Search
Total
907 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-17797 | 1 Zzcms | 1 Zzcms | 2018-11-28 | 5.5 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in zzcms 8.3. user/zssave.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock. | |||||
| CVE-2018-17828 | 1 Zziplib Project | 1 Zziplib | 2018-11-28 | 5.8 MEDIUM | 5.5 MEDIUM |
| Directory traversal vulnerability in ZZIPlib 0.13.69 allows attackers to overwrite arbitrary files via a .. (dot dot) in a zip file, because of the function unzzip_cat in the bins/unzzipcat-mem.c file. | |||||
| CVE-2018-11762 | 1 Apache | 1 Tika | 2018-11-20 | 5.8 MEDIUM | 5.9 MEDIUM |
| In Apache Tika 0.9 to 1.18, in a rare edge case where a user does not specify an extract directory on the commandline (--extract-dir=) and the input file has an embedded file with an absolute path, such as "C:/evil.bat", tika-app would overwrite that file. | |||||
| CVE-2018-9074 | 1 Lenovo | 22 Iomega Ez Media \& Backup Center, Iomega Storcenter Ix2, Iomega Storcenter Ix2-dl and 19 more | 2018-11-20 | 6.8 MEDIUM | 6.5 MEDIUM |
| For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file upload functionality of the Content Explorer application is vulnerable to path traversal. As a result, users can upload files anywhere on the device's operating system as the root user. | |||||
| CVE-2018-16819 | 1 Monstra | 1 Monstra | 2018-11-19 | 5.5 MEDIUM | 4.9 MEDIUM |
| admin/index.php in Monstra CMS 3.0.4 allows arbitrary file deletion via id=filesmanager&path=uploads/.......//./.......//./&delete_file= requests. | |||||
| CVE-2018-16549 | 1 Php File Browser Script Project | 1 Php File Browser Script | 2018-11-16 | 5.0 MEDIUM | 5.3 MEDIUM |
| HScripts PHP File Browser Script v1.0 allows Directory Traversal via the index.php path parameter. | |||||
| CVE-2018-16831 | 1 Smarty | 1 Smarty | 2018-11-16 | 7.1 HIGH | 5.9 MEDIUM |
| Smarty before 3.1.33-dev-4 allows attackers to bypass the trusted_dir protection mechanism via a file:./../ substring in an include statement. | |||||
| CVE-2018-16141 | 1 Thinkcmf | 1 Thinkcmfx | 2018-11-06 | 5.5 MEDIUM | 6.5 MEDIUM |
| ThinkCMF X2.2.3 has an arbitrary file deletion vulnerability in do_avatar in \application\User\Controller\ProfileController.class.php via an imgurl parameter with a ..\ sequence. A member user can delete any file on a Windows server. | |||||
| CVE-2018-16437 | 1 Gxlcms | 1 Gxlcms | 2018-11-05 | 4.0 MEDIUM | 4.9 MEDIUM |
| Gxlcms 2.0 before bug fix 20180915 has Directory Traversal exploitable by an administrator. | |||||
| CVE-2018-15536 | 1 Tecrail | 1 Responsive Filemanager | 2018-11-01 | 5.8 MEDIUM | 5.5 MEDIUM |
| /filemanager/ajax_calls.php in tecrail Responsive FileManager before 9.13.4 does not properly validate file paths in archives, allowing for the extraction of crafted archives to overwrite arbitrary files via an extract action, aka Directory Traversal. | |||||
| CVE-2016-5098 | 2 Opensuse, Phpmyadmin | 2 Opensuse, Phpmyadmin | 2018-10-30 | 5.0 MEDIUM | 5.3 MEDIUM |
| Directory traversal vulnerability in libraries/error_report.lib.php in phpMyAdmin before 4.6.2-prerelease allows remote attackers to determine the existence of arbitrary files by triggering an error. | |||||
| CVE-2018-15695 | 1 Asustor | 1 Data Master | 2018-10-30 | 8.5 HIGH | 6.5 MEDIUM |
| ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to delete any file on the file system due to a path traversal vulnerability in wallpaper.cgi. | |||||
| CVE-2018-0659 | 1 Hibara | 1 Attachecase | 2018-10-30 | 5.8 MEDIUM | 5.5 MEDIUM |
| Directory traversal vulnerability in ver.2.8.4.0 and earlier and ver.3.3.0.0 and earlier allows an attacker to create or overwrite existing files via specially crafted ATC file. | |||||
| CVE-2018-16133 | 1 Cybrotech | 1 Cybrohttpserver | 2018-10-19 | 5.0 MEDIUM | 5.3 MEDIUM |
| Cybrotech CyBroHttpServer 1.0.3 allows Directory Traversal via a ../ in the URI. | |||||
| CVE-2016-4320 | 1 Atlassian | 1 Bitbucket | 2018-10-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| Atlassian Bitbucket Server before 4.7.1 allows remote attackers to read the first line of an arbitrary file via a directory traversal attack on the pull requests resource. | |||||
| CVE-2018-15140 | 1 Open-emr | 1 Openemr | 2018-10-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| Directory traversal in portal/import_template.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker authenticated in the patient portal to read arbitrary files via the "docid" parameter when the mode is set to get. | |||||
| CVE-2018-15141 | 1 Open-emr | 1 Openemr | 2018-10-10 | 5.5 MEDIUM | 6.5 MEDIUM |
| Directory traversal in portal/import_template.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker authenticated in the patient portal to delete arbitrary files via the "docid" parameter when the mode is set to delete. | |||||
| CVE-2016-7135 | 1 Plone | 1 Plone | 2018-10-09 | 4.0 MEDIUM | 4.9 MEDIUM |
| Directory traversal vulnerability in Plone CMS 5.x through 5.0.6 and 4.2.x through 4.3.11 allows remote administrators to read arbitrary files via a .. (dot dot) in the path parameter in a getFile action to Plone/++theme++barceloneta/@@plone.resourceeditor.filemanager-actions. | |||||
| CVE-2016-4314 | 1 Wso2 | 1 Carbon | 2018-10-09 | 4.0 MEDIUM | 4.9 MEDIUM |
| Directory traversal vulnerability in the LogViewer Admin Service in WSO2 Carbon 4.4.5 allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the logFile parameter to downloadgz-ajaxprocessor.jsp. | |||||
| CVE-2016-0784 | 1 Apache | 1 Openmeetings | 2018-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| Directory traversal vulnerability in the Import/Export System Backups functionality in Apache OpenMeetings before 3.1.1 allows remote authenticated administrators to write to arbitrary files via a .. (dot dot) in a ZIP archive entry. | |||||
| CVE-2014-7954 | 1 Google | 1 Android | 2018-10-09 | 2.1 LOW | 4.6 MEDIUM |
| Directory traversal vulnerability in the doSendObjectInfo method in frameworks/av/media/mtp/MtpServer.cpp in Android 4.4.4 allows physically proximate attackers with a direct connection to the target Android device to upload files outside of the sdcard via a .. (dot dot) in a name parameter of an MTP request. | |||||
| CVE-2018-14927 | 1 Matera | 1 Banco | 2018-10-02 | 5.0 MEDIUM | 5.3 MEDIUM |
| Matera Banco 1.0.0 is vulnerable to path traversal (allowing access to system files outside the default application folder) via the /contingency/servlet/ServletFileDownload file parameter, related to /contingency/web/receiptQuery/receiptDisplay.jsp. | |||||
| CVE-2018-12939 | 1 Seeddms | 1 Seeddms | 2018-09-28 | 5.5 MEDIUM | 6.5 MEDIUM |
| A directory traversal flaw in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows an authenticated attacker to write to (or potentially delete) arbitrary files via a .. (dot dot) in the "op/op.UploadChunks.php" "qquuid" parameter. NOTE: this can be leveraged to execute arbitrary code by using CVE-2018-12940. | |||||
| CVE-2018-1999020 | 1 Opennetworking | 1 Onos | 2018-09-20 | 5.8 MEDIUM | 5.5 MEDIUM |
| Open Networking Foundation (ONF) ONOS version 1.13.2 and earlier version contains a Directory Traversal vulnerability in core/common/src/main/java/org/onosproject/common/app/ApplicationArchive.java line 35 that can result in arbitrary file deletion (overwrite). This attack appear to be exploitable via a specially crafted zip file should be uploaded. | |||||
| CVE-2018-14573 | 1 Trms | 1 Tightrope Media Carousel Digital Signage | 2018-09-20 | 2.1 LOW | 5.5 MEDIUM |
| A Local File Inclusion (LFI) vulnerability exists in the Web Interface API of TightRope Media Carousel Digital Signage before 7.3.5. The RenderingFetch API allows for the downloading of arbitrary files through the use of directory traversal sequences, aka CSL-1683. | |||||
| CVE-2018-14036 | 1 Freedesktop | 1 Accountsservice | 2018-09-06 | 4.0 MEDIUM | 6.5 MEDIUM |
| Directory Traversal with ../ sequences occurs in AccountsService before 0.6.50 because of an insufficient path check in user_change_icon_file_authorized_cb() in user.c. | |||||
| CVE-2018-1000532 | 1 Beep Project | 1 Beep | 2018-08-30 | 1.9 LOW | 4.7 MEDIUM |
| beep version 1.3 and up contains a External Control of File Name or Path vulnerability in --device option that can result in Local unprivileged user can inhibit execution of arbitrary programs by other users, allowing DoS. This attack appear to be exploitable via The system must allow local users to run beep. | |||||
| CVE-2018-13034 | 1 Jester Project | 1 Jester | 2018-08-30 | 5.0 MEDIUM | 5.3 MEDIUM |
| Directory traversal in Jester web framework 0.2.0 allows remote attackers to fetch files in arbitrary locations via "..%f" sequences. | |||||
| CVE-2018-7763 | 1 Schneider-electric | 1 U.motion Builder | 2018-08-28 | 4.3 MEDIUM | 4.3 MEDIUM |
| The vulnerability exists within css.inc.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The 'css' parameter contains a directory traversal vulnerability. | |||||
| CVE-2018-7764 | 1 Schneider-electric | 1 U.motion Builder | 2018-08-28 | 4.3 MEDIUM | 4.3 MEDIUM |
| The vulnerability exists within runscript.php applet in Schneider Electric U.motion Builder software versions prior to v1.3.4. There is a directory traversal vulnerability in the processing of the 's' parameter of the applet. | |||||
| CVE-2017-16859 | 1 Atlassian | 2 Crucible, Fisheye | 2018-08-23 | 4.0 MEDIUM | 6.5 MEDIUM |
| The review attachment resource in Atlassian Fisheye and Crucible before version 4.3.2, from version 4.4.0 before 4.4.3 and before version 4.5.0 allows remote attackers to read files contained within context path of the running application through a path traversal vulnerability in the command parameter. | |||||
| CVE-2018-12560 | 1 Cantata Project | 1 Cantata | 2018-08-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. Arbitrary unmounts can be performed by regular users via directory traversal sequences such as a home/../sys/kernel substring. | |||||
| CVE-2018-5755 | 1 Open-xchange | 1 Open-xchange Appsuite | 2018-08-03 | 7.1 HIGH | 5.5 MEDIUM |
| Absolute path traversal vulnerability in the readerengine component in Open-Xchange OX App Suite before 7.6.3-rev3, 7.8.x before 7.8.2-rev4, 7.8.3 before 7.8.3-rev5, and 7.8.4 before 7.8.4-rev4 allows remote attackers to read arbitrary files via a full pathname in a formula in a spreadsheet. | |||||
| CVE-2018-10057 | 2 Bfgminer, Cgminer Project | 2 Bfgminer, Cgminer | 2018-07-27 | 4.0 MEDIUM | 6.5 MEDIUM |
| The remote management interface of cgminer 4.10.0 and bfgminer 5.5.0 allows an authenticated remote attacker to write the miner configuration file to arbitrary locations on the server due to missing basedir restrictions (absolute directory traversal). | |||||
| CVE-2018-8008 | 1 Apache | 1 Storm | 2018-07-20 | 5.8 MEDIUM | 5.5 MEDIUM |
| Apache Storm version 1.0.6 and earlier, 1.2.1 and earlier, and version 1.1.2 and earlier expose an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z), that holds path traversal filenames. So when the filename gets concatenated to the target extraction directory, the final path ends up outside of the target folder. | |||||
| CVE-2016-6614 | 1 Phpmyadmin | 1 Phpmyadmin | 2018-07-08 | 4.3 MEDIUM | 6.8 MEDIUM |
| An issue was discovered in phpMyAdmin involving the %u username replacement functionality of the SaveDir and UploadDir features. When the username substitution is configured, a specially-crafted user name can be used to circumvent restrictions to traverse the file system. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. | |||||
| CVE-2018-11495 | 1 Opencart | 1 Opencart | 2018-06-29 | 4.0 MEDIUM | 4.9 MEDIUM |
| OpenCart through 3.0.2.0 allows directory traversal in the editDownload function in admin\model\catalog\download.php via admin/index.php?route=catalog/download/edit, related to the download_id. For example, an attacker can download ../../config.php. | |||||
| CVE-2018-11137 | 1 Quest | 1 Kace System Management Appliance | 2018-06-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| The 'checksum' parameter of the '/common/download_attachment.php' script in the Quest KACE System Management Appliance 8.0.318 can be abused to read arbitrary files with 'www' privileges via Directory Traversal. No administrator privileges are needed to execute this script. | |||||
| CVE-2018-11413 | 1 Bearadmin Project | 1 Bearadmin | 2018-06-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in BearAdmin 0.5. Remote attackers can download arbitrary files via /admin/databack/download.html?name= directory traversal sequences, as demonstrated by name=../application/database.php to read the MySQL credentials in the configuration. | |||||
| CVE-2018-8003 | 1 Apache | 1 Ambari | 2018-06-13 | 5.0 MEDIUM | 5.3 MEDIUM |
| Apache Ambari, versions 1.4.0 to 2.6.1, is susceptible to a directory traversal attack allowing an unauthenticated user to craft an HTTP request which provides read-only access to any file on the filesystem of the host the Ambari Server runs on that is accessible by the user the Ambari Server is running as. Direct network access to the Ambari Server is required to issue this request, and those Ambari Servers that are protected behind a firewall, or in a restricted network zone are at less risk of being affected by this issue. | |||||
| CVE-2018-1000175 | 1 Jenkins | 1 Html Publisher | 2018-06-13 | 4.0 MEDIUM | 6.5 MEDIUM |
| A path traversal vulnerability exists in Jenkins HTML Publisher Plugin 1.15 and older in HtmlPublisherTarget.java that allows attackers able to configure the HTML Publisher build step to override arbitrary files on the Jenkins master. | |||||
| CVE-2018-10553 | 1 Nagios | 1 Nagios Xi | 2018-06-07 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Nagios XI 5.4.13. A registered user is able to use directory traversal to read local files, as demonstrated by URIs beginning with index.php?xiwindow=./ and config/?xiwindow=../ substrings. | |||||
| CVE-2018-9921 | 1 Cmsmadesimple | 1 Cms Made Simple | 2018-05-25 | 5.0 MEDIUM | 5.3 MEDIUM |
| In CMS Made Simple 2.2.7, a Directory Traversal issue makes it possible to determine the existence of files and directories outside the web-site installation directory, and determine whether a file has contents matching a specified checksum. The attack uses an admin/checksum.php?__c= request. | |||||
| CVE-2017-1723 | 1 Ibm | 3 Qradar Incident Forensics, Qradar Network Insights, Qradar Security Information And Event Manager | 2018-05-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Security QRadar SIEM 7.2 and 7.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 134812. | |||||
| CVE-2018-1000161 | 1 Nmap | 1 Nmap | 2018-05-24 | 3.5 LOW | 5.7 MEDIUM |
| nmap version 6.49BETA6 through 7.60, up to and including SVN revision 37147 contains a Directory Traversal vulnerability in NSE script http-fetch that can result in file overwrite as the user is running it. This attack appears to be exploitable via a victim that runs NSE script http-fetch against a malicious web site. This vulnerability appears to have been fixed in 7.7. | |||||
| CVE-2018-10176 | 1 Digitalguardian | 1 Management Console | 2018-05-22 | 4.0 MEDIUM | 6.5 MEDIUM |
| Digital Guardian Management Console 7.1.2.0015 has a Directory Traversal issue. | |||||
| CVE-2018-1204 | 1 Dell | 1 Emc Isilon Onefs | 2018-04-19 | 7.2 HIGH | 6.7 MEDIUM |
| Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a path traversal vulnerability in the isi_phone_home tool. A malicious compadmin may potentially exploit this vulnerability to execute arbitrary code with root privileges. | |||||
| CVE-2017-14384 | 1 Dell | 1 Storage Manager | 2018-04-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Dell Storage Manager versions earlier than 16.3.20, the EMConfigMigration service is affected by a directory traversal vulnerability. A remote malicious user could potentially exploit this vulnerability to read unauthorized files by supplying specially crafted strings in input parameters of the application. A malicious user cannot delete or modify any files via this vulnerability. | |||||
| CVE-2018-1000083 | 1 Ajenti | 1 Ajenti | 2018-04-06 | 5.0 MEDIUM | 5.3 MEDIUM |
| Ajenti version version 2 contains a Improper Error Handling vulnerability in Login JSON request that can result in The requisition leaks a path of the server. This attack appear to be exploitable via By sending a malformed JSON, the tool responds with a traceback error that leaks a path of the server. | |||||
| CVE-2018-7706 | 1 Securenvoy | 1 Securmail | 2018-04-06 | 4.0 MEDIUM | 6.5 MEDIUM |
| Directory traversal vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote authenticated users to read arbitrary e-mail messages via a .. (dot dot) in the option2 parameter in an attachment action to secmail/getmessage.exe. | |||||