Total
8266 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-7296 | 1 Eq-3 | 2 Homematic Central Control Unit Ccu2, Homematic Central Control Unit Ccu2 Firmware | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Directory Traversal / Arbitrary File Read in User.getLanguage method in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to read the first line of an arbitrary file on the CCU2's filesystem. This vulnerability can be exploited by unauthenticated attackers with access to the web interface.
|
|||||
| CVE-2018-7212 | 2 Microsoft, Sinatrarb | 2 Windows, Sinatra | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
An issue was discovered in rack-protection/lib/rack/protection/path_traversal.rb in Sinatra 2.x before 2.0.1 on Windows. Path traversal is possible via backslash characters.
|
|||||
| CVE-2018-7172 | 1 Wondercms | 1 Wondercms | 2024-11-21 | 5.5 MEDIUM | 4.9 MEDIUM |
|
In index.php in WonderCMS before 2.4.1, remote attackers can delete arbitrary files via directory traversal.
|
|||||
| CVE-2018-7171 | 1 Lynxtechnology | 1 Twonky Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Directory traversal vulnerability in Twonky Server 7.0.11 through 8.5 allows remote attackers to share the contents of arbitrary directories via a .. (dot dot) in the contentbase parameter to rpc/set_all.
|
|||||
| CVE-2018-7102 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A security vulnerability in HPE Intelligent Management Center (iMC) PLAT E0506P09, createFabricAutoCfgFile could be remotely exploited via directory traversal to allow remote arbitrary file modification.
|
|||||
| CVE-2018-7098 | 1 Hp | 1 3par Service Provider | 2024-11-21 | 3.6 LOW | 8.4 HIGH |
|
A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be locally exploited to allow directory traversal.
|
|||||
| CVE-2018-7092 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
|
A potential security vulnerability has been identified in HPE Intelligent Management Center Platform (IMC Plat) 7.3 E0506P09. The vulnerability could be remotely exploited to allow for remote directory traversal leading to arbitrary file deletion.
|
|||||
| CVE-2018-6914 | 4 Canonical, Debian, Redhat and 1 more | 4 Ubuntu Linux, Debian Linux, Enterprise Linux and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 might allow attackers to create arbitrary directories or files via a .. (dot dot) in the prefix argument.
|
|||||
| CVE-2018-6885 | 1 Microstrategy | 1 Web Services | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
|
An issue was discovered in MicroStrategy Web Services (the Microsoft Office plugin) before 10.4 Hotfix 7, and before 10.11. The vulnerability is unauthenticated and leads to access to the asset files with the MicroStrategy user privileges. (This includes the credentials to access the admin dashboard which may lead to RCE.) The path traversal is located in a SOAP request in the web service component.
|
|||||
| CVE-2018-6830 | 1 Foscam | 64 C1, C1 Firmware, C1 Lite and 61 more | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
|
Directory traversal vulnerability in Foscam Cameras C1 Lite V3, and C1 V3 with firmware 2.82.2.33 and earlier, FI9800P V3, FI9803P V4, FI9851P V3, and FI9853EP V2 2.84.2.33 and earlier, FI9816P V3, FI9821EP V2, FI9821P V3, FI9826P V3, and FI9831P V3 2.81.2.33 and earlier, C1, C1 V2, C1 Lite, and C1 Lite V2 2.52.2.47 and earlier, FI9800P, FI9800P V2, FI9803P V2, FI9803P V3, and FI9851P V2 2.54.2.47 and earlier, FI9815P, FI9815P V2, FI9816P, and FI9816P V2, 2.51.2.47 and earlier, R2 and R4 2.71.1. ...
Show More |
|||||
| CVE-2018-6810 | 1 Citrix | 4 Netscaler Application Delivery Controller, Netscaler Application Delivery Controller Firmware, Netscaler Gateway and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Directory traversal vulnerability in NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allows remote attackers to traverse the directory on the target system via a crafted request.
|
|||||
| CVE-2018-6677 | 1 Mcafee | 1 Mcafee Web Gateway | 2024-11-21 | 9.0 HIGH | 9.1 CRITICAL |
|
Directory Traversal vulnerability in the administrative user interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to gain elevated privileges via unspecified vectors.
|
|||||
| CVE-2018-6660 | 1 Mcafee | 1 Epolicy Orchestrator | 2024-11-21 | 4.0 MEDIUM | 6.2 MEDIUM |
|
Directory Traversal vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 and 5.9.0 allows administrators to use Windows alternate data streams, which could be used to bypass the file extensions, via not properly validating the path when exporting a particular XML file.
|
|||||
| CVE-2018-6500 | 1 Hp | 1 Arcsight Management Center | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A potential Directory Traversal Security vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be remotely exploited to allow Directory Traversal.
|
|||||
| CVE-2018-6409 | 1 Machform | 1 Machform | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
An issue was discovered in Appnitro MachForm before 4.2.3. The module in charge of serving stored files gets the path from the database. Modifying the name of the file to serve on the corresponding ap_form table leads to a path traversal vulnerability via the download.php q parameter.
|
|||||
| CVE-2018-6397 | 1 Joomlacalendars | 1 Picture Calendar | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Directory Traversal exists in the Picture Calendar 3.1.4 component for Joomla! via the list.php folder parameter.
|
|||||
| CVE-2018-6356 | 2 Jenkins, Oracle | 2 Jenkins, Communications Cloud Native Core Automated Test Suite | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Jenkins before 2.107 and Jenkins LTS before 2.89.4 did not properly prevent specifying relative paths that escape a base directory for URLs accessing plugin resource files. This allowed users with Overall/Read permission to download files from the Jenkins master they should not have access to. On Windows, any file accessible to the Jenkins master process could be downloaded. On other operating systems, any file within the Jenkins home directory accessible to the Jenkins master process could be d ...
Show More |
|||||
| CVE-2018-6184 | 1 Zeit | 1 Next.js | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
ZEIT Next.js 4 before 4.2.3 has Directory Traversal under the /_next request namespace.
|
|||||
| CVE-2018-6022 | 1 5none | 1 Nonecms | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
|
Directory traversal vulnerability in application/admin/controller/Main.php in NoneCms through 1.3.0 allows remote authenticated users to delete arbitrary files by leveraging back-office access to provide a ..\ in the param.path parameter.
|
|||||
| CVE-2018-5997 | 1 Ravpower | 1 Filehub Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
An issue was discovered in the HTTP Server in RAVPower Filehub 2.000.056. Due to an unrestricted upload feature and a path traversal vulnerability, it is possible to upload a file on a filesystem with root privileges: this will lead to remote code execution as root.
|
|||||
| CVE-2018-5755 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 7.1 HIGH | 5.5 MEDIUM |
|
Absolute path traversal vulnerability in the readerengine component in Open-Xchange OX App Suite before 7.6.3-rev3, 7.8.x before 7.8.2-rev4, 7.8.3 before 7.8.3-rev5, and 7.8.4 before 7.8.4-rev4 allows remote attackers to read arbitrary files via a full pathname in a formula in a spreadsheet.
|
|||||
| CVE-2018-5700 | 1 Magicwinmail | 1 Winmail Server | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
Winmail Server through 6.2 allows remote code execution by authenticated users who leverage directory traversal in a netdisk.php copy_folder_file call (in inc/class.ftpfolder.php) to move a .php file from the FTP folder into a web folder.
|
|||||
| CVE-2018-5445 | 1 Advantech | 1 Webaccess\/scada | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A Path Traversal issue was discovered in Advantech WebAccess/SCADA versions prior to V8.2_20170817. An attacker has read access to files within the directory structure of the target device.
|
|||||
| CVE-2018-5337 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: directory traversal in the SCRIPT_NAME field when modifying existing scripts.
|
|||||
| CVE-2018-5310 | 1 Media From Ftp Project | 1 Media From Ftp | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
In the "Media from FTP" plugin before 9.85 for WordPress, Directory Traversal exists via the searchdir parameter to the wp-admin/admin.php?page=mediafromftp-search-register URI.
|
|||||
| CVE-2018-5291 | 1 Gd Rating System Project | 1 Gd Rating System | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-tools page.
|
|||||
| CVE-2018-5290 | 1 Gd Rating System Project | 1 Gd Rating System | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-transfer page.
|
|||||
| CVE-2018-5289 | 1 Gd Rating System Project | 1 Gd Rating System | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-information page.
|
|||||
| CVE-2018-5287 | 1 Gd Rating System Project | 1 Gd Rating System | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-about page.
|
|||||
| CVE-2018-5283 | 1 Photos In Wifi Project | 1 Photos In Wifi | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The Photos in Wifi application 1.0.1 for iOS has directory traversal via the ext parameter to assets-library://asset/asset.php.
|
|||||
| CVE-2018-4861 | 1 Siemens | 2 Scalance M875, Scalance M875 Firmware | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
|
A vulnerability has been identified in SCALANCE M875 (All versions). An authenticated remote attacker with access to the web interface (443/tcp), could potentially read and download arbitrary files from the device's file system. Successful exploitation requires that the attacker has network access to the web interface. The attacker must be authenticated as administrative user to exploit the security vulnerability. At the time of advisory publication no public exploitation of this security vulner ...
Show More |
|||||
| CVE-2018-3949 | 1 Tp-link | 2 Tl-r600vpn, Tl-r600vpn Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An exploitable information disclosure vulnerability exists in the HTTP server functionality of the TP-Link TL-R600VPN. A specially crafted URL can cause a directory traversal, resulting in the disclosure of sensitive system files. An attacker can send either an unauthenticated or an authenticated web request to trigger this vulnerability.
|
|||||
| CVE-2018-3822 | 1 Elastic | 1 X-pack | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
X-Pack Security versions 6.2.0, 6.2.1, and 6.2.2 are vulnerable to a user impersonation attack via incorrect XML canonicalization and DOM traversal. An attacker might have been able to impersonate a legitimate user if the SAML Identity Provider allows for self registration with arbitrary identifiers and the attacker can register an account which an identifier that shares a suffix with a legitimate account. Both of those conditions must be true in order to exploit this flaw.
|
|||||
| CVE-2018-3787 | 1 Simplehttpserver Project | 1 Simplehttpserver | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Path traversal in simplehttpserver <v0.2.1 allows listing any file on the server.
|
|||||
| CVE-2018-3770 | 1 Markdown-pdf Project | 1 Markdown-pdf | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
A path traversal exists in markdown-pdf version <9.0.0 that allows a user to insert a malicious html code that can result in reading the local files.
|
|||||
| CVE-2018-3766 | 1 Buttle Project | 1 Buttle | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Path traversal in buttle module versions <= 0.2.0 allows to read any file in the server.
|
|||||
| CVE-2018-3760 | 3 Debian, Redhat, Sprockets Project | 4 Debian Linux, Cloudforms, Enterprise Linux and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
There is an information leak vulnerability in Sprockets. Versions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower. Specially crafted requests can be used to access files that exists on the filesystem that is outside an application's root directory, when the Sprockets server is used in production. All users running an affected release should either upgrade or use one of the work arounds immediately.
|
|||||
| CVE-2018-3758 | 1 Express-cart Project | 1 Express-cart | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
Unrestricted file upload (RCE) in express-cart module before 1.1.7 allows a privileged user to gain access in the hosting machine.
|
|||||
| CVE-2018-3744 | 1 Html-pages Project | 1 Html-pages | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
|
The html-pages node module contains a path traversal vulnerabilities that allows an attacker to read any file from the server with cURL.
|
|||||
| CVE-2018-3734 | 1 Stattic Project | 1 Stattic | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
stattic node module suffers from a Path Traversal vulnerability due to lack of validation of path, which allows a malicious user to read content of any file with known path.
|
|||||