Total
6658 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-16511 | 1 Firegiant | 1 Wix Toolset | 2019-11-04 | 5.8 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in DTF in FireGiant WiX Toolset before 3.11.2. Microsoft.Deployment.Compression.Cab.dll and Microsoft.Deployment.Compression.Zip.dll allow directory traversal during CAB or ZIP archive extraction, because the full name of an archive file (even with a ../ sequence) is concatenated with the destination path. | |||||
| CVE-2019-17324 | 1 Clipsoft | 1 Rexpert | 2019-11-01 | 4.3 MEDIUM | 6.5 MEDIUM |
| ClipSoft REXPERT 1.0.0.527 and earlier version allows directory traversal by issuing a special HTTP POST request with ../ characters. This could lead to create malicious HTML file, because they can inject a content with crafted template. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. | |||||
| CVE-2009-3887 | 1 Ytnef Project | 1 Ytnef | 2019-11-01 | 7.5 HIGH | 9.8 CRITICAL |
| ytnef has directory traversal | |||||
| CVE-2005-2349 | 1 Zoo Project | 1 Zoo | 2019-11-01 | 5.0 MEDIUM | 7.5 HIGH |
| Zoo 2.10 has Directory traversal | |||||
| CVE-2019-14450 | 1 Repetier-server | 1 Repetier-server | 2019-10-31 | 10.0 HIGH | 9.8 CRITICAL |
| A directory traversal vulnerability was discovered in RepetierServer.exe in Repetier-Server 0.8 through 0.91 that allows for the creation of a user controlled XML file at an unintended location. When this is combined with CVE-2019-14451, an attacker can upload an "external command" configuration as a printer configuration, and achieve remote code execution. After exploitation, loading of the external command configuration is dependent on a system reboot or service restart. | |||||
| CVE-2018-1002201 | 1 Jrebel | 1 Zt-zip | 2019-10-31 | 5.8 MEDIUM | 5.5 MEDIUM |
| zt-zip before 1.13 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'. | |||||
| CVE-2019-18212 | 3 Eclipse, Theia Xml Extension Project, Xml Language Server Project | 3 Wild Web Developer, Theia Xml Extension, Xml Server Project | 2019-10-30 | 4.0 MEDIUM | 6.5 MEDIUM |
| XMLLanguageService.java in XML Language Server (aka lsp4xml) before 0.9.1, as used in Red Hat XML Language Support (aka vscode-xml) before 0.9.1 for Visual Studio and other products, allows a remote attacker to write to arbitrary files via Directory Traversal. | |||||
| CVE-2019-18371 | 1 Mi | 2 Millet Router 3g, Millet Router 3g Firmware | 2019-10-29 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-stable. There is a directory traversal vulnerability to read arbitrary files via a misconfigured NGINX alias, as demonstrated by api-third-party/download/extdisks../etc/config/account. With this vulnerability, the attacker can bypass authentication. | |||||
| CVE-2013-4658 | 1 Linksys | 2 Ea6500, Ea6500 Firmware | 2019-10-29 | 10.0 HIGH | 9.8 CRITICAL |
| Linksys EA6500 has SMB Symlink Traversal allowing symbolic links to be created to locations outside of the Samba share. | |||||
| CVE-2016-4986 | 1 Jenkins | 1 Tap | 2019-10-28 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in the TAP plugin before 1.25 in Jenkins allows remote attackers to read arbitrary files via an unspecified parameter. | |||||
| CVE-2016-4987 | 1 Jenkins | 1 Image Gallery | 2019-10-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| Directory traversal vulnerability in the Image Gallery plugin before 1.4 in Jenkins allows remote attackers to list arbitrary directories and read arbitrary files via unspecified form fields. | |||||
| CVE-2019-8238 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2019-10-28 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Acrobat and Reader versions 2019.010.20100 and earlier; 2019.010.20099 and earlier versions; 2017.011.30140 and earlier version; 2017.011.30138 and earlier version; 2015.006.30495 and earlier versions; 2015.006.30493 and earlier versions have a Path Traversal vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user. | |||||
| CVE-2019-4400 | 1 Ibm | 1 Cloud Orchestrator | 2019-10-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 162261. | |||||
| CVE-2019-15266 | 1 Cisco | 1 Wireless Lan Controller Software | 2019-10-22 | 2.1 LOW | 4.4 MEDIUM |
| A vulnerability in the CLI of Cisco Wireless LAN Controller (WLC) Software could allow an authenticated, local attacker to view system files that should be restricted. This vulnerability is due to improper sanitization of user-supplied input in command-line parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location. A successful exploit could allow the attacker to view system files that may contain sensitive information. | |||||
| CVE-2019-16279 | 1 Nazgul | 1 Nostromo Nhttpd | 2019-10-21 | 5.0 MEDIUM | 7.5 HIGH |
| A memory error in the function SSL_accept in nostromo nhttpd through 1.9.6 allows an attacker to trigger a denial of service via a crafted HTTP request. | |||||
| CVE-2019-14657 | 1 Yeahlink | 6 T49g, T49g Firmware, T58v and 3 more | 2019-10-18 | 9.0 HIGH | 8.8 HIGH |
| Yealink phones through 2019-08-04 have an issue with OpenVPN file upload. They execute tar as root to extract files, but do not validate the extraction directory. Creating a tar file with ../../../../ allows replacement of almost any file on a phone. This leads to password replacement and arbitrary code execution as root. | |||||
| CVE-2010-5334 | 1 Icewarp | 1 Webclient | 2019-10-17 | 7.8 HIGH | 7.5 HIGH |
| IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver and the operating system. Input passed via a certain parameter (_c to basic/index.html) is not properly sanitised and can therefore be exploited to browse the partition where IceWarp is installed (or the whole system) and read arbitrary files. | |||||
| CVE-2019-17537 | 1 Jnoj | 1 Jiangnan Online Judge | 2019-10-17 | 6.4 MEDIUM | 7.5 HIGH |
| Jiangnan Online Judge (aka jnoj) 0.8.0 has Directory Traversal for file deletion via the web/polygon/problem/deletefile?id=1&name=../ substring. | |||||
| CVE-2019-17538 | 1 Jnoj | 1 Jiangnan Online Judge | 2019-10-17 | 5.0 MEDIUM | 7.5 HIGH |
| Jiangnan Online Judge (aka jnoj) 0.8.0 has Directory Traversal for file reading via the web/polygon/problem/viewfile?id=1&name=../ substring. | |||||
| CVE-2018-1002204 | 1 Adm-zip Project | 1 Adm-zip | 2019-10-16 | 4.3 MEDIUM | 5.5 MEDIUM |
| adm-zip npm library before 0.4.9 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'. | |||||