Total
6658 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-7815 | 1 Matomo | 1 Matomo | 2019-11-21 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in core/ViewDataTable/Factory.php in Piwik before 2.15.0 allows remote attackers to include and execute arbitrary local files via the viewDataTable parameter. | |||||
| CVE-2010-2786 | 1 Matomo | 1 Matomo | 2019-11-21 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in Piwik 0.6 through 0.6.3 allows remote attackers to include arbitrary local files and possibly have unspecified other impact via directory traversal sequences in a crafted data-renderer request. | |||||
| CVE-2018-0588 | 1 Ultimatemember | 1 User Profile \& Membership | 2019-11-20 | 6.4 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in the AJAX function of Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2018-0586 | 1 Ultimatemember | 1 User Profile \& Membership | 2019-11-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| Directory traversal vulnerability in the shortcodes function of Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2013-3073 | 1 Netgear | 2 Wndr4700, Wndr4700 Firmware | 2019-11-20 | 10.0 HIGH | 9.8 CRITICAL |
| A Symlink Traversal vulnerability exists in NETGEAR Centria WNDR4700 Firmware 1.0.0.34. | |||||
| CVE-2019-3423 | 1 Ztehome | 2 C520v21, C520v21 Firmware | 2019-11-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| permission and access control vulnerability, which exists in V2.1.14 and below versions of C520V21 smart camera devices. An attacker can construct a URL for directory traversal and access to other unauthorized files or resources. | |||||
| CVE-2019-18951 | 1 Sibsoft | 1 Xfilesharing | 2019-11-15 | 5.0 MEDIUM | 7.5 HIGH |
| SibSoft Xfilesharing through 2.5.1 allows op=page&tmpl=../ directory traversal to read arbitrary files. | |||||
| CVE-2016-10039 | 1 Modx | 1 Modx Revolution | 2019-11-14 | 7.5 HIGH | 7.3 HIGH |
| Directory traversal in /connectors/index.php in MODX Revolution before 2.5.2-pl allows remote attackers to perform local file inclusion/traversal/manipulation via a crafted dir parameter, related to browser/directory/getfiles. | |||||
| CVE-2016-10037 | 1 Modx | 1 Modx Revolution | 2019-11-14 | 7.5 HIGH | 7.3 HIGH |
| Directory traversal in /connectors/index.php in MODX Revolution before 2.5.2-pl allows remote attackers to perform local file inclusion/traversal/manipulation via a crafted id (aka dir) parameter, related to browser/directory/getlist. | |||||
| CVE-2019-14994 | 1 Atlassian | 1 Jira Service Desk | 2019-11-14 | 4.3 MEDIUM | 7.5 HIGH |
| The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before version 3.9.16, from version 3.10.0 before version 3.16.8, from version 4.0.0 before version 4.1.3, from version 4.2.0 before version 4.2.5, from version 4.3.0 before version 4.3.4, and version 4.4.0 allows remote attackers with portal access to view arbitrary issues in Jira Service Desk projects via a path traversal vulnerability. Note that when the 'Anyone can email the service desk or raise a request in the portal' setting is enabled, an attacker can grant themselves portal access, allowing them to exploit the vulnerability. | |||||
| CVE-2019-17327 | 1 Tmaxsoft | 1 Jeus | 2019-11-13 | 6.5 MEDIUM | 7.2 HIGH |
| JEUS 7 Fix#0~5 and JEUS 8Fix#0~1 versions contains a directory traversal vulnerability caused by improper input parameter check when uploading installation file in administration web page. That leads remote attacker to execute arbitrary code via uploaded file. | |||||
| CVE-2019-15004 | 1 Atlassian | 1 Jira Service Desk | 2019-11-13 | 4.3 MEDIUM | 7.5 HIGH |
| The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before 3.9.17, from 3.10.0 before 3.16.10, from 4.0.0 before 4.2.6, from 4.3.0 before 4.3.5, from 4.4.0 before 4.4.3, and from 4.5.0 before 4.5.1 allows remote attackers with portal access to view arbitrary issues in Jira Service Desk projects via a path traversal vulnerability. Note that when the 'Anyone can email the service desk or raise a request in the portal' setting is enabled, an attacker can grant themselves portal access, allowing them to exploit the vulnerability. | |||||
| CVE-2019-18924 | 1 Systematic | 1 Iris Webforms | 2019-11-13 | 5.0 MEDIUM | 5.3 MEDIUM |
| Systematic IRIS WebForms 5.4 is vulnerable to directory traversal. By manipulating variables that reference files with ../ (and variations), it is possible to list all the directories and check if a particular file exists. | |||||
| CVE-2019-13623 | 1 Nsa | 1 Ghidra | 2019-11-12 | 6.8 MEDIUM | 7.8 HIGH |
| In NSA Ghidra before 9.1, path traversal can occur in RestoreTask.java (from the package ghidra.app.plugin.core.archive) via an archive with an executable file that has an initial ../ in its filename. This allows attackers to overwrite arbitrary files in scenarios where an intermediate analysis result is archived for sharing with other persons. To achieve arbitrary code execution, one approach is to overwrite some critical Ghidra modules, e.g., the decompile module. | |||||
| CVE-2014-9014 | 1 Wpmarketplace Project | 1 Wpmarketplace | 2019-11-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| Directory traversal vulnerability in the ajaxinit function in wpmarketplace/libs/cart.php in the WP Marketplace plugin before 2.4.1 for WordPress allows remote authenticated users to download arbitrary files via a .. (dot dot) in the file parameter. | |||||
| CVE-2019-16876 | 1 Portainer | 1 Portainer | 2019-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| Portainer before 1.22.1 allows Directory Traversal. | |||||
| CVE-2019-18189 | 1 Trendmicro | 3 Apex One, Officescan, Worry-free Business Security | 2019-11-05 | 10.0 HIGH | 9.8 CRITICAL |
| A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (11.0, XG) and Worry-Free Business Security (9.5, 10.0) may allow an attacker to bypass authentication and log on to an affected product's management console as a root user. The vulnerability does not require authentication. | |||||
| CVE-2019-12314 | 1 Deltek | 1 Maconomy | 2019-11-05 | 7.5 HIGH | 9.8 CRITICAL |
| Deltek Maconomy 2.2.5 is prone to local file inclusion via absolute path traversal in the WS.macx1.W_MCS/ PATH_INFO, as demonstrated by a cgi-bin/Maconomy/MaconomyWS.macx1.W_MCS/etc/passwd URI. | |||||
| CVE-2019-17224 | 1 Compal | 2 Ch7465lg, Ch7465lg Firmware | 2019-11-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| The web interface of the Compal Broadband CH7465LG modem (version CH7465LG-NCIP-6.12.18.25-2p6-NOSH) is vulnerable to a /%2f/ path traversal attack, which can be exploited in order to test for the existence of a file pathname outside of the web root directory. If a file exists but is not part of the product, there is a 404 error. If a file does not exist, there is a 302 redirect to index.html. | |||||
| CVE-2019-18665 | 1 Secudos | 1 Domos | 2019-11-04 | 5.0 MEDIUM | 7.5 HIGH |
| The Log module in SECUDOS DOMOS before 5.6 allows local file inclusion. | |||||