Total
6658 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-16299 | 1 Localize My Post Project | 1 Localize My Post | 2018-11-23 | 5.0 MEDIUM | 7.5 HIGH |
| The Localize My Post plugin 1.0 for WordPress allows Directory Traversal via the ajax/include.php file parameter. | |||||
| CVE-2018-16968 | 1 Citrix | 1 Sharefile Storagezones Controller | 2018-11-23 | 3.5 LOW | 3.1 LOW |
| Citrix ShareFile StorageZones Controller before 5.4.2 allows Directory Traversal. | |||||
| CVE-2018-9074 | 1 Lenovo | 22 Iomega Ez Media \& Backup Center, Iomega Storcenter Ix2, Iomega Storcenter Ix2-dl and 19 more | 2018-11-20 | 6.8 MEDIUM | 6.5 MEDIUM |
| For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file upload functionality of the Content Explorer application is vulnerable to path traversal. As a result, users can upload files anywhere on the device's operating system as the root user. | |||||
| CVE-2018-17553 | 1 Naviwebs | 1 Navigate Cms | 2018-11-19 | 6.5 MEDIUM | 8.8 HIGH |
| An "Unrestricted Upload of File with Dangerous Type" issue with directory traversal in navigate_upload.php in Naviwebs Navigate CMS 2.8 allows authenticated attackers to achieve remote code execution via a POST request with engine=picnik and id=../../../navigate_info.php. | |||||
| CVE-2018-16819 | 1 Monstra | 1 Monstra | 2018-11-19 | 5.5 MEDIUM | 4.9 MEDIUM |
| admin/index.php in Monstra CMS 3.0.4 allows arbitrary file deletion via id=filesmanager&path=uploads/.......//./.......//./&delete_file= requests. | |||||
| CVE-2018-17125 | 1 Chshcms | 1 Cscms | 2018-11-19 | 6.4 MEDIUM | 7.5 HIGH |
| CScms 4.1 allows arbitrary directory deletion via a dir=..\\ substring to plugins\sys\admin\Plugins.php. | |||||
| CVE-2018-16549 | 1 Php File Browser Script Project | 1 Php File Browser Script | 2018-11-16 | 5.0 MEDIUM | 5.3 MEDIUM |
| HScripts PHP File Browser Script v1.0 allows Directory Traversal via the index.php path parameter. | |||||
| CVE-2018-16831 | 1 Smarty | 1 Smarty | 2018-11-16 | 7.1 HIGH | 5.9 MEDIUM |
| Smarty before 3.1.33-dev-4 allows attackers to bypass the trusted_dir protection mechanism via a file:./../ substring in an include statement. | |||||
| CVE-2011-4596 | 1 Openstack | 1 Nova | 2018-11-16 | 6.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in OpenStack Nova before 2011.3.1, when the EC2 API and the S3/RegisterImage image-registration method are enabled, allow remote authenticated users to overwrite arbitrary files via a crafted (1) tarball or (2) manifest. | |||||
| CVE-2018-16283 | 1 Wechat Brodcast Project | 1 Wechat Brodcast | 2018-11-14 | 7.5 HIGH | 9.8 CRITICAL |
| The Wechat Broadcast plugin 1.2.0 and earlier for WordPress allows Directory Traversal via the Image.php url parameter. | |||||
| CVE-2018-16344 | 1 Zzcms | 1 Zzcms | 2018-11-13 | 6.4 MEDIUM | 7.5 HIGH |
| An issue was discovered in zzcms 8.3. It allows remote attackers to delete arbitrary files via directory traversal sequences in the flv parameter. This can be leveraged for database access by deleting install.lock. | |||||
| CVE-2018-16820 | 1 Monstra | 1 Monstra | 2018-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| admin/index.php in Monstra CMS 3.0.4 allows arbitrary directory listing via id=filesmanager&path=uploads/.......//./.......//./ requests. | |||||
| CVE-2018-16141 | 1 Thinkcmf | 1 Thinkcmfx | 2018-11-06 | 5.5 MEDIUM | 6.5 MEDIUM |
| ThinkCMF X2.2.3 has an arbitrary file deletion vulnerability in do_avatar in \application\User\Controller\ProfileController.class.php via an imgurl parameter with a ..\ sequence. A member user can delete any file on a Windows server. | |||||
| CVE-2018-0646 | 1 Ponsoftware | 1 Explzh | 2018-11-06 | 6.8 MEDIUM | 7.8 HIGH |
| Directory traversal vulnerability in Explzh v.7.58 and earlier allows an attacker to read arbitrary files via unspecified vectors. | |||||
| CVE-2018-15810 | 1 Visiology | 1 Flipbox | 2018-11-05 | 5.0 MEDIUM | 7.5 HIGH |
| Visiology Flipbox Software Suite before 2.7.0 allows directory traversal via %5c%2e%2e%2f because it does not sanitize filename parameters. | |||||
| CVE-2018-16437 | 1 Gxlcms | 1 Gxlcms | 2018-11-05 | 4.0 MEDIUM | 4.9 MEDIUM |
| Gxlcms 2.0 before bug fix 20180915 has Directory Traversal exploitable by an administrator. | |||||
| CVE-2018-16320 | 1 Idreamsoft | 1 Icms | 2018-11-02 | 6.5 MEDIUM | 7.2 HIGH |
| idreamsoft iCMS 7.0.11 allows admincp.php?app=config Directory Traversal, resulting in execution of arbitrary PHP code from a ZIP file. | |||||
| CVE-2018-15536 | 1 Tecrail | 1 Responsive Filemanager | 2018-11-01 | 5.8 MEDIUM | 5.5 MEDIUM |
| /filemanager/ajax_calls.php in tecrail Responsive FileManager before 9.13.4 does not properly validate file paths in archives, allowing for the extraction of crafted archives to overwrite arbitrary files via an extract action, aka Directory Traversal. | |||||
| CVE-2008-4067 | 4 Canonical, Debian, Linux and 1 more | 6 Ubuntu Linux, Debian Linux, Linux Kernel and 3 more | 2018-11-01 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 on Linux allows remote attackers to read arbitrary files via a .. (dot dot) and URL-encoded / (slash) characters in a resource: URI. | |||||
| CVE-2008-4068 | 3 Canonical, Debian, Mozilla | 5 Ubuntu Linux, Debian Linux, Firefox and 2 more | 2018-11-01 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass "restrictions imposed on local HTML files," and obtain sensitive information and prompt users to write this information into a file, via directory traversal sequences in a resource: URI. | |||||