Total
6658 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-9470 | 1 Ionadas | 1 History Collection | 2019-10-16 | 5.0 MEDIUM | 7.5 HIGH |
| The history-collection plugin through 1.1.1 for WordPress has directory traversal via the download.php var parameter. | |||||
| CVE-2010-5335 | 1 Icewarp | 1 Webclient | 2019-10-16 | 7.8 HIGH | 7.5 HIGH |
| IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver and the operating system. Input passed via a certain parameter (script to basic/minimizer/index.php) is not properly sanitised and can therefore be exploited to browse the partition where IceWarp is installed (or the whole system) and read arbitrary files. | |||||
| CVE-2015-9463 | 1 S3bubble | 1 S3bubble-amazon-s3-audio-streaming | 2019-10-15 | 5.0 MEDIUM | 7.5 HIGH |
| The s3bubble-amazon-s3-audio-streaming plugin 2.0 for WordPress has directory traversal via the adverts/assets/plugins/ultimate/content/downloader.php path parameter. | |||||
| CVE-2015-9464 | 1 S3bubble | 1 S3bubble-amazon-s3-html-5-video-with-adverts | 2019-10-15 | 5.0 MEDIUM | 7.5 HIGH |
| The s3bubble-amazon-s3-html-5-video-with-adverts plugin 0.7 for WordPress has directory traversal via the adverts/assets/plugins/ultimate/content/downloader.php path parameter. | |||||
| CVE-2015-9473 | 1 Estrutura-basica Project | 1 Estrutura-basica | 2019-10-15 | 5.0 MEDIUM | 7.5 HIGH |
| The estrutura-basica theme through 2015-09-13 for WordPress has directory traversal via the scripts/download.php arquivo parameter. | |||||
| CVE-2018-16202 | 1 Ionicframework | 1 Ionic Web View | 2019-10-15 | 5.0 MEDIUM | 8.6 HIGH |
| Directory traversal vulnerability in cordova-plugin-ionic-webview versions prior to 2.2.0 (not including 2.0.0-beta.0, 2.0.0-beta.1, 2.0.0-beta.2, and 2.1.0-0) allows remote attackers to access arbitrary files via unspecified vectors. | |||||
| CVE-2015-9480 | 1 Robot-cpa | 1 Robotcpa | 2019-10-15 | 5.0 MEDIUM | 7.5 HIGH |
| The RobotCPA plugin 5 for WordPress has directory traversal via the f.php l parameter. | |||||
| CVE-2019-17187 | 1 Fiberhome | 2 Hg2201t, Hg2201t Firmware | 2019-10-11 | 5.0 MEDIUM | 7.5 HIGH |
| /var/WEB-GUI/cgi-bin/downloadfile.cgi on FiberHome HG2201T 1.00.M5007_JS_201804 devices allows pre-authentication Directory Traversal for reading arbitrary files. | |||||
| CVE-2019-17399 | 1 Joomlashack | 1 Shack Forms Pro | 2019-10-11 | 7.5 HIGH | 9.8 CRITICAL |
| The Shack Forms Pro extension before 4.0.32 for Joomla! allows path traversal via a file attachment. | |||||
| CVE-2019-17199 | 2 Microsoft, Webpagetest | 2 Windows, Webpagetest | 2019-10-10 | 5.0 MEDIUM | 7.5 HIGH |
| www/getfile.php in WPO WebPageTest 19.04 on Windows allows Directory Traversal (for reading arbitrary files) because of an unanchored regular expression, as demonstrated by the a.jpg\.. substring. | |||||
| CVE-2019-5416 | 1 Localhost-now Project | 1 Localhost-now | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| A path traversal vulnerability in localhost-now npm package version 1.0.2 allows the attackers to read content of arbitrary files on the remote server. | |||||
| CVE-2019-5423 | 1 Http-live-simulator Project | 1 Http-live-simulator | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| Path traversal vulnerability in http-live-simulator npm package version 1.0.5 allows arbitrary path to be accessed on the file system by a remote attacker. | |||||
| CVE-2019-5480 | 1 Statichttpserver Project | 1 Statichttpserver | 2019-10-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| A path traversal vulnerability in <= v0.9.7 of statichttpserver npm module allows attackers to list files in arbitrary folders. | |||||
| CVE-2019-1765 | 1 Cisco | 8 Ip Conference Phone 8832, Ip Conference Phone 8832 Firmware, Ip Phone 8800 and 5 more | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an authenticated, remote attacker to write arbitrary files to the filesystem. The vulnerability is due to insufficient input validation and file-level permissions. An attacker could exploit this vulnerability by uploading invalid files to an affected device. A successful exploit could allow the attacker to write files in arbitrary locations on the filesystem. This vulnerability affects Cisco IP Phone 8800 Series products running a SIP Software release prior to 11.0(5) for Wireless IP Phone 8821 and 8821-EX; and 12.5(1)SR1 for the IP Conference Phone 8832 and the rest of the IP Phone 8800 Series. | |||||
| CVE-2019-1835 | 1 Cisco | 14 Aironet 1542d, Aironet 1542i, Aironet 1562d and 11 more | 2019-10-09 | 2.1 LOW | 4.4 MEDIUM |
| A vulnerability in the CLI of Cisco Aironet Access Points (APs) could allow an authenticated, local attacker to access sensitive information stored in an AP. The vulnerability is due to improper sanitization of user-supplied input in specific CLI commands. An attacker could exploit this vulnerability by accessing the CLI of an affected AP with administrator privileges and issuing crafted commands that result in directory traversal. A successful exploit could allow the attacker to view system files on the affected device, which could contain sensitive information. Software versions 8.8 and 8.9 are affected. | |||||
| CVE-2019-1717 | 1 Cisco | 1 Video Surveillance Manager | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the web-based management interface of Cisco Video Surveillance Manager could allow an unauthenticated, remote attacker to access sensitive information. The vulnerability is due to improper validation of parameters handled by the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to an affected component. A successful exploit could allow the attacker to download arbitrary files from the affected device, which could contain sensitive information. | |||||
| CVE-2019-12666 | 1 Cisco | 1 Ios Xe | 2019-10-09 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in the Guest Shell of Cisco IOS XE Software could allow an authenticated, local attacker to perform directory traversal on the base Linux operating system of Cisco IOS XE Software. The vulnerability is due to incomplete validation of certain commands. An attacker could exploit this vulnerability by first accessing the Guest Shell and then entering specific commands. A successful exploit could allow the attacker to execute arbitrary code on the base Linux operating system. | |||||
| CVE-2019-13343 | 1 Butor | 1 Portal | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| Butor Portal before 1.0.27 is affected by a Path Traversal vulnerability leading to a pre-authentication arbitrary file download. Effectively, a remote anonymous user can download any file on servers running Butor Portal. WhiteLabelingServlet is responsible for this vulnerability. It does not properly sanitize user input on the theme t parameter before reusing it in a path. This path is then used without validation to fetch a file and return its raw content to the user via the /wl?t=../../...&h= substring followed by a filename. | |||||
| CVE-2019-13532 | 1 Codesys | 13 Control For Beaglebone, Control For Empc-a\/imx6, Control For Iot2000 and 10 more | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which may allow access to files outside the restricted working directory of the controller. | |||||
| CVE-2019-11603 | 1 Bosch | 2 Iot Gateway Software, Prosyst Mbs Sdk | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| A HTTP Traversal Attack in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.0.2 allows remote attackers to read files outside the http root. | |||||