Search
Total
1401 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-16774 | 1 Hongcms Project | 1 Hongcms | 2018-09-24 | 6.4 MEDIUM | 7.5 HIGH |
| HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/language/ajax?action=delete. | |||||
| CVE-2018-10860 | 3 Canonical, Debian, Perl-archive-zip Project | 3 Ubuntu Linux, Debian Linux, Perl-archive-zip | 2018-09-23 | 6.4 MEDIUM | 7.5 HIGH |
| perl-archive-zip is vulnerable to a directory traversal in Archive::Zip. It was found that the Archive::Zip module did not properly sanitize paths while extracting zip files. An attacker able to provide a specially crafted archive for processing could use this flaw to write or overwrite arbitrary files in the context of the perl interpreter. | |||||
| CVE-2018-0617 | 1 Chama | 1 Memocgi | 2018-09-20 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in ChamaNet MemoCGI v2.1800 to v2.2200 allows remote attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2018-14371 | 1 Eclipse | 1 Mojarra | 2018-09-17 | 5.0 MEDIUM | 7.5 HIGH |
| The getLocalePrefix function in ResourceManager.java in Eclipse Mojarra before 2.3.7 is affected by Directory Traversal via the loc parameter. A remote attacker can download configuration files or Java bytecodes from applications. | |||||
| CVE-2018-11543 | 1 Ribboncommunications | 6 Sbc Swe Lite, Sbc Swe Lite Firmware, Sonus Sbc 1000 and 3 more | 2018-09-12 | 5.0 MEDIUM | 7.5 HIGH |
| A Local File Inclusion (LFI) vulnerability in the Sonus SBC 1000 / SBC 2000 / SBC SWe Lite web interface allows for the downloading of arbitrary files via an unspecified vector. It affects the 1000 and 2000 devices 6.0.x up to Build 446, 6.1.x up to Build 492, and 7.0.x up to Build 485. It affects the SWe Lite devices 6.1.x up to Build 111 and 7.0.x up to Build 140. | |||||
| CVE-2018-1000623 | 1 Jfrog | 1 Artifactory | 2018-09-11 | 6.5 MEDIUM | 7.2 HIGH |
| JFrog JFrog Artifactory version Prior to version 6.0.3, since version 4.0.0 contains a Directory Traversal vulnerability in The "Import Repository from Zip" feature, available through the Admin menu -> Import & Export -> Repositories, triggers a vulnerable UI REST endpoint (/ui/artifactimport/upload) that can result in Directory traversal / file overwrite and remote code execution. This attack appear to be exploitable via An attacker with Admin privileges may use the aforementioned UI endpoint and exploit the publicly known "Zip Slip" vulnerability, to add/overwrite files outside the target directory. This vulnerability appears to have been fixed in 6.0.3. | |||||
| CVE-2018-6830 | 1 Foscam | 64 C1, C1 Firmware, C1 Lite and 61 more | 2018-09-10 | 6.4 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in Foscam Cameras C1 Lite V3, and C1 V3 with firmware 2.82.2.33 and earlier, FI9800P V3, FI9803P V4, FI9851P V3, and FI9853EP V2 2.84.2.33 and earlier, FI9816P V3, FI9821EP V2, FI9821P V3, FI9826P V3, and FI9831P V3 2.81.2.33 and earlier, C1, C1 V2, C1 Lite, and C1 Lite V2 2.52.2.47 and earlier, FI9800P, FI9800P V2, FI9803P V2, FI9803P V3, and FI9851P V2 2.54.2.47 and earlier, FI9815P, FI9815P V2, FI9816P, and FI9816P V2, 2.51.2.47 and earlier, R2 and R4 2.71.1.59 and earlier, C2 and FI9961EP 2.72.1.59 and earlier, FI9900EP, FI9900P, and FI9901EP 2.74.1.59 and earlier, FI9928P 2.74.1.58 and earlier, FI9803EP and FI9853EP 2.22.2.31 and earlier, FI9803P and FI9851P 2.24.2.31 and earlier, FI9821P V2, FI9826P V2, FI9831P V2, and FI9821EP 2.21.2.31 and earlier, FI9821W V2, FI9831W, FI9826W, FI9821P, FI9831P, and FI9826P 2.11.1.120 and earlier, FI9818W V2 2.13.2.120 and earlier, FI9805W, FI9804W, FI9804P, FI9805E, and FI9805P 2.14.1.120 and earlier, FI9828P, and FI9828W 2.13.1.120 and earlier, and FI9828P V2 2.11.1.133 and earlier allows remote attackers to delete arbitrary files via a .. (dot dot) in the URI path component. | |||||
| CVE-2018-1000208 | 1 Modx | 1 Modx Revolution | 2018-09-07 | 6.4 MEDIUM | 7.5 HIGH |
| MODX Revolution version <=2.6.4 contains a Directory Traversal vulnerability in /core/model/modx/modmanagerrequest.class.php that can result in remove files. This attack appear to be exploitable via web request via security/login processor. This vulnerability appears to have been fixed in pull 13980. | |||||
| CVE-2016-10726 | 1 Duraspace | 1 Dspace | 2018-09-06 | 5.0 MEDIUM | 7.5 HIGH |
| The XMLUI feature in DSpace before 3.6, 4.x before 4.5, and 5.x before 5.5 allows directory traversal via the themes/ path in an attack with two or more arbitrary characters and a colon before a pathname, as demonstrated by a themes/Reference/aa:etc/passwd URI. | |||||
| CVE-2013-3001 | 1 Ibm | 1 Infosphere Data Replication Dashboard | 2018-08-29 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in IBM InfoSphere Data Replication Dashboard 9.7 and 10.1 allows remote attackers to read arbitrary files via unspecified vectors. IBM X-Force ID: 84127. | |||||
| CVE-2018-7771 | 1 Schneider-electric | 1 U.motion Builder | 2018-08-28 | 6.0 MEDIUM | 8.0 HIGH |
| The vulnerability exists within processing of editscript.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. A directory traversal vulnerability allows a caller with standard user privileges to write arbitrary php files anywhere in the web service directory tree. | |||||
| CVE-2018-10956 | 3 Ipconfigure, Linux, Microsoft | 3 Orchid Core Vms, Linux Kernel, Windows | 2018-08-27 | 5.0 MEDIUM | 7.5 HIGH |
| IPConfigure Orchid Core VMS 2.0.5 allows Directory Traversal. | |||||
| CVE-2018-12909 | 1 Webgrind Project | 1 Webgrind | 2018-08-24 | 7.8 HIGH | 7.5 HIGH |
| ** DISPUTED ** Webgrind 1.5 relies on user input to display a file, which lets anyone view files from the local filesystem (that the webserver user has access to) via an index.php?op=fileviewer&file= URI. NOTE: the vendor indicates that the product is not intended for a "publicly accessible environment." | |||||
| CVE-2018-7669 | 1 Sitecore | 1 Sitecore.net | 2018-08-11 | 7.8 HIGH | 7.5 HIGH |
| An issue was discovered in Sitecore Sitecore.NET 8.1 rev. 151207 Hotfix 141178-1 and above. The 'Log Viewer' application is vulnerable to a directory traversal attack, allowing an attacker to access arbitrary files from the host Operating System using a sitecore/shell/default.aspx?xmlcontrol=LogViewerDetails&file= URI. Validation is performed to ensure that the text passed to the 'file' parameter correlates to the correct log file directory. This filter can be bypassed by including a valid log filename and then appending a traditional 'dot dot' style attack. | |||||
| CVE-2018-12559 | 1 Cantata Project | 1 Cantata | 2018-08-10 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. The mount target path check in mounter.cpp `mpOk()` is insufficient. A regular user can consequently mount a CIFS filesystem anywhere (e.g., outside of the /home directory tree) by passing directory traversal sequences such as a home/../usr substring. | |||||
| CVE-2018-12631 | 1 Redatam | 1 Redatam | 2018-08-10 | 5.0 MEDIUM | 7.5 HIGH |
| Redatam7 (formerly Redatam WebServer) allows remote attackers to read arbitrary files via /redbin/rpwebutilities.exe/text?LFN=../ directory traversal. | |||||
| CVE-2018-8727 | 1 Mirasys | 1 Dvms Workstation | 2018-08-09 | 5.0 MEDIUM | 7.5 HIGH |
| Path Traversal in Gateway in Mirasys DVMS Workstation 5.12.6 and earlier allows an attacker to traverse the file system to access files or directories via the Web Client webserver. | |||||
| CVE-2018-12036 | 1 Owasp | 1 Dependency-check | 2018-07-27 | 6.8 MEDIUM | 7.8 HIGH |
| OWASP Dependency-Check before 3.2.0 allows attackers to write to arbitrary files via a crafted archive that holds directory traversal filenames. | |||||
| CVE-2017-16038 | 1 F2e-server Project | 1 F2e-server | 2018-07-19 | 5.0 MEDIUM | 7.5 HIGH |
| `f2e-server` 1.12.11 and earlier is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. This is compounded by `f2e-server` requiring elevated privileges to run. | |||||
| CVE-2017-16198 | 1 Ritp Project | 1 Ritp | 2018-07-19 | 5.0 MEDIUM | 7.5 HIGH |
| ritp is a static web server. ritp is vulnerable to a directory traversal issue whereby an attacker can gain access to the file system by placing ../ in the URL. Access is restricted to files with a file extension, so files such as /etc/passwd are not accessible. | |||||
| CVE-2016-9878 | 1 Pivotal Software | 1 Spring Framework | 2018-07-19 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks. | |||||
| CVE-2018-12042 | 1 Roxyfileman | 1 Roxy Fileman | 2018-07-17 | 5.0 MEDIUM | 7.5 HIGH |
| Roxy Fileman through v1.4.5 has Directory traversal via the php/download.php f parameter. | |||||
| CVE-2018-12053 | 1 Schools Alert Management Script Project | 1 Schools Alert Management Script | 2018-07-17 | 6.4 MEDIUM | 7.5 HIGH |
| Arbitrary File Deletion exists in PHP Scripts Mall Schools Alert Management Script via the img parameter in delete_img.php by using directory traversal. | |||||
| CVE-2018-12054 | 1 Schools Alert Management Script Project | 1 Schools Alert Management Script | 2018-07-17 | 5.0 MEDIUM | 7.5 HIGH |
| Arbitrary File Read exists in PHP Scripts Mall Schools Alert Management Script via the f parameter in img.php, aka absolute path traversal. | |||||
| CVE-2018-11494 | 1 Opencart | 1 Opencart | 2018-06-29 | 6.0 MEDIUM | 8.0 HIGH |
| The "program extension upload" feature in OpenCart through 3.0.2.0 has a six-step process (upload, install, unzip, move, xml, remove) that allows attackers to execute arbitrary code if the remove step is skipped, because the attacker can discover a secret temporary directory name (containing 10 random digits) via a directory traversal attack involving language_info['code']. | |||||
| CVE-2018-10357 | 1 Trendmicro | 1 Endpoint Application Control | 2018-06-26 | 9.0 HIGH | 8.8 HIGH |
| A directory traversal vulnerability in Trend Micro Endpoint Application Control 2.0 could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw in the FileDrop servlet. Authentication is required to exploit this vulnerability. | |||||
| CVE-2018-7933 | 1 Huawei | 4 Hirouter-cd20, Hirouter-cd20 Firmware, Ws5200 and 1 more | 2018-06-13 | 6.8 MEDIUM | 7.8 HIGH |
| Huawei home gateway products HiRouter-CD20 and WS5200 with the versions before HiRouter-CD20-10 1.9.6 and the versions before WS5200-10 1.9.6 have a path traversal vulnerability. Due to the lack of validation while these home gateway products install APK plugins, an attacker tricks a user into installing a malicious APK plugin, and plugin can overwrite arbitrary file of devices. Successful exploit may result in arbitrary code execution or privilege escalation. | |||||
| CVE-2015-1503 | 1 Icewarp | 1 Mail Server | 2018-06-12 | 7.8 HIGH | 7.5 HIGH |
| Multiple directory traversal vulnerabilities in IceWarp Mail Server before 11.2 allow remote attackers to read arbitrary files via a (1) .. (dot dot) in the file parameter to a webmail/client/skins/default/css/css.php page or .../. (dot dot dot slash dot) in the (2) script or (3) style parameter to webmail/old/calendar/minimizer/index.php. | |||||
| CVE-2017-18263 | 1 Seagate | 2 Personal Cloud, Personal Cloud Firmware | 2018-06-05 | 5.0 MEDIUM | 7.5 HIGH |
| Seagate Media Server in Seagate Personal Cloud before 4.3.18.4 has directory traversal in getPhotoPlaylistPhotos.psp via a parameter named url. | |||||
| CVE-2018-10122 | 1 Chanzhi | 1 Chanzhi | 2018-05-23 | 5.0 MEDIUM | 7.5 HIGH |
| QingDao Nature Easy Soft Chanzhi Enterprise Portal System (aka chanzhieps) pro1.6 allows remote attackers to read arbitrary files via directory traversal sequences in the pathname parameter to www/file.php. | |||||
| CVE-2018-9118 | 1 99robots | 1 Wp Background Takeover Advertisements | 2018-05-22 | 5.0 MEDIUM | 7.5 HIGH |
| exports/download.php in the 99 Robots WP Background Takeover Advertisements plugin before 4.1.5 for WordPress has Directory Traversal via a .. in the filename parameter. | |||||
| CVE-2014-2069 | 1 Eshtery.she7ata | 1 Eshtery Cms | 2018-05-21 | 5.0 MEDIUM | 7.5 HIGH |
| Absolute path traversal vulnerability in Eshtery CMS allows remote attackers to read arbitrary files via a full pathname in the file parameter to FileManager.aspx. | |||||
| CVE-2018-9205 | 1 Drupal | 1 Avatar Uploader | 2018-05-21 | 5.0 MEDIUM | 7.5 HIGH |
| Vulnerability in avatar_uploader v7.x-1.0-beta8 , The code in view.php doesn't verify users or sanitize the file path. | |||||
| CVE-2015-8235 | 1 Call-cc | 1 Spiffy | 2018-05-18 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in Spiffy before 5.4. | |||||
| CVE-2018-9851 | 1 Gxlcms | 1 Gxlcms Qy | 2018-05-17 | 5.0 MEDIUM | 7.5 HIGH |
| In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\TplAction.class.php allows remote attackers to read any file via a modified pathname in an Admin-Tpl request, as demonstrated by use of '|' instead of '/' as a directory separator, in conjunction with a ".." sequence. | |||||
| CVE-2017-3163 | 1 Apache | 1 Solr | 2018-05-17 | 5.0 MEDIUM | 7.5 HIGH |
| When using the Index Replication feature, Apache Solr nodes can pull index files from a master/leader node using an HTTP API which accepts a file name. However, Solr before 5.5.4 and 6.x before 6.4.1 did not validate the file name, hence it was possible to craft a special request involving path traversal, leaving any file readable to the Solr server process exposed. Solr servers protected and restricted by firewall rules and/or authentication would not be at risk since only trusted clients and users would gain direct HTTP access. | |||||
| CVE-2018-10201 | 1 Ncomputing | 1 Vspace Pro | 2018-05-16 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in NcMonitorServer.exe in NC Monitor Server in NComputing vSpace Pro 10 and 11. It is possible to read arbitrary files outside the root directory of the web server. This vulnerability could be exploited remotely by a crafted URL without credentials, with .../ or ...\ or ..../ or ....\ as a directory-traversal pattern to TCP port 8667. | |||||
| CVE-2018-9850 | 1 Gxlcms | 1 Gxlcms Qy | 2018-05-14 | 6.4 MEDIUM | 7.5 HIGH |
| In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\DataAction.class.php allows remote attackers to delete any file via directory traversal sequences in the id parameter of an Admin-Data-del request. | |||||
| CVE-2018-9331 | 1 Zzcms | 1 Zzcms | 2018-05-10 | 6.4 MEDIUM | 7.5 HIGH |
| An issue was discovered in zzcms 8.2. user/adv.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter. This can be leveraged for database access by deleting install.lock. | |||||
| CVE-2016-8207 | 1 Brocade | 1 Network Advisor | 2018-05-10 | 5.0 MEDIUM | 7.5 HIGH |
| A Directory Traversal vulnerability in CliMonitorReportServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to read arbitrary files including files with sensitive user information. | |||||
| CVE-2016-8206 | 1 Brocade | 1 Network Advisor | 2018-05-10 | 6.4 MEDIUM | 7.5 HIGH |
| A Directory Traversal vulnerability in servlet SoftwareImageUpload in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to write to arbitrary files, and consequently delete the files. | |||||
| CVE-2018-8909 | 1 Wire | 1 Wire | 2018-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| The Wire application before 2018-03-07 for Android allows attackers to write to pathnames outside of the downloads directory via a ../ in a filename of a received file, related to AssetService.scala. | |||||
| CVE-2018-7171 | 1 Lynxtechnology | 1 Twonky Server | 2018-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in Twonky Server 7.0.11 through 8.5 allows remote attackers to share the contents of arbitrary directories via a .. (dot dot) in the contentbase parameter to rpc/set_all. | |||||
| CVE-2018-1211 | 1 Dell | 2 Emc Idrac7, Emc Idrac8 | 2018-04-19 | 5.0 MEDIUM | 7.5 HIGH |
| Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain a path traversal vulnerability in its Web server's URI parser which could be used to obtain specific sensitive data without authentication. A remote unauthenticated attacker may be able to read configuration settings from the iDRAC by querying specific URI strings. | |||||
| CVE-2014-2674 | 1 Ajax-pagination Project | 1 Ajax-pagination | 2018-04-18 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in the Ajax Pagination (twitter Style) plugin 1.1 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the loop parameter in an ajax_navigation action to wp-admin/admin-ajax.php. | |||||
| CVE-2014-3626 | 1 Grails | 1 Resources | 2018-04-18 | 5.0 MEDIUM | 7.5 HIGH |
| The Grails Resource Plugin often has to exchange URIs for resources with other internal components. Those other components will decode any URI passed to them. To protect against directory traversal the Grails Resource Plugin did the following: normalized the URI, checked the normalized URI did not step outside the appropriate root directory (e.g. the web application root), decoded the URI and checked that this did not introduce additional /../ (and similar) sequences. A bug was introduced where the Grails Resource Plugin before 1.2.13 returned the decoded version of the URI rather than the normalized version of the URI after the directory traversal check. This exposed a double decoding vulnerability. To address this issue, the Grails Resource Plugin now repeatedly decodes the URI up to three times or until decoding no longer changes the URI. If the decode limit of 3 is exceeded the URI is rejected. A side-effect of this is that the Grails Resource Plugin is unable to serve a resource that includes a '%' character in the full path to the resource. Not all environments are vulnerable because of the differences in URL resolving in different servlet containers. Applications deployed to Tomcat 8 and Jetty 9 were found not not be vulnerable, however applications deployed to JBoss EAP 6.3 / JBoss AS 7.4 and JBoss AS 7.1 were found to be vulnerable (other JBoss versions weren't tested). In certain cases JBoss returns JBoss specific vfs protocol urls from URL resolution methods (ClassLoader.getResources). The JBoss vfs URL protocol supports resolving any file on the filesystem. This made the directory traversal possible. There may be other containers, in addition to JBoss, on which this vulnerability is exposed. | |||||
| CVE-2018-7719 | 2 Acrolinx, Microsoft | 2 Acrolinx Server, Windows | 2018-04-18 | 5.0 MEDIUM | 7.5 HIGH |
| Acrolinx Server before 5.2.5 on Windows allows Directory Traversal. | |||||
| CVE-2018-8968 | 1 Zzcms | 1 Zzcms | 2018-04-17 | 6.4 MEDIUM | 7.5 HIGH |
| An issue was discovered in zzcms 8.2. user/manage.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg or oldflv parameter in an action=modify request. This can be leveraged for database access by deleting install.lock. | |||||
| CVE-2018-8969 | 1 Zzcms | 1 Zzcms | 2018-04-17 | 6.4 MEDIUM | 7.5 HIGH |
| An issue was discovered in zzcms 8.2. user/licence_save.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock. | |||||
| CVE-2018-8965 | 1 Zzcms | 1 Zzcms | 2018-04-17 | 6.4 MEDIUM | 7.5 HIGH |
| An issue was discovered in zzcms 8.2. user/ppsave.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock. | |||||