Total
6658 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-10965 | 1 Creativeinteractivemedia | 1 Real3d Flipbook | 2019-09-17 | 6.4 MEDIUM | 7.5 HIGH |
| The real3d-flipbook-lite plugin 1.0 for WordPress has deleteBook=../ directory traversal for file deletion. | |||||
| CVE-2016-10966 | 1 Creativeinteractivemedia | 1 Real3d Flipbook | 2019-09-17 | 5.0 MEDIUM | 7.5 HIGH |
| The real3d-flipbook-lite plugin 1.0 for WordPress has bookName=../ directory traversal for file upload. | |||||
| CVE-2019-5956 | 1 Wondercms | 1 Wondercms | 2019-09-13 | 7.5 HIGH | 6.5 MEDIUM |
| Directory traversal vulnerability in WonderCMS 2.6.0 and earlier allows remote attackers to delete arbitrary files via unspecified vectors. | |||||
| CVE-2019-6783 | 1 Gitlab | 1 Gitlab | 2019-09-10 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. GitLab Pages contains a directory traversal vulnerability that could lead to remote command execution. | |||||
| CVE-2019-12464 | 1 Librenms | 1 Librenms | 2019-09-10 | 6.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in LibreNMS 1.50.1. An authenticated user can perform a directory traversal attack against the /pdf.php file with a partial filename in the report parameter, to cause local file inclusion resulting in code execution. | |||||
| CVE-2019-16132 | 1 Phpok | 1 Oklite | 2019-09-10 | 5.5 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in OKLite v1.2.25. framework/admin/tpl_control.php allows remote attackers to delete arbitrary files via a title directory-traversal pathname followed by a crafted substring. | |||||
| CVE-2011-1572 | 1 Gitolite | 1 Gitolite | 2019-09-09 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in the Admin Defined Commands (ADC) feature in gitolite before 1.5.9.1 allows remote attackers to execute arbitrary commands via .. (dot dot) sequences in admin-defined commands. | |||||
| CVE-2019-16105 | 1 Silver-peak | 2 Unity Edgeconnect Sd-wan, Unity Edgeconnect Sd-wan Firmware | 2019-09-09 | 4.0 MEDIUM | 4.9 MEDIUM |
| Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows ..%2f directory traversal via a rest/json/configdb/download/ URI. | |||||
| CVE-2019-15952 | 1 Totaljs | 1 Total.js Cms | 2019-09-06 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Total.js CMS 12.0.0. An authenticated user with the Pages privilege can conduct a path traversal attack (../) to include .html files that are outside the permitted directory. Also, if a page contains a template directive, then the directive will be server side processed. Thus, if a user can control the content of a .html file, then they can inject a payload with a malicious template directive to gain Remote Command Execution. The exploit will work only with the .html extension. | |||||
| CVE-2019-15630 | 1 Mulesoft | 2 Api Gateway, Mule Runtime | 2019-09-05 | 5.0 MEDIUM | 7.5 HIGH |
| Directory Traversal in APIkit, HTTP connector, and OAuth2 Provider components in MuleSoft Mule Runtime 3.2.0 and higher released before August 1 2019, MuleSoft Mule Runtime 4.1.0 and higher released before August 1 2019, and all versions of MuleSoft API Gateway released before August 1 2019 allow remote attackers to read files accessible to the Mule process. | |||||
| CVE-2019-15714 | 1 Entropic Project | 1 Entropic | 2019-09-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| cli/lib/main.js in Entropic before 2019-06-13 does not reject / and \ in command names, which might allow a directory traversal attack in unusual situations. | |||||
| CVE-2019-6113 | 1 Onkyo | 2 Tx-nr686, Tx-nr686 Firmware | 2019-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability on ONKYO TX-NR686 1030-5000-1040-0010 A/V Receiver devices allows remote attackers to read arbitrary files via a .. (dot dot) and %2f to the default URI. | |||||
| CVE-2019-15822 | 1 Wpserveur | 1 Wps Child Theme Generator | 2019-09-03 | 7.5 HIGH | 9.8 CRITICAL |
| The wps-child-theme-generator plugin before 1.2 for WordPress has classes/helpers.php directory traversal. | |||||
| CVE-2019-15519 | 1 Power-response Project | 1 Power-response | 2019-08-30 | 10.0 HIGH | 9.8 CRITICAL |
| Power-Response before 2019-02-02 allows directory traversal (up to the application's main directory) via a plugin. | |||||
| CVE-2019-11029 | 1 Mirasys | 1 Mirasys Vms | 2019-08-30 | 5.0 MEDIUM | 7.5 HIGH |
| Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the Download() method of AutoUpdateService in SMServer.exe, leading to Directory Traversal. An attacker could use ..\ with this method to iterate over lists of interesting system files and download them without previous authentication. This includes SAM-database backups, Web.config files, etc. and might cause a serious impact on confidentiality. | |||||
| CVE-2017-18586 | 1 Insert Pages Project | 1 Insert Pages | 2019-08-29 | 6.4 MEDIUM | 9.1 CRITICAL |
| The insert-pages plugin before 3.2.4 for WordPress has directory traversal via custom template paths. | |||||
| CVE-2014-10390 | 1 Wpsupportplus | 1 Wp Support Plus Responsive Ticket System | 2019-08-29 | 6.4 MEDIUM | 9.1 CRITICAL |
| The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has directory traversal. | |||||
| CVE-2019-12791 | 1 Vestacp | 1 Control Panel | 2019-08-28 | 9.0 HIGH | 8.8 HIGH |
| A directory traversal vulnerability in the v-list-user script in Vesta Control Panel 0.9.8-24 allows remote attackers to escalate from regular registered users to root via the password reset form. | |||||
| CVE-2019-15516 | 1 Cuberite | 1 Cuberite | 2019-08-27 | 5.0 MEDIUM | 7.5 HIGH |
| Cuberite before 2019-06-11 allows webadmin directory traversal via ....// because the protection mechanism simply removes one ../ substring. | |||||
| CVE-2019-15517 | 1 Jc21 | 1 Nginx Proxy Manager | 2019-08-27 | 4.9 MEDIUM | 5.5 MEDIUM |
| jc21 Nginx Proxy Manager before 2.0.13 allows %2e%2e%2f directory traversal. | |||||