Total
8266 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-17899 | 1 Lcds | 1 Laquis Scada | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
LAquis SCADA Versions 4.1.0.3870 and prior has a path traversal vulnerability, which may allow remote code execution.
|
|||||
| CVE-2018-17838 | 1 Jtbc | 1 Jtbc Php | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in JTBC(PHP) 3.0.1.6. Arbitrary file read operations are possible via a /console/#/console/file/manage.php?type=list&path=c:/ substring.
|
|||||
| CVE-2018-17837 | 1 Jtbc | 1 Jtbc Php | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
|
An issue was discovered in JTBC(PHP) 3.0.1.6. Arbitrary file deletion is possible via a /console/file/manage.php?type=action&action=delete&path=c%3A%2F substring.
|
|||||
| CVE-2018-17836 | 1 Jtbc | 1 Jtbc Php | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
An issue was discovered in JTBC(PHP) 3.0.1.6. It allows remote attackers to execute arbitrary PHP code by using a /console/file/manage.php?type=action&action=addfile&path=..%2F substring to upload, in conjunction with a multipart/form-data PHP payload.
|
|||||
| CVE-2018-17798 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
|
An issue was discovered in zzcms 8.3. user/ztconfig.php allows remote attackers to delete arbitrary files via an absolute pathname in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock.
|
|||||
| CVE-2018-17797 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
|
An issue was discovered in zzcms 8.3. user/zssave.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock.
|
|||||
| CVE-2018-17785 | 1 Blynk | 1 Blynk-server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In blynk-server in Blynk before 0.39.7, Directory Traversal exists via a ../ in a URI that has /static or /static/js at the beginning, as demonstrated by reading the /etc/passwd file.
|
|||||
| CVE-2018-17605 | 1 Asset Pipeline Project | 1 Asset-pipeline | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in the Asset Pipeline plugin before 3.0.4 for Grails. An attacker can perform directory traversal via a crafted request when a servlet-based application is executed in Jetty, because there is a classloader vulnerability that can allow a reverse file traversal route in AssetPipelineFilter.groovy or AssetPipelineFilterCore.groovy.
|
|||||
| CVE-2018-17553 | 1 Naviwebs | 1 Navigate Cms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
An "Unrestricted Upload of File with Dangerous Type" issue with directory traversal in navigate_upload.php in Naviwebs Navigate CMS 2.8 allows authenticated attackers to achieve remote code execution via a POST request with engine=picnik and id=../../../navigate_info.php.
|
|||||
| CVE-2018-17444 | 1 Citrix | 2 Netscaler Sd-wan, Sd-wan | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A Directory Traversal issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.
|
|||||
| CVE-2018-17365 | 1 Seacms | 1 Seacms | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
|
SeaCMS 6.64 and 7.2 allows remote attackers to delete arbitrary files via the filedir parameter.
|
|||||
| CVE-2018-17297 | 1 Hutool | 1 Hutool | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
|
The unzip function in ZipUtil.java in Hutool before 4.1.12 allows remote attackers to overwrite arbitrary files via directory traversal sequences in a filename within a ZIP archive.
|
|||||
| CVE-2018-17180 | 1 Open-emr | 1 Openemr | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
An issue was discovered in OpenEMR before 5.0.1 Patch 7. Directory Traversal exists via docid=../ to /portal/lib/download_template.php.
|
|||||
| CVE-2018-17125 | 1 Chshcms | 1 Cscms | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
|
CScms 4.1 allows arbitrary directory deletion via a dir=..\\ substring to plugins\sys\admin\Plugins.php.
|
|||||
| CVE-2018-16968 | 1 Citrix | 1 Sharefile Storagezones Controller | 2024-11-21 | 3.5 LOW | 3.1 LOW |
|
Citrix ShareFile StorageZones Controller before 5.4.2 allows Directory Traversal.
|
|||||
| CVE-2018-16961 | 1 Buffalo | 1 Open Xdmod | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in Open XDMoD through 7.5.0. html/gui/general/dl_publication.php allows Path traversal via the file parameter, allowing remote attackers to read PDF files in arbitrary directories.
|
|||||
| CVE-2018-16874 | 4 Debian, Golang, Opensuse and 1 more | 5 Debian Linux, Go, Backports Sle and 2 more | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
|
In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both '{' and '}' characters). Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). The attacker can cause an arbitrary filesystem write, which can lead to code execution.
|
|||||
| CVE-2018-16858 | 1 Libreoffice | 1 Libreoffice | 2024-11-21 | 7.5 HIGH | 7.8 HIGH |
|
It was found that libreoffice before versions 6.0.7 and 6.1.3 was vulnerable to a directory traversal attack which could be used to execute arbitrary macros bundled with a document. An attacker could craft a document, which when opened by LibreOffice, would execute a Python method from a script in any arbitrary file system location, specified relative to the LibreOffice install location.
|
|||||
| CVE-2018-16836 | 1 Rubedo Project | 1 Rubedo | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Rubedo through 3.4.0 contains a Directory Traversal vulnerability in the theme component, allowing unauthenticated attackers to read and execute arbitrary files outside of the service root path, as demonstrated by a /theme/default/img/%2e%2e/..//etc/passwd URI.
|
|||||
| CVE-2018-16831 | 1 Smarty | 1 Smarty | 2024-11-21 | 7.1 HIGH | 5.9 MEDIUM |
|
Smarty before 3.1.33-dev-4 allows attackers to bypass the trusted_dir protection mechanism via a file:./../ substring in an include statement.
|
|||||
| CVE-2018-16820 | 1 Monstra | 1 Monstra | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
admin/index.php in Monstra CMS 3.0.4 allows arbitrary directory listing via id=filesmanager&path=uploads/.......//./.......//./ requests.
|
|||||
| CVE-2018-16819 | 1 Monstra | 1 Monstra | 2024-11-21 | 5.5 MEDIUM | 4.9 MEDIUM |
|
admin/index.php in Monstra CMS 3.0.4 allows arbitrary file deletion via id=filesmanager&path=uploads/.......//./.......//./&delete_file= requests.
|
|||||
| CVE-2018-16774 | 1 Hongcms Project | 1 Hongcms | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
|
HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/language/ajax?action=delete.
|
|||||
| CVE-2018-16739 | 1 Abus | 94 Tvip 10000, Tvip 10000 Firmware, Tvip 10001 and 91 more | 2024-11-21 | N/A | 8.8 HIGH |
|
An issue was discovered on certain ABUS TVIP devices. Due to a path traversal in /opt/cgi/admin/filewrite, an attacker can write to files, and thus execute code arbitrarily with root privileges.
|
|||||
| CVE-2018-16716 | 1 Nih | 1 Ncbi Toolbox | 2024-11-21 | 7.5 HIGH | 9.1 CRITICAL |
|
A path traversal vulnerability exists in viewcgi.c in the 2.0.7 through 2.2.26 legacy versions of the NCBI ToolBox, which may result in reading of arbitrary files (i.e., significant information disclosure) or file deletion via the nph-viewgif.cgi query string.
|
|||||
| CVE-2018-16594 | 1 Sony | 105 Kd-43xe7000, Kd-43xe7002, Kd-43xe7003 and 102 more | 2024-11-21 | 4.8 MEDIUM | 8.1 HIGH |
|
The Photo Sharing Plus component on Sony Bravia TV through 8.587 devices allows Directory Traversal.
|
|||||
| CVE-2018-16549 | 1 Php File Browser Script Project | 1 Php File Browser Script | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
HScripts PHP File Browser Script v1.0 allows Directory Traversal via the index.php path parameter.
|
|||||
| CVE-2018-16518 | 1 Primx | 2 Zed\!, Zed\! Free | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A directory traversal vulnerability with remote code execution in Prim'X Zed! FREE through 1.0 build 186 and Zed! Limited Edition through 6.1 build 2208 allows creation of arbitrary files on a user's workstation using crafted ZED! containers because the watermark loading function can place an executable file into a Startup folder.
|
|||||
| CVE-2018-16493 | 1 Static-resource-server Project | 1 Static-resource-server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A path traversal vulnerability was found in module static-resource-server 1.7.2 that allows unauthorized read access to any file on the server by appending slashes in the URL.
|
|||||
| CVE-2018-16485 | 1 M-server Project | 1 M-server | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Path Traversal vulnerability in module m-server <1.4.1 allows malicious user to access unauthorized content of any file in the directory tree e.g. /etc/passwd by appending slashes to the URL request.
|
|||||
| CVE-2018-16482 | 1 Mcstatic Project | 1 Mcstatic | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A server directory traversal vulnerability was found on node module mcstatic <=0.0.20 that would allow an attack to access sensitive information in the file system by appending slashes in the URL path.
|
|||||
| CVE-2018-16479 | 1 Http-live-simulator Project | 1 Http-live-simulator | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Path traversal vulnerability in http-live-simulator <1.0.7 causes unauthorized access to arbitrary files on disk by appending extra slashes after the URL.
|
|||||
| CVE-2018-16478 | 1 Simplehttpserver Project | 1 Simplehttpserver | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A Path Traversal in simplehttpserver versions <=0.2.1 allows to list any file in another folder of web root.
|
|||||
| CVE-2018-16475 | 1 Knight Project | 1 Knight | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A Path Traversal in Knightjs versions <= 0.0.1 allows an attacker to read content of arbitrary files on a remote server.
|
|||||
| CVE-2018-16473 | 1 Takeapeek Project | 1 Takeapeek | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A path traversal in takeapeek module versions <=0.2.2 allows an attacker to list directory and files.
|
|||||
| CVE-2018-16457 | 1 Open Source Real-estate Script Project | 1 Open Source Real-estate Script | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
PHP Scripts Mall Open Source Real-estate Script 3.6.2 allows remote attackers to list the wp-content/themes/template_dp_dec2015/img directory.
|
|||||
| CVE-2018-16446 | 1 Seamcms | 1 Seacms | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
|
An issue was discovered in SeaCMS through 6.61. adm1n/admin_database.php allows remote attackers to delete arbitrary files via directory traversal sequences in the bakfiles parameter. This can allow the product to be reinstalled by deleting install_lock.txt.
|
|||||
| CVE-2018-16437 | 1 Gxlcms | 1 Gxlcms | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
|
Gxlcms 2.0 before bug fix 20180915 has Directory Traversal exploitable by an administrator.
|
|||||
| CVE-2018-16367 | 1 Qduoj | 1 Onlinejudge | 2024-11-21 | 9.0 HIGH | 9.9 CRITICAL |
|
In OnlineJudge 2.0, the sandbox has an incorrect access control vulnerability that can write a file anywhere. A user can write a directory listing to /tmp, and can leak file data with a #include.
|
|||||
| CVE-2018-16344 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
|
An issue was discovered in zzcms 8.3. It allows remote attackers to delete arbitrary files via directory traversal sequences in the flv parameter. This can be leveraged for database access by deleting install.lock.
|
|||||