Total
6658 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-20354 | 1 Pisignage | 1 Pisignage | 2020-01-14 | 4.0 MEDIUM | 4.3 MEDIUM |
| The web application component of piSignage before 2.6.4 allows a remote attacker (authenticated as a low-privilege user) to download arbitrary files from the Raspberry Pi via api/settings/log?file=../ path traversal. In other words, this issue is in the player API for log download. | |||||
| CVE-2019-7751 | 1 Ricoh | 1 Fusionpro Vdp | 2020-01-14 | 5.0 MEDIUM | 7.5 HIGH |
| A directory traversal and local file inclusion vulnerability in FPProducerInternetServer.exe in Ricoh MarcomCentral, formerly PTI Marketing, FusionPro VDP before 10.0 allows a remote attacker to list or enumerate sensitive contents of files. Furthermore, this could allow for privilege escalation by dumping the local machine's SAM and SYSTEM database files, and possibly remote code execution. | |||||
| CVE-2019-19628 | 1 Gitlab | 1 Gitlab | 2020-01-10 | 7.5 HIGH | 9.8 CRITICAL |
| In GitLab EE 11.3 through 12.5.3, 12.4.5, and 12.3.8, insufficient parameter sanitization for the Maven package registry could lead to privilege escalation and remote code execution vulnerabilities under certain conditions. | |||||
| CVE-2019-15980 | 1 Cisco | 1 Data Center Network Manager | 2020-01-08 | 9.0 HIGH | 7.2 HIGH |
| Multiple vulnerabilities in the REST and SOAP API endpoints and the Application Framework feature of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. To exploit these vulnerabilities, an attacker would need administrative privileges on the DCNM application. For more information about these vulnerabilities, see the Details section of this advisory. Note: The severity of these vulnerabilities is aggravated by the vulnerabilities described in the Cisco Data Center Network Manager Authentication Bypass Vulnerabilities advisory, published simultaneously with this one. | |||||
| CVE-2019-15981 | 1 Cisco | 1 Data Center Network Manager | 2020-01-08 | 9.0 HIGH | 7.2 HIGH |
| Multiple vulnerabilities in the REST and SOAP API endpoints and the Application Framework feature of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. To exploit these vulnerabilities, an attacker would need administrative privileges on the DCNM application. For more information about these vulnerabilities, see the Details section of this advisory. Note: The severity of these vulnerabilities is aggravated by the vulnerabilities described in the Cisco Data Center Network Manager Authentication Bypass Vulnerabilities advisory, published simultaneously with this one. | |||||
| CVE-2019-15982 | 1 Cisco | 1 Data Center Network Manager | 2020-01-08 | 9.0 HIGH | 7.2 HIGH |
| Multiple vulnerabilities in the REST and SOAP API endpoints and the Application Framework feature of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. To exploit these vulnerabilities, an attacker would need administrative privileges on the DCNM application. For more information about these vulnerabilities, see the Details section of this advisory. Note: The severity of these vulnerabilities is aggravated by the vulnerabilities described in the Cisco Data Center Network Manager Authentication Bypass Vulnerabilities advisory, published simultaneously with this one. | |||||
| CVE-2020-5513 | 1 Gilacms | 1 Gila Cms | 2020-01-08 | 6.8 MEDIUM | 6.8 MEDIUM |
| Gila CMS 1.11.8 allows /cm/delete?t=../ Directory Traversal. | |||||
| CVE-2020-5512 | 1 Gilacms | 1 Gila Cms | 2020-01-08 | 6.8 MEDIUM | 6.8 MEDIUM |
| Gila CMS 1.11.8 allows /admin/media?path=../ Path Traversal. | |||||
| CVE-2019-19088 | 1 Gitlab | 1 Gitlab | 2020-01-06 | 7.5 HIGH | 9.8 CRITICAL |
| Gitlab Enterprise Edition (EE) 11.3 through 12.4.2 allows Directory Traversal. | |||||
| CVE-2019-6022 | 1 Cybozu | 1 Office | 2019-12-30 | 4.0 MEDIUM | 6.5 MEDIUM |
| Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.3 allows remote authenticated attackers to alter arbitrary files via the 'Customapp' function. | |||||
| CVE-2010-3692 | 1 Apereo | 1 Phpcas | 2019-12-30 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in the callback function in client.php in phpCAS before 1.1.3, when proxy mode is enabled, allows remote attackers to create or overwrite arbitrary files via directory traversal sequences in a Proxy Granting Ticket IOU (PGTiou) parameter. | |||||
| CVE-2019-15596 | 1 Statics-server Project | 1 Statics-server | 2019-12-27 | 5.0 MEDIUM | 7.5 HIGH |
| A path traversal in statics-server exists in all version that allows an attacker to perform a path traversal when a symlink is used within the working directory. | |||||
| CVE-2019-15600 | 1 Http Server Project | 1 Http Server | 2019-12-23 | 5.0 MEDIUM | 7.5 HIGH |
| A Path traversal exists in http_server which allows an attacker to read arbitrary system files. | |||||
| CVE-2019-19848 | 1 Typo3 | 1 Typo3 | 2019-12-23 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. It has been discovered that the extraction of manually uploaded ZIP archives in Extension Manager is vulnerable to directory traversal. Admin privileges are required in order to exploit this vulnerability. (In v9 LTS and later, System Maintainer privileges are also required.) | |||||
| CVE-2019-19731 | 1 Roxyfileman | 1 Roxy Fileman | 2019-12-23 | 5.0 MEDIUM | 7.5 HIGH |
| Roxy Fileman 1.4.5 for .NET is vulnerable to path traversal. A remote attacker can write uploaded files to arbitrary locations via the RENAMEFILE action. This can be leveraged for code execution by uploading a specially crafted Windows shortcut file and writing the file to the Startup folder (because an incomplete blacklist of file extensions allows Windows shortcut files to be uploaded). | |||||
| CVE-2019-16680 | 4 Canonical, Debian, Gnome and 1 more | 4 Ubuntu Linux, Debian Linux, File-roller and 1 more | 2019-12-20 | 2.6 LOW | 4.3 MEDIUM |
| An issue was discovered in GNOME file-roller before 3.29.91. It allows a single ./../ path traversal via a filename contained in a TAR archive, possibly overwriting a file during extraction. | |||||
| CVE-2019-19845 | 1 Joomla | 1 Joomla\! | 2019-12-19 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Joomla! before 3.9.14, a missing access check in framework files could lead to a path disclosure. | |||||
| CVE-2019-16758 | 1 Lexmark | 2 Services Monitor, Services Monitor Firmware | 2019-12-19 | 5.0 MEDIUM | 7.5 HIGH |
| In Lexmark Services Monitor 2.27.4.0.39 (running on TCP port 2070), a remote attacker can use a directory traversal technique using /../../../ or ..%2F..%2F..%2F to obtain local files on the host operating system. | |||||
| CVE-2019-5251 | 1 Huawei | 18 Enjoy 7s, Enjoy 7s Firmware, Honor 20s and 15 more | 2019-12-18 | 4.3 MEDIUM | 5.5 MEDIUM |
| There is a path traversal vulnerability in several Huawei smartphones. The system does not sufficiently validate certain pathnames from the application. An attacker could trick the user into installing, backing up and restoring a malicious application. Successful exploit could cause information disclosure. | |||||
| CVE-2019-14251 | 1 Temenos | 1 T24 | 2019-12-18 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in T24 in TEMENOS Channels R15.01. The login page presents JavaScript functions to access a document on the server once successfully authenticated. However, an attacker can leverage downloadDocServer() to traverse the file system and access files or directories that are outside of the restricted directory because WealthT24/GetImage is used with the docDownloadPath and uploadLocation parameters. | |||||