CVE-2024-28064

CRITICAL Year: 2024
CVSS v3 Score
9.8
Critical
Weakness Type
CWE-26
View all →

Vulnerability Description

Kiteworks Totemomail 7.x and 8.x before 8.3.0 allows /responsiveUI/EnvelopeOpenServlet messageId directory traversal for unauthenticated file read and delete operations (with displayLoginChunkedImages) and write operations (with storeLoginChunkedImages).

Related Vulnerabilities

CVE-2024-29466

HIGH
CVSS:8.8(High)

Directory Traversal vulnerability in lsgwr spring boot online exam v.0.9 allows an attacker to execute arbitrary code via the FileTransUtil.java component.

CWE-262024

CVE-2021-34762

HIGH
CVSS:8.1(High)

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to perform a directory traversal attack on an af...

CWE-262021

CVE-2024-29466

HIGH
CVSS:8.8(High)

Directory Traversal vulnerability in lsgwr spring boot online exam v.0.9 allows an attacker to execute arbitrary code via the FileTransUtil.java component.

CWE-262024

CVE-2021-34762

HIGH
CVSS:8.1(High)

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to perform a directory traversal attack on an af...

CWE-262021

CVE-2021-42021

HIGH
CVSS:7.5(High)

A vulnerability has been identified in Siveillance Video DLNA Server (2019 R1), Siveillance Video DLNA Server (2019 R2), Siveillance Video DLNA Server (2019 R3), Siveillance Video DLNA Server (2020 R1...

CWE-262021

CVE-2024-31551

HIGH
CVSS:7.5(High)

Directory Traversal vulnerability in lib/admin/image.admin.php in cmseasy v7.7.7.9 20240105 allows attackers to delete arbitrary files via crafted GET request.

CWE-262024