
CVSS:10.0(Critical)

MLflow allowed arbitrary files to be PUT onto the server.

CWE-222023