Total
8266 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-3733 | 1 Crud-file-server Project | 1 Crud-file-server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
crud-file-server node module before 0.9.0 suffers from a Path Traversal vulnerability due to incorrect validation of url, which allows a malicious user to read content of any file with known path.
|
|||||
| CVE-2018-3732 | 1 Resolve-path Project | 1 Resolve-path | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
resolve-path node module before 1.4.0 suffers from a Path Traversal vulnerability due to lack of validation of paths with certain special characters, which allows a malicious user to read content of any file with known path.
|
|||||
| CVE-2018-3731 | 1 Public.js Project | 1 Public.js | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
public node module suffers from a Path Traversal vulnerability due to lack of validation of filePath, which allows a malicious user to read content of any file with known path.
|
|||||
| CVE-2018-3730 | 1 Mcstatic Project | 1 Mcstatic | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
mcstatic node module suffers from a Path Traversal vulnerability due to lack of validation of filePath, which allows a malicious user to read content of any file with known path.
|
|||||
| CVE-2018-3729 | 1 Localhost-now Project | 1 Localhost-now | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
localhost-now node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path.
|
|||||
| CVE-2018-3727 | 1 626 Project | 1 626 | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
626 node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path.
|
|||||
| CVE-2018-3725 | 1 Hekto Project | 1 Hekto | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
hekto node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path.
|
|||||
| CVE-2018-3724 | 1 General-file-server Project | 1 General-file-server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
general-file-server node module suffers from a Path Traversal vulnerability due to lack of validation of currpath, which allows a malicious user to read content of any file with known path.
|
|||||
| CVE-2018-3715 | 1 Glance Project | 1 Glance | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
glance node module before 3.0.4 suffers from a Path Traversal vulnerability due to lack of validation of path passed to it, which allows a malicious user to read content of any file with known path.
|
|||||
| CVE-2018-3714 | 1 Node-srv Project | 1 Node-srv | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
node-srv node module suffers from a Path Traversal vulnerability due to lack of validation of url, which allows a malicious user to read content of any file with known path.
|
|||||
| CVE-2018-3713 | 1 Angular-http-server Project | 1 Angular-http-server | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
angular-http-server node module suffers from a Path Traversal vulnerability due to lack of validation of possibleFilename, which allows a malicious user to read content of any file with known path.
|
|||||
| CVE-2018-3712 | 1 Zeit | 1 Serve | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
serve node module before 6.4.9 suffers from a Path Traversal vulnerability due to not handling %2e (.) and %2f (/) and allowing them in paths, which allows a malicious user to view the contents of any directory with known path.
|
|||||
| CVE-2018-3710 | 2 Debian, Gitlab | 2 Debian Linux, Gitlab | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Gitlab Community and Enterprise Editions version 10.3.3 is vulnerable to an Insecure Temporary File in the project import component resulting remote code execution.
|
|||||
| CVE-2018-2367 | 1 Sap | 1 Business Application Software Integrated Solution | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
ABAP File Interface in, SAP BASIS, from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs.
|
|||||
| CVE-2018-2366 | 1 Redwood | 1 Sap Business Process Automation | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
SAP Business Process Automation (BPA) By Redwood, 9.0, 9.1, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing 'traverse to parent directory' are passed through to the file APIs.
|
|||||
| CVE-2018-2006 | 1 Ibm | 1 Robotic Process Automation With Automation Anywhere | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
|
IBM Robotic Process Automation with Automation Anywhere 11 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to upload arbitrary files to the system. IBM X-Force ID: 155008.
|
|||||
| CVE-2018-25094 | 1 Kotchasan | 1 Online Accounting System | 2024-11-21 | 2.7 LOW | 3.5 LOW |
|
A vulnerability was found in ระบบบัญชีออนไลน์ Online Accounting System up to 1.4.0 and classified as problematic. This issue affects some unknown processing of the file ckeditor/filemanager/browser/default/image.php. The manipulation of the argument fid with the input ../../../etc/passwd leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. Upgrading to version 2.0.0 is able to address this issue. The identifier of the patch is 9d9618422b980335bb30b ...
Show More |
|||||
| CVE-2018-25059 | 1 Pastebinit Project | 1 Pastebinit | 2024-11-21 | 2.7 LOW | 3.5 LOW |
|
A vulnerability was found in pastebinit up to 0.2.2 and classified as problematic. Affected by this issue is the function pasteHandler of the file server.go. The manipulation of the argument r.URL.Path leads to path traversal. Upgrading to version 0.2.3 is able to address this issue. The name of the patch is 1af2facb6d95976c532b7f8f82747d454a092272. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217040.
|
|||||
| CVE-2018-25048 | 1 Codesys | 15 Control For Beaglebone, Control For Empc-a\/imx6, Control For Iot2000 and 12 more | 2024-11-21 | N/A | 8.8 HIGH |
|
The CODESYS runtime system in multiple versions allows an remote low privileged attacker to use a path traversal vulnerability to access and modify all system files as well as DoS the device.
|
|||||
| CVE-2018-20795 | 1 Tecrail | 1 Responsive Filemanager | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
tecrail Responsive FileManager 9.13.4 allows remote attackers to read arbitrary files via path traversal with the path parameter, through the copy_cut action in ajax_calls.php and the paste_clipboard action in execute.php.
|
|||||
| CVE-2018-20794 | 1 Tecrail | 1 Responsive Filemanager | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
tecrail Responsive FileManager 9.13.4 allows remote attackers to write to an arbitrary image file (jpg/jpeg/png) via path traversal with the path parameter, through the save_img action in ajax_calls.php.
|
|||||
| CVE-2018-20793 | 1 Tecrail | 1 Responsive Filemanager | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
tecrail Responsive FileManager 9.13.4 allows remote attackers to write to an arbitrary file as a consequence of a paths[0] path traversal mitigation bypass, through the create_file action in execute.php.
|
|||||
| CVE-2018-20792 | 1 Tecrail | 1 Responsive Filemanager | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
tecrail Responsive FileManager 9.13.4 allows remote attackers to read arbitrary file via path traversal with the path parameter, through the get_file action in ajax_calls.php.
|
|||||
| CVE-2018-20790 | 1 Tecrail | 1 Responsive Filemanager | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
|
tecrail Responsive FileManager 9.13.4 allows remote attackers to delete an arbitrary file as a consequence of a paths[0] path traversal mitigation bypass through the delete_file action in execute.php.
|
|||||
| CVE-2018-20789 | 1 Tecrail | 1 Responsive Filemanager | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
|
tecrail Responsive FileManager 9.13.4 allows remote attackers to delete an arbitrary directory as a consequence of a paths[0] path traversal mitigation bypass through the delete_folder action in execute.php.
|
|||||
| CVE-2018-20769 | 1 Xerox | 58 Workcentre 3655, Workcentre 3655 Firmware, Workcentre 3655i and 55 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. There is a Local File Inclusion vulnerability.
|
|||||
| CVE-2018-20714 | 1 Woocommerce | 1 Woocommerce | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
|
The logging system of the Automattic WooCommerce plugin before 3.4.6 for WordPress is vulnerable to a File Deletion vulnerability. This allows deletion of woocommerce.php, which leads to certain privilege checks not being in place, and therefore a shop manager can escalate privileges to admin.
|
|||||
| CVE-2018-20647 | 1 Car Rental Script Project | 1 Car Rental Script | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
PHP Scripts Mall Car Rental Script 2.0.8 has directory traversal via a direct request for a listing of an image directory such as an images/ directory.
|
|||||
| CVE-2018-20646 | 1 Basic B2b Script Project | 1 Basic B2b Script | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
PHP Scripts Mall Basic B2B Script 2.0.9 has has directory traversal via a direct request for a listing of an image directory such as an uploads/ directory.
|
|||||
| CVE-2018-20643 | 1 Entrepreneur Job Portal Script Project | 1 Entrepreneur Job Portal Script | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has directory traversal via a direct request for a listing of an image directory such as an assets/ directory.
|
|||||
| CVE-2018-20638 | 1 Chartered Accountant \ | 1 Auditor Website Project | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has directory traversal via a direct request for a listing of an image directory such as an assets/ directory.
|
|||||
| CVE-2018-20635 | 1 Advance B2b Script Project | 1 Advance B2b Script | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
PHP Scripts Mall Advance B2B Script 2.1.4 has directory traversal via a direct request for a listing of an image directory such as an assets/ directory.
|
|||||
| CVE-2018-20631 | 1 Website Seller Script Project | 1 Website Seller Script | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
PHP Scripts Mall Website Seller Script 2.0.5 allows full Path Disclosure via a request for an arbitrary image URL such as a .png file.
|
|||||
| CVE-2018-20630 | 1 Advance Crowdfunding Script Project | 1 Advance Crowdfunding Script | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
PHP Scripts Mall Advance Crowdfunding Script 2.0.3 has directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2018/12 directory.
|
|||||
| CVE-2018-20629 | 1 Charity Donation Script Project | 1 Charity Donation Script | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
PHP Scripts Mall Charity Donation Script readymadeb2bscript has directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2018/12 directory.
|
|||||
| CVE-2018-20628 | 1 Charity Foundation Script Project | 1 Charity Foundation Script | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
PHP Scripts Mall Charity Foundation Script 1 through 3 allows directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2018/12 directory.
|
|||||
| CVE-2018-20626 | 1 Consumer Reviews Script Project | 1 Consumer Reviews Script | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
PHP Scripts Mall Consumer Reviews Script 4.0.3 has directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2018/12 directory.
|
|||||
| CVE-2018-20610 | 1 Txjia | 1 Imcat | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
|
imcat 4.4 allows directory traversal via the root/run/adm.php efile parameter.
|
|||||
| CVE-2018-20604 | 1 Lfdycms | 1 Lei Feng Tv Cms | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
|
Lei Feng TV CMS (aka LFCMS) 3.8.6 allows Directory Traversal via crafted use of ..* in Template/edit/path URIs, as demonstrated by the admin.php?s=/Template/edit/path/*web*..*..*..*..*1.txt.html URI to read the 1.txt file.
|
|||||
| CVE-2018-20566 | 1 Douco | 1 Douphp | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
An issue was discovered in DouCo DouPHP 1.5 20181221. It allows full path disclosure in "Smarty error: unable to read resource" error messages for a crafted installation page.
|
|||||