Total
7267 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-17837 | 1 Jtbc | 1 Jtbc Php | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
| An issue was discovered in JTBC(PHP) 3.0.1.6. Arbitrary file deletion is possible via a /console/file/manage.php?type=action&action=delete&path=c%3A%2F substring. | |||||
| CVE-2018-17836 | 1 Jtbc | 1 Jtbc Php | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in JTBC(PHP) 3.0.1.6. It allows remote attackers to execute arbitrary PHP code by using a /console/file/manage.php?type=action&action=addfile&path=..%2F substring to upload, in conjunction with a multipart/form-data PHP payload. | |||||
| CVE-2018-17798 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in zzcms 8.3. user/ztconfig.php allows remote attackers to delete arbitrary files via an absolute pathname in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock. | |||||
| CVE-2018-17797 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in zzcms 8.3. user/zssave.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock. | |||||
| CVE-2018-17785 | 1 Blynk | 1 Blynk-server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In blynk-server in Blynk before 0.39.7, Directory Traversal exists via a ../ in a URI that has /static or /static/js at the beginning, as demonstrated by reading the /etc/passwd file. | |||||
| CVE-2018-17605 | 1 Asset Pipeline Project | 1 Asset-pipeline | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the Asset Pipeline plugin before 3.0.4 for Grails. An attacker can perform directory traversal via a crafted request when a servlet-based application is executed in Jetty, because there is a classloader vulnerability that can allow a reverse file traversal route in AssetPipelineFilter.groovy or AssetPipelineFilterCore.groovy. | |||||
| CVE-2018-17553 | 1 Naviwebs | 1 Navigate Cms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An "Unrestricted Upload of File with Dangerous Type" issue with directory traversal in navigate_upload.php in Naviwebs Navigate CMS 2.8 allows authenticated attackers to achieve remote code execution via a POST request with engine=picnik and id=../../../navigate_info.php. | |||||
| CVE-2018-17444 | 1 Citrix | 2 Netscaler Sd-wan, Sd-wan | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A Directory Traversal issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. | |||||
| CVE-2018-17365 | 1 Seacms | 1 Seacms | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
| SeaCMS 6.64 and 7.2 allows remote attackers to delete arbitrary files via the filedir parameter. | |||||
| CVE-2018-17297 | 1 Hutool | 1 Hutool | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
| The unzip function in ZipUtil.java in Hutool before 4.1.12 allows remote attackers to overwrite arbitrary files via directory traversal sequences in a filename within a ZIP archive. | |||||
| CVE-2018-17180 | 1 Open-emr | 1 Openemr | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in OpenEMR before 5.0.1 Patch 7. Directory Traversal exists via docid=../ to /portal/lib/download_template.php. | |||||
| CVE-2018-17125 | 1 Chshcms | 1 Cscms | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
| CScms 4.1 allows arbitrary directory deletion via a dir=..\\ substring to plugins\sys\admin\Plugins.php. | |||||
| CVE-2018-16968 | 1 Citrix | 1 Sharefile Storagezones Controller | 2024-11-21 | 3.5 LOW | 3.1 LOW |
| Citrix ShareFile StorageZones Controller before 5.4.2 allows Directory Traversal. | |||||
| CVE-2018-16961 | 1 Buffalo | 1 Open Xdmod | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Open XDMoD through 7.5.0. html/gui/general/dl_publication.php allows Path traversal via the file parameter, allowing remote attackers to read PDF files in arbitrary directories. | |||||
| CVE-2018-16858 | 1 Libreoffice | 1 Libreoffice | 2024-11-21 | 7.5 HIGH | 7.8 HIGH |
| It was found that libreoffice before versions 6.0.7 and 6.1.3 was vulnerable to a directory traversal attack which could be used to execute arbitrary macros bundled with a document. An attacker could craft a document, which when opened by LibreOffice, would execute a Python method from a script in any arbitrary file system location, specified relative to the LibreOffice install location. | |||||
| CVE-2018-16836 | 1 Rubedo Project | 1 Rubedo | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Rubedo through 3.4.0 contains a Directory Traversal vulnerability in the theme component, allowing unauthenticated attackers to read and execute arbitrary files outside of the service root path, as demonstrated by a /theme/default/img/%2e%2e/..//etc/passwd URI. | |||||
| CVE-2018-16831 | 1 Smarty | 1 Smarty | 2024-11-21 | 7.1 HIGH | 5.9 MEDIUM |
| Smarty before 3.1.33-dev-4 allows attackers to bypass the trusted_dir protection mechanism via a file:./../ substring in an include statement. | |||||
| CVE-2018-16820 | 1 Monstra | 1 Monstra | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| admin/index.php in Monstra CMS 3.0.4 allows arbitrary directory listing via id=filesmanager&path=uploads/.......//./.......//./ requests. | |||||
| CVE-2018-16819 | 1 Monstra | 1 Monstra | 2024-11-21 | 5.5 MEDIUM | 4.9 MEDIUM |
| admin/index.php in Monstra CMS 3.0.4 allows arbitrary file deletion via id=filesmanager&path=uploads/.......//./.......//./&delete_file= requests. | |||||
| CVE-2018-16774 | 1 Hongcms Project | 1 Hongcms | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
| HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/language/ajax?action=delete. | |||||