Total
6658 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-7105 | 2 Adobe, Apple | 2 Xd, Mac Os X | 2019-05-24 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe XD versions 16.0 and earlier have a path traversal vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2019-1854 | 1 Cisco | 1 Telepresence Video Communication Server | 2019-05-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability in the management web interface of Cisco Expressway Series could allow an authenticated, remote attacker to perform a directory traversal attack against an affected device. The vulnerability is due to insufficient input validation on the web interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web interface. A successful exploit could allow the attacker to bypass security restrictions and access the web interface of a Cisco Unified Communications Manager associated with the affected device. Valid credentials would still be required to access the Cisco Unified Communications Manager interface. | |||||
| CVE-2019-5936 | 1 Cybozu | 1 Garoon | 2019-05-20 | 5.5 MEDIUM | 5.4 MEDIUM |
| Directory traversal vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to obtain files without access privileges via the application 'Work Flow'. | |||||
| CVE-2018-17180 | 1 Open-emr | 1 Openemr | 2019-05-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in OpenEMR before 5.0.1 Patch 7. Directory Traversal exists via docid=../ to /portal/lib/download_template.php. | |||||
| CVE-2015-9287 | 1 Cam | 1 The University Of Cambridge Web Authentication System Apache Authentication Agent | 2019-05-20 | 5.0 MEDIUM | 9.8 CRITICAL |
| Directory Traversal was discovered in University of Cambridge mod_ucam_webauth before 2.0.2. The key identification field ("kid") of the IdP's HTTP response message ("WLS-Response") can be manipulated by an attacker. The "kid" field is not signed like the rest of the message, and manipulation is therefore trivial. The "kid" field should only ever represent an integer. However, it is possible to provide any string value. An attacker could use this to their advantage to force the application agent to load the RSA public key required for message integrity checking from an unintended location. | |||||
| CVE-2019-8925 | 1 Zohocorp | 1 Manageengine Netflow Analyzer | 2019-05-17 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. An Absolute Path Traversal vulnerability in the Administration zone, in /netflow/servlet/CReportPDFServlet (via the parameter schFilePath), allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via any file name, such as a schFilePath=C:\boot.ini value. | |||||
| CVE-2018-6885 | 1 Microstrategy | 1 Web Services | 2019-05-17 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered in MicroStrategy Web Services (the Microsoft Office plugin) before 10.4 Hotfix 7, and before 10.11. The vulnerability is unauthenticated and leads to access to the asset files with the MicroStrategy user privileges. (This includes the credentials to access the admin dashboard which may lead to RCE.) The path traversal is located in a SOAP request in the web service component. | |||||
| CVE-2019-12138 | 1 Macdown Project | 1 Macdown | 2019-05-16 | 4.6 MEDIUM | 7.8 HIGH |
| MacDown 0.7.1 allows directory traversal, for execution of arbitrary programs, via a file:/// or ../ substring in a shared note. | |||||
| CVE-2019-8952 | 1 Bosch | 6 Divar Ip 2000, Divar Ip 2000 Firmware, Divar Ip 5000 and 3 more | 2019-05-16 | 4.0 MEDIUM | 6.5 MEDIUM |
| A Path Traversal vulnerability located in the webserver affects several Bosch hardware and software products. The vulnerability potentially allows a remote authorized user to access arbitrary files on the system via the network interface. Affected hardware products: Bosch DIVAR IP 2000 (vulnerable versions: 3.10; 3.20; 3.21; 3.50; 3.51; 3.55; 3.60; 3.61; 3.62; fixed versions: 3.62.0019 and newer), Bosch DIVAR IP 5000 (vulnerable versions: 3.10; 3.20; 3.21; 3.50; 3.51; 3.55; 3.60; 3.61; 3.62; fixed versions: 3.80.0033 and newer). Affected software products: Video Recording Manager (VRM) (vulnerable versions: 3.10; 3.20; 3.21; 3.50; 3.51; 3.55; 3.60; 3.61; 3.62; 3.70; 3.71 before 3.71.0032 ; fixed versions: 3.71.0032; 3.81.0032 and newer), Bosch Video Management System (BVMS) (vulnerable versions: 3.50.00XX; 3.55.00XX; 3.60.00XX; 3.70.0056; fixed versions: 7.5; 3.71.0032). | |||||
| CVE-2019-9726 | 1 Eq-3 | 2 Ccu3, Ccu3 Firmware | 2019-05-14 | 5.0 MEDIUM | 7.5 HIGH |
| Directory Traversal / Arbitrary File Read in eQ-3 AG Homematic CCU3 3.43.15 and earlier allows remote attackers to read arbitrary files of the device's filesystem. This vulnerability can be exploited by unauthenticated attackers with access to the web interface. | |||||
| CVE-2012-6652 | 1 Page Flip Book Project | 1 Page Flip Book | 2019-05-13 | 7.5 HIGH | 9.8 CRITICAL |
| Directory traversal vulnerability in pageflipbook.php script from index.php in Page Flip Book plugin for WordPress (wppageflip) allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pageflipbook_language parameter. | |||||
| CVE-2018-12298 | 1 Seagate | 1 Nas Os | 2019-05-13 | 5.0 MEDIUM | 7.5 HIGH |
| Directory Traversal in filebrowser in Seagate NAS OS 4.3.15.1 allows attackers to read files within the application's container via a URL path. | |||||
| CVE-2019-11082 | 1 Dkpro-core Project | 1 Dkpro-core | 2019-05-10 | 6.4 MEDIUM | 7.5 HIGH |
| core/api/datasets/internal/actions/Explode.java in the Dataset API in DKPro Core through 1.10.0 allows Directory Traversal, resulting in the overwrite of local files with the contents of an archive. | |||||
| CVE-2017-17108 | 1 Konakart | 1 Konakart | 2019-05-10 | 7.5 HIGH | 9.8 CRITICAL |
| Path traversal vulnerability in the administrative panel in KonaKart eCommerce Platform version 8.7 and earlier could allow an attacker to download system files, as well as upload specially crafted JSP files and in turn gain access to the server. | |||||
| CVE-2019-4178 | 1 Ibm | 1 Cognos Analytics | 2019-05-09 | 6.4 MEDIUM | 9.1 CRITICAL |
| IBM Cognos Analytics 11 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to write or view arbitrary files on the system. IBM X-Force ID: 158919. | |||||
| CVE-2018-1000406 | 1 Jenkins | 1 Jenkins | 2019-05-08 | 4.0 MEDIUM | 6.5 MEDIUM |
| A path traversal vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/model/FileParameterValue.java that allows attackers with Job/Configure permission to define a file parameter with a file name outside the intended directory, resulting in an arbitrary file write on the Jenkins master when scheduling a build. | |||||
| CVE-2018-1000997 | 1 Jenkins | 1 Jenkins | 2019-05-08 | 4.0 MEDIUM | 6.5 MEDIUM |
| A path traversal vulnerability exists in the Stapler web framework used by Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/org/kohsuke/stapler/Facet.java, groovy/src/main/java/org/kohsuke/stapler/jelly/groovy/GroovyFacet.java, jelly/src/main/java/org/kohsuke/stapler/jelly/JellyFacet.java, jruby/src/main/java/org/kohsuke/stapler/jelly/jruby/JRubyFacet.java, jsp/src/main/java/org/kohsuke/stapler/jsp/JSPFacet.java that allows attackers to render routable objects using any view in Jenkins, exposing internal information about those objects not intended to be viewed, such as their toString() representation. | |||||
| CVE-2019-7387 | 1 Systrome | 6 Isg-600c, Isg-600c Firmware, Isg-600h and 3 more | 2019-05-08 | 4.0 MEDIUM | 6.5 MEDIUM |
| A local file inclusion vulnerability exists in the web interface of Systrome Cumilon ISG-600C, ISG-600H, and ISG-800W 1.1-R2.1_TRUNK-20180914.bin devices. When the export function is called from system/maintenance/export.php, it accepts the path provided by the user, leading to path traversal via the name parameter. | |||||
| CVE-2015-7669 | 1 Easy2map | 1 Easy2map | 2019-05-07 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple directory traversal vulnerabilities in (1) includes/MapImportCSV2.php and (2) includes/MapImportCSV.php in the Easy2Map plugin before 1.3.0 for WordPress allow remote attackers to include and execute arbitrary files via the csvfile parameter related to "upload file functionality." | |||||
| CVE-2015-8352 | 1 Zen-cart | 1 Zen Cart | 2019-05-03 | 10.0 HIGH | 9.8 CRITICAL |
| Directory traversal vulnerability in Zen Cart 1.5.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the act parameter to ajax.php. | |||||