Total
6231 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-4430 | 1 Ibm | 1 Maximo Asset Management | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Maximo Asset Management 7.6 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 162887. | |||||
| CVE-2019-12477 | 1 Supra | 2 Stv-lc40lt0020f, Stv-lc40lt0020f Firmware | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| Supra Smart Cloud TV allows remote file inclusion in the openLiveURL function, which allows a local attacker to broadcast fake video without any authentication via a /remote/media_control?action=setUri&uri= URI. | |||||
| CVE-2019-12990 | 1 Citrix | 2 Netscaler Sd-wan, Sd-wan | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow Directory Traversal. | |||||
| CVE-2019-14701 | 1 Microdigital | 6 Mdc-n2190v, Mdc-n2190v Firmware, Mdc-n4090 and 3 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. An attacker can trigger read operations on an arbitrary file via Path Traversal in the TZ parameter, but cannot retrieve the data that is read. This causes a denial of service if the filename is, for example, /dev/random. | |||||
| CVE-2019-5480 | 1 Statichttpserver Project | 1 Statichttpserver | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| A path traversal vulnerability in <= v0.9.7 of statichttpserver npm module allows attackers to list files in arbitrary folders. | |||||
| CVE-2019-1142 | 1 Microsoft | 7 .net Framework, Windows 10, Windows 8.1 and 4 more | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| An elevation of privilege vulnerability exists when the .NET Framework common language runtime (CLR) allows file creation in arbitrary locations, aka '.NET Framework Elevation of Privilege Vulnerability'. | |||||
| CVE-2016-10966 | 1 Creativeinteractivemedia | 1 Real3d Flipbook | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| The real3d-flipbook-lite plugin 1.0 for WordPress has bookName=../ directory traversal for file upload. | |||||
| CVE-2019-11826 | 1 Synology | 1 Moments | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| Relative path traversal vulnerability in SYNO.PhotoTeam.Upload.Item in Synology Moments before 1.3.0-0691 allows remote authenticated users to upload arbitrary files via the name parameter. | |||||
| CVE-2019-14322 | 2 Microsoft, Palletsprojects | 2 Windows, Werkzeug | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| In Pallets Werkzeug before 0.15.5, SharedDataMiddleware mishandles drive names (such as C:) in Windows pathnames. | |||||
| CVE-2019-14530 | 1 Open-emr | 1 Openemr | 2024-02-04 | 6.0 MEDIUM | 8.8 HIGH |
| An issue was discovered in custom/ajax_download.php in OpenEMR before 5.0.2 via the fileName parameter. An attacker can download any file (that is readable by the user www-data) from server storage. If the requested file is writable for the www-data user and the directory /var/www/openemr/sites/default/documents/cqm_qrda/ exists, it will be deleted from server. | |||||
| CVE-2019-15518 | 1 Swoole | 1 Swoole | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| Swoole before 4.2.13 allows directory traversal in swPort_http_static_handler. | |||||
| CVE-2019-9854 | 6 Canonical, Debian, Fedoraproject and 3 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
| LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice install. Protection was added, to address CVE-2019-9852, to avoid a directory traversal attack where scripts in arbitrary locations on the file system could be executed by employing a URL encoding attack to defeat the path verification step. However this protection could be bypassed by taking advantage of a flaw in how LibreOffice assembled the final script URL location directly from components of the passed in path as opposed to solely from the sanitized output of the path verification step. This issue affects: Document Foundation LibreOffice 6.2 versions prior to 6.2.7; 6.3 versions prior to 6.3.1. | |||||
| CVE-2019-7227 | 1 Abb | 2 Pb610 Panel Builder 600, Pb610 Panel Builder 600 Firmware | 2024-02-04 | 4.1 MEDIUM | 7.3 HIGH |
| In the ABB IDAL FTP server, an authenticated attacker can traverse to arbitrary directories on the hard disk with "CWD ../" and then use the FTP server functionality to download and upload files. An unauthenticated attacker can take advantage of the hardcoded or default credential pair exor/exor to become an authenticated attacker. | |||||
| CVE-2019-13237 | 1 Alkacon | 1 Opencms Apollo Template | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| In Alkacon OpenCms 10.5.4 and 10.5.5, there are multiple resources vulnerable to Local File Inclusion that allow an attacker to access server resources: clearhistory.jsp, convertxml.jsp, group_new.jsp, loginmessage.jsp, xmlcontentrepair.jsp, and /system/workplace/admin/history/settings/index.jsp. | |||||
| CVE-2019-3415 | 1 Zte | 2 Zxmw Nr8000, Zxmw Nr8000 Firmware | 2024-02-04 | 2.7 LOW | 5.7 MEDIUM |
| ZTE MW NR8000V2.4.4.03 and NR8000V2.4.4.04 are impacted by path traversal vulnerability. Due to path traversal,users can download any files. | |||||
| CVE-2019-15517 | 1 Jc21 | 1 Nginx Proxy Manager | 2024-02-04 | 4.9 MEDIUM | 5.5 MEDIUM |
| jc21 Nginx Proxy Manager before 2.0.13 allows %2e%2e%2f directory traversal. | |||||
| CVE-2019-15516 | 1 Cuberite | 1 Cuberite | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Cuberite before 2019-06-11 allows webadmin directory traversal via ....// because the protection mechanism simply removes one ../ substring. | |||||
| CVE-2018-16594 | 1 Sony | 105 Kd-43xe7000, Kd-43xe7002, Kd-43xe7003 and 102 more | 2024-02-04 | 4.8 MEDIUM | 8.1 HIGH |
| The Photo Sharing Plus component on Sony Bravia TV through 8.587 devices allows Directory Traversal. | |||||
| CVE-2019-10038 | 1 Evernote | 1 Evernote | 2024-02-04 | 4.4 MEDIUM | 7.8 HIGH |
| Evernote 7.9 on macOS allows attackers to execute arbitrary programs by embedding a reference to a local executable file such as the /Applications/Calculator.app/Contents/MacOS/Calculator file. | |||||
| CVE-2018-14918 | 1 Loytec | 2 Lgate-902, Lgate-902 Firmware | 2024-02-04 | 7.8 HIGH | 7.5 HIGH |
| LOYTEC LGATE-902 6.3.2 devices allow Directory Traversal. | |||||