Total
6658 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-20463 | 1 Jsmol2wp Project | 1 Jsmol2wp | 2019-01-09 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the JSmol2WP plugin 1.07 for WordPress. There is an arbitrary file read vulnerability via ../ directory traversal in query=php://filter/resource= in the jsmol.php query string. This can also be used for SSRF. | |||||
| CVE-2018-18485 | 1 Phpshe | 1 Phpshe | 2019-01-08 | 6.4 MEDIUM | 7.5 HIGH |
| An issue was discovered in PHPSHE 1.7. admin.php?mod=db&act=del allows remote attackers to delete arbitrary files via directory traversal sequences in the dbname parameter. This can be leveraged to reload the product by deleting install.lock. | |||||
| CVE-2018-1000882 | 1 Webidsupport | 1 Webid | 2019-01-07 | 5.0 MEDIUM | 7.5 HIGH |
| WeBid version up to current version 1.2.2 contains a Directory Traversal vulnerability in getthumb.php that can result in Arbitrary Image File Read. This attack appear to be exploitable via HTTP GET Request. This vulnerability appears to have been fixed in after commit 256a5f9d3eafbc477dcf77c7682446cc4b449c7f. | |||||
| CVE-2018-20610 | 1 Txjia | 1 Imcat | 2019-01-07 | 4.0 MEDIUM | 4.9 MEDIUM |
| imcat 4.4 allows directory traversal via the root/run/adm.php efile parameter. | |||||
| CVE-2018-20566 | 1 Douco | 1 Douphp | 2019-01-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in DouCo DouPHP 1.5 20181221. It allows full path disclosure in "Smarty error: unable to read resource" error messages for a crafted installation page. | |||||
| CVE-2018-19666 | 3 Microsoft, Ossec, Wazuh | 3 Windows, Ossec, Wazuh | 2019-01-04 | 7.2 HIGH | 7.8 HIGH |
| The agent in OSSEC through 3.1.0 on Windows allows local users to gain NT AUTHORITY\SYSTEM access via Directory Traversal by leveraging full access to the associated OSSEC server. | |||||
| CVE-2017-18354 | 1 Google | 1 Rendertron | 2019-01-04 | 5.0 MEDIUM | 7.5 HIGH |
| Rendertron 1.0.0 allows for alternative protocols such as 'file://' introducing a Local File Inclusion (LFI) bug where arbitrary files can be read by a remote attacker. | |||||
| CVE-2018-20094 | 1 Xuxueli | 1 Xxl-conf | 2019-01-04 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in XXL-CONF 1.6.0. There is a path traversal vulnerability via ../ in the keys parameter that can download any configuration file, related to ConfController.java and PropUtil.java. | |||||
| CVE-2018-20128 | 1 Usualtool | 1 Usualtoolcms | 2019-01-04 | 6.4 MEDIUM | 7.5 HIGH |
| An issue was discovered in UsualToolCMS v8.0. cmsadmin\a_sqlback.php allows remote attackers to delete arbitrary files via a backname[] directory-traversal pathname followed by a crafted substring. | |||||
| CVE-2014-2583 | 1 Linux-pam | 1 Linux-pam | 2019-01-03 | 5.8 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in pam_timestamp.c in the pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users to create arbitrary files or possibly bypass authentication via a .. (dot dot) in the (1) PAM_RUSER value to the get_ruser function or (2) PAM_TTY value to the check_tty function, which is used by the format_timestamp_name function. | |||||
| CVE-2018-20064 | 1 Doorgets | 1 Doorgets | 2018-12-31 | 5.0 MEDIUM | 7.5 HIGH |
| doorGets 7.0 allows remote attackers to write to arbitrary files via directory traversal, as demonstrated by a dg-user/?controller=theme&action=edit&name=doorgets&file=../../1.txt%00 URI with content in the theme_content_nofi parameter. | |||||
| CVE-2018-17785 | 1 Blynk | 1 Blynk-server | 2018-12-31 | 5.0 MEDIUM | 7.5 HIGH |
| In blynk-server in Blynk before 0.39.7, Directory Traversal exists via a ../ in a URI that has /static or /static/js at the beginning, as demonstrated by reading the /etc/passwd file. | |||||
| CVE-2015-4632 | 1 Koha | 1 Koha | 2018-12-31 | 5.0 MEDIUM | 7.5 HIGH |
| Multiple directory traversal vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the template_path parameter to (1) svc/virtualshelves/search or (2) svc/members/search. | |||||
| CVE-2018-7806 | 1 Schneider-electric | 1 Struxureware Data Center Operation | 2018-12-28 | 6.5 MEDIUM | 8.8 HIGH |
| Data Center Operation allows for the upload of a zip file from its user interface to the server. A carefully crafted, malicious file could be mistakenly uploaded by an authenticated user via this feature which could contain path traversal file names. As such, it could allow for the arbitrary upload of files contained with the zip onto the server file system outside of the intended directory. This is leveraging the more commonly known ZipSlip vulnerability within Java code. | |||||
| CVE-2018-7807 | 1 Schneider-electric | 1 Struxureware Data Center Expert | 2018-12-28 | 6.5 MEDIUM | 8.8 HIGH |
| Data Center Expert, versions 7.5.0 and earlier, allows for the upload of a zip file from its user interface to the server. A carefully crafted, malicious file could be mistakenly uploaded by an authenticated user via this feature which could contain path traversal file names. As such, it could allow for the arbitrary upload of files contained with the zip onto the server file system outside of the intended directory. This is leveraging the more commonly known ZipSlip vulnerability within Java code. | |||||
| CVE-2018-17605 | 1 Asset Pipeline Project | 1 Asset-pipeline | 2018-12-28 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the Asset Pipeline plugin before 3.0.4 for Grails. An attacker can perform directory traversal via a crafted request when a servlet-based application is executed in Jetty, because there is a classloader vulnerability that can allow a reverse file traversal route in AssetPipelineFilter.groovy or AssetPipelineFilterCore.groovy. | |||||
| CVE-2018-12306 | 1 Asustor | 2 As602t, Data Master | 2018-12-27 | 5.0 MEDIUM | 7.5 HIGH |
| Directory Traversal in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to view arbitrary files by modifying the "file1" URL parameter, a similar issue to CVE-2018-11344. | |||||
| CVE-2018-12309 | 1 Asustor | 2 As602t, Data Master | 2018-12-27 | 5.0 MEDIUM | 7.5 HIGH |
| Directory Traversal in upload.cgi in ASUSTOR ADM version 3.1.1 allows attackers to upload files to arbitrary locations by modifying the "path" URL parameter. NOTE: the "filename" POST parameter is covered by CVE-2018-11345. | |||||
| CVE-2018-19753 | 1 Oracle | 1 Tarantella Enterprise | 2018-12-26 | 5.0 MEDIUM | 7.5 HIGH |
| Tarantella Enterprise before 3.11 allows Directory Traversal. | |||||
| CVE-2018-13322 | 1 Buffalo | 2 Ts5600d1206, Ts5600d1206 Firmware | 2018-12-26 | 4.0 MEDIUM | 6.5 MEDIUM |
| Directory traversal in list_folders method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to list directory contents via the "path" parameter. | |||||