Search
Total
502 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-0426 | 1 Cisco | 6 Rv110w Firmware, Rv110w Wireless-n Vpn Firewall, Rv130w and 3 more | 2019-10-09 | 5.0 MEDIUM | 9.8 CRITICAL |
| A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of directory traversal character sequences within the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to the targeted device. A successful exploit could allow the attacker to gain access to arbitrary files on the affected device, resulting in the disclosure of sensitive information. | |||||
| CVE-2018-10589 | 1 Advantech | 4 Webaccess, Webaccess\/nms, Webaccess Dashboard and 1 more | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a path transversal vulnerability has been identified, which may allow an attacker to execute arbitrary code. | |||||
| CVE-2018-0258 | 1 Cisco | 2 Prime Data Center Network Manager, Prime Infrastructure | 2019-10-09 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability in the Cisco Prime File Upload servlet affecting multiple Cisco products could allow a remote attacker to upload arbitrary files to any directory of a vulnerable device (aka Path Traversal) and execute those files. This vulnerability affects the following products: Cisco Prime Data Center Network Manager (DCNM) Version 10.0 and later, and Cisco Prime Infrastructure (PI) All versions. Cisco Bug IDs: CSCvf32411, CSCvf81727. | |||||
| CVE-2017-9664 | 1 Abb | 4 Srea-01, Srea-01 Firmware, Srea-50 and 1 more | 2019-10-09 | 5.0 MEDIUM | 9.8 CRITICAL |
| In ABB SREA-01 revisions A, B, C: application versions up to 3.31.5, and SREA-50 revision A: application versions up to 3.32.8, an attacker may access internal files of ABB SREA-01 and SREA-50 legacy remote monitoring tools without any authorization over the network using a HTTP request which refers to files using ../../ relative paths. Once the internal password file is retrieved, the password hash can be identified using a brute force attack. There is also an exploit allowing running of commands after authorization. | |||||
| CVE-2017-16720 | 1 Advantech | 1 Webaccess | 2019-10-09 | 10.0 HIGH | 9.8 CRITICAL |
| A Path Traversal issue was discovered in WebAccess versions 8.3.2 and earlier. An attacker has access to files within the directory structure of the target device. | |||||
| CVE-2017-5219 | 1 Sagecrm | 1 Sagecrm | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in SageCRM 7.x before 7.3 SP3. The Component Manager functionality, provided by SageCRM, permits additional components to be added to the application to enhance provided functionality. This functionality allows a zip file to be uploaded, containing a valid .ecf component file, which will be extracted to the inf directory outside of the webroot. By creating a zip file containing an empty .ecf file, to pass file-validation checks, any other file provided in zip file will be extracted onto the filesystem. In this case, a web shell with the filename '..\WWWRoot\CustomPages\aspshell.asp' was included within the zip file that, when extracted, traversed back out of the inf directory and into the SageCRM webroot. This permitted remote interaction with the underlying filesystem with the highest privilege level, SYSTEM. | |||||
| CVE-2017-11589 | 1 Cisco | 2 Residential Gateway, Residential Gateway Firmware | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00.00.03.45.4E and DDR2201v1 ADSL2+ Residential Gateway DDR2201v1-NA-AnnexA-FCC-V00.00.03.28.3 devices, there is no access control for info.html, wancfg.cmd, rtroutecfg.cmd, arpview.cmd, cpuview.cmd, memoryview.cmd, statswan.cmd, statsatm.cmd, scsrvcntr.cmd, scacccntr.cmd, logview.cmd, voicesipview.cmd, usbview.cmd, wlmacflt.cmd, wlwds.cmd, wlstationlist.cmd, HPNAShow.cmd, HPNAView.cmd, qoscls.cmd, qosqueue.cmd, portmap.cmd, scmacflt.cmd, scinflt.cmd, scoutflt.cmd, certlocal.cmd, or certca.cmd. | |||||
| CVE-2018-10824 | 1 D-link | 16 Dir-140l, Dir-140l Firmware, Dir-640l and 13 more | 2019-10-03 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered on D-Link DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices. The administrative password is stored in plaintext in the /tmp/csman/0 file. An attacker having a directory traversal (or LFI) can easily get full router access. | |||||
| CVE-2017-5539 | 1 B2evolution | 1 B2evolution | 2019-10-03 | 9.0 HIGH | 9.1 CRITICAL |
| The patch for directory traversal (CVE-2017-5480) in b2evolution version 6.8.4-stable has a bypass vulnerability. An attacker can use ..\/ to bypass the filter rule. Then, this attacker can exploit this vulnerability to delete or read any files on the server. It can also be used to determine whether a file exists. | |||||
| CVE-2019-16868 | 1 Emlog | 1 Emlog | 2019-09-26 | 7.5 HIGH | 9.8 CRITICAL |
| emlog through 6.0.0beta has an arbitrary file deletion vulnerability via an admin/data.php?action=dell_all_bak request with directory traversal sequences in the bak[] parameter. | |||||
| CVE-2019-14914 | 1 Prise | 1 Adas | 2019-09-23 | 7.5 HIGH | 9.1 CRITICAL |
| An issue was discovered in PRiSE adAS 1.7.0. The path is not properly escaped in the medatadata_del method, leading to an arbitrary file read and deletion via Directory Traversal. | |||||
| CVE-2019-15822 | 1 Wpserveur | 1 Wps Child Theme Generator | 2019-09-03 | 7.5 HIGH | 9.8 CRITICAL |
| The wps-child-theme-generator plugin before 1.2 for WordPress has classes/helpers.php directory traversal. | |||||
| CVE-2019-9852 | 3 Debian, Fedoraproject, Libreoffice | 3 Debian Linux, Fedora, Libreoffice | 2019-09-03 | 7.5 HIGH | 9.8 CRITICAL |
| LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice install. Protection was added, to address CVE-2018-16858, to avoid a directory traversal attack where scripts in arbitrary locations on the file system could be executed. However this new protection could be bypassed by a URL encoding attack. In the fixed versions, the parsed url describing the script location is correctly encoded before further processing. This issue affects: Document Foundation LibreOffice versions prior to 6.2.6. | |||||
| CVE-2019-15519 | 1 Power-response Project | 1 Power-response | 2019-08-30 | 10.0 HIGH | 9.8 CRITICAL |
| Power-Response before 2019-02-02 allows directory traversal (up to the application's main directory) via a plugin. | |||||
| CVE-2017-18586 | 1 Insert Pages Project | 1 Insert Pages | 2019-08-29 | 6.4 MEDIUM | 9.1 CRITICAL |
| The insert-pages plugin before 3.2.4 for WordPress has directory traversal via custom template paths. | |||||
| CVE-2014-10390 | 1 Wpsupportplus | 1 Wp Support Plus Responsive Ticket System | 2019-08-29 | 6.4 MEDIUM | 9.1 CRITICAL |
| The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has directory traversal. | |||||
| CVE-2019-12479 | 1 Twentytwenty.storage Project | 1 Twentytwenty.storage | 2019-08-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in 20|20 Storage 2.11.0. A Path Traversal vulnerability in the TwentyTwenty.Storage library in the LocalStorageProvider allows creating and reading files outside of the specified basepath. If the application using this library does not sanitize user-supplied filenames, then this issue may be exploited to read or write arbitrary files. This affects LocalStorageProvider.cs. | |||||
| CVE-2019-13635 | 1 Wpfastestcache | 1 Wp Fastest Cache | 2019-08-13 | 6.4 MEDIUM | 9.1 CRITICAL |
| The WP Fastest Cache plugin through 0.8.9.5 for WordPress allows wpFastestCache.php and inc/cache.php Directory Traversal. | |||||
| CVE-2016-6795 | 1 Apache | 1 Struts | 2019-08-12 | 7.5 HIGH | 9.8 CRITICAL |
| In the Convention plugin in Apache Struts 2.3.x before 2.3.31, and 2.5.x before 2.5.5, it is possible to prepare a special URL which will be used for path traversal and execution of arbitrary code on server side. | |||||
| CVE-2018-16858 | 1 Libreoffice | 1 Libreoffice | 2019-08-06 | 7.5 HIGH | 9.8 CRITICAL |
| It was found that libreoffice before versions 6.0.7 and 6.1.3 was vulnerable to a directory traversal attack which could be used to execute arbitrary macros bundled with a document. An attacker could craft a document, which when opened by LibreOffice, would execute a Python method from a script in any arbitrary file system location, specified relative to the LibreOffice install location. | |||||
| CVE-2018-8780 | 3 Canonical, Debian, Ruby-lang | 3 Ubuntu Linux, Debian Linux, Ruby | 2019-07-21 | 7.5 HIGH | 9.1 CRITICAL |
| In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.empty? methods do not check NULL characters. When using the corresponding method, unintentional directory traversal may be performed. | |||||
| CVE-2019-12990 | 1 Citrix | 2 Netscaler Sd-wan, Sd-wan | 2019-07-17 | 10.0 HIGH | 9.8 CRITICAL |
| Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow Directory Traversal. | |||||
| CVE-2019-7253 | 1 Nortekcontrol | 4 Linear Emerge Elite, Linear Emerge Elite Firmware, Linear Emerge Essential and 1 more | 2019-07-03 | 7.5 HIGH | 9.8 CRITICAL |
| Linear eMerge E3-Series devices allow Directory Traversal. | |||||
| CVE-2019-6714 | 1 Blogengine | 1 Blogengine.net | 2019-06-18 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in BlogEngine.NET through 3.3.6.0. A path traversal and Local File Inclusion vulnerability in PostList.ascx.cs can cause unauthenticated users to load a PostView.ascx component from a potentially untrusted location on the local filesystem. This is especially dangerous if an authenticated user uploads a PostView.ascx file using the file manager utility, which is currently allowed. This results in remote code execution for an authenticated user. | |||||
| CVE-2019-12146 | 1 Ipswitch | 1 Ws Ftp Server | 2019-06-12 | 6.4 MEDIUM | 9.1 CRITICAL |
| A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. Attackers have the ability to abuse a flaw in the SCP listener by crafting strings using specific patterns to write files and create directories outside of their authorized directory. | |||||
| CVE-2019-12144 | 1 Ipswitch | 1 Ws Ftp Server | 2019-06-12 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. Attackers have the ability to abuse a path traversal vulnerability using the SCP protocol. Attackers who leverage this flaw could also obtain remote code execution by crafting a payload that abuses the SITE command feature. | |||||
| CVE-2019-8385 | 1 Thomsonreuters | 2 Concourse Matter Room, Firm Central Desktop | 2019-06-06 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Thomson Reuters Desktop Extensions 1.9.0.358. An unauthenticated directory traversal and local file inclusion vulnerability in the ThomsonReuters.Desktop.Service.exe and ThomsonReuters.Desktop.exe allows a remote attacker to list or enumerate sensitive contents of files via a \.. to port 6677. Additionally, this could allow for privilege escalation by dumping the affected machine's SAM and SYSTEM database files, as well as remote code execution. | |||||
| CVE-2019-5356 | 1 Hp | 1 Intelligent Management Center | 2019-06-06 | 10.0 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | |||||
| CVE-2019-12310 | 1 Exagrid | 2 Backup Appliance, Backup Appliance Firmware | 2019-06-04 | 5.0 MEDIUM | 9.8 CRITICAL |
| ExaGrid appliances with firmware version v4.8.1.1044.P50 have a /monitor/data/Upgrade/ directory traversal vulnerability, which allows remote attackers to view and retrieve verbose logging information. Files within this directory were observed to contain sensitive run-time information, including Base64 encoded 'support' credentials, leading to administrative access of the device. | |||||
| CVE-2019-3397 | 1 Atlassian | 1 Bitbucket | 2019-06-03 | 9.0 HIGH | 9.1 CRITICAL |
| Atlassian Bitbucket Data Center licensed instances starting with version 5.13.0 before 5.13.6 (the fixed version for 5.13.x), from 5.14.0 before 5.14.4 (fixed version for 5.14.x), from 5.15.0 before 5.15.3 (fixed version for 5.15.x), from 5.16.0 before 5.16.3 (fixed version for 5.16.x), from 6.0.0 before 6.0.3 (fixed version for 6.0.x), and from 6.1.0 before 6.1.2 (the fixed version for 6.1.x) allow remote attackers who have admin permissions to achieve remote code execution on a Bitbucket server instance via path traversal through the Data Center migration tool. | |||||
| CVE-2019-9106 | 1 Saet | 3 Tebe Small, Tebe Small Firmware, Webapp | 2019-06-03 | 7.5 HIGH | 9.8 CRITICAL |
| The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Small 05.01 build 1137 devices allows remote attackers to execute or include local .php files, as demonstrated by menu=php://filter/convert.base64-encode/resource=index.php to read index.php. | |||||
| CVE-2016-10759 | 1 Precurio | 1 Precurio | 2019-05-30 | 7.5 HIGH | 9.8 CRITICAL |
| The Xinha plugin in Precurio 2.1 allows Directory Traversal, with resultant arbitrary code execution, via ExtendedFileManager/Classes/ExtendedFileManager.php because ExtendedFileManager can be used to rename the .htaccess file that blocks .php uploads. | |||||
| CVE-2019-7106 | 2 Adobe, Apple | 2 Xd, Mac Os X | 2019-05-24 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe XD versions 16.0 and earlier have a path traversal vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2019-7105 | 2 Adobe, Apple | 2 Xd, Mac Os X | 2019-05-24 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe XD versions 16.0 and earlier have a path traversal vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2015-9287 | 1 Cam | 1 The University Of Cambridge Web Authentication System Apache Authentication Agent | 2019-05-20 | 5.0 MEDIUM | 9.8 CRITICAL |
| Directory Traversal was discovered in University of Cambridge mod_ucam_webauth before 2.0.2. The key identification field ("kid") of the IdP's HTTP response message ("WLS-Response") can be manipulated by an attacker. The "kid" field is not signed like the rest of the message, and manipulation is therefore trivial. The "kid" field should only ever represent an integer. However, it is possible to provide any string value. An attacker could use this to their advantage to force the application agent to load the RSA public key required for message integrity checking from an unintended location. | |||||
| CVE-2018-6885 | 1 Microstrategy | 1 Web Services | 2019-05-17 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered in MicroStrategy Web Services (the Microsoft Office plugin) before 10.4 Hotfix 7, and before 10.11. The vulnerability is unauthenticated and leads to access to the asset files with the MicroStrategy user privileges. (This includes the credentials to access the admin dashboard which may lead to RCE.) The path traversal is located in a SOAP request in the web service component. | |||||
| CVE-2012-6652 | 1 Page Flip Book Project | 1 Page Flip Book | 2019-05-13 | 7.5 HIGH | 9.8 CRITICAL |
| Directory traversal vulnerability in pageflipbook.php script from index.php in Page Flip Book plugin for WordPress (wppageflip) allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pageflipbook_language parameter. | |||||
| CVE-2017-17108 | 1 Konakart | 1 Konakart | 2019-05-10 | 7.5 HIGH | 9.8 CRITICAL |
| Path traversal vulnerability in the administrative panel in KonaKart eCommerce Platform version 8.7 and earlier could allow an attacker to download system files, as well as upload specially crafted JSP files and in turn gain access to the server. | |||||
| CVE-2019-4178 | 1 Ibm | 1 Cognos Analytics | 2019-05-09 | 6.4 MEDIUM | 9.1 CRITICAL |
| IBM Cognos Analytics 11 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to write or view arbitrary files on the system. IBM X-Force ID: 158919. | |||||
| CVE-2015-7669 | 1 Easy2map | 1 Easy2map | 2019-05-07 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple directory traversal vulnerabilities in (1) includes/MapImportCSV2.php and (2) includes/MapImportCSV.php in the Easy2Map plugin before 1.3.0 for WordPress allow remote attackers to include and execute arbitrary files via the csvfile parameter related to "upload file functionality." | |||||
| CVE-2015-8352 | 1 Zen-cart | 1 Zen Cart | 2019-05-03 | 10.0 HIGH | 9.8 CRITICAL |
| Directory traversal vulnerability in Zen Cart 1.5.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the act parameter to ajax.php. | |||||
| CVE-2018-16716 | 1 Nih | 1 Ncbi Toolbox | 2019-05-03 | 7.5 HIGH | 9.1 CRITICAL |
| A path traversal vulnerability exists in viewcgi.c in the 2.0.7 through 2.2.26 legacy versions of the NCBI ToolBox, which may result in reading of arbitrary files (i.e., significant information disclosure) or file deletion via the nph-viewgif.cgi query string. | |||||
| CVE-2019-10945 | 1 Joomla | 1 Joomla\! | 2019-04-17 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Joomla! before 3.9.5. The Media Manager component does not properly sanitize the folder parameter, allowing attackers to act outside the media manager root directory. | |||||
| CVE-2018-19586 | 1 Silverpeas | 1 Silverpeas | 2019-04-11 | 9.0 HIGH | 9.9 CRITICAL |
| Silverpeas 5.15 through 6.0.2 is affected by an authenticated Directory Traversal vulnerability that can be triggered during file uploads because core/webapi/upload/FileUploadData.java mishandles a StringUtil.java call. This vulnerability enables regular users to write arbitrary files on the underlying system with privileges of the user running the application. Especially, an attacker may leverage the vulnerability to write an executable JSP file in an exposed web directory to execute commands on the underlying system. | |||||
| CVE-2018-14847 | 1 Mikrotik | 1 Routeros | 2019-03-07 | 6.4 MEDIUM | 9.1 CRITICAL |
| MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface. | |||||
| CVE-2018-5337 | 1 Zohocorp | 1 Manageengine Desktop Central | 2019-03-05 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: directory traversal in the SCRIPT_NAME field when modifying existing scripts. | |||||
| CVE-2019-9015 | 1 Mopcms | 1 Mopcms | 2019-02-22 | 6.4 MEDIUM | 9.1 CRITICAL |
| A Path Traversal vulnerability was discovered in MOPCMS through 2018-11-30, leading to deletion of unexpected critical files. The exploitation point is in the "column management" function. The path added to the column is not verified. When a column is deleted by an attacker, the corresponding directory is deleted, as demonstrated by ./ to delete the entire web site. | |||||
| CVE-2019-7678 | 1 Enphase | 1 Envoy | 2019-02-12 | 7.5 HIGH | 9.8 CRITICAL |
| A directory traversal vulnerability was discovered in Enphase Envoy R3.*.* via images/, include/, include/js, or include/css on TCP port 8888. | |||||
| CVE-2019-7234 | 1 Idreamsoft | 1 Icms | 2019-02-05 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in idreamsoft iCMS 7.0.13. admincp.php?app=apps&do=save allows directory traversal via _app=/../ to begin the process of creating a ZIP archive file with the complete contents of any directory because of an apps.admincp.php error. This ZIP archive file can then be downloaded via an admincp.php?app=apps&do=pack request. | |||||
| CVE-2019-7160 | 1 Idreamsoft | 1 Icms | 2019-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| idreamsoft iCMS 7.0.13 allows admincp.php?app=files ../ Directory Traversal via the udir parameter to files.admincp.php, resulting in execution of arbitrary PHP code from a ZIP file via the admincp.php?app=apps zipfile parameter to apps.admincp.php. | |||||