Total
5025 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-4654 | 1 Tp-link | 4 Tl-1043nd, Tl-1043nd Firmware, Tl-wdr4300 and 1 more | 2019-11-25 | 10.0 HIGH | 9.8 CRITICAL |
| Symlink Traversal vulnerability in TP-LINK TL-WDR4300 and TL-1043ND.. | |||||
| CVE-2013-4656 | 1 Asus | 4 Rt-ac66u, Rt-ac66u Firmware, Rt-n56u and 1 more | 2019-11-25 | 10.0 HIGH | 9.8 CRITICAL |
| Symlink Traversal vulnerability in ASUS RT-AC66U and RT-N56U due to misconfiguration in the SMB service. | |||||
| CVE-2019-16540 | 1 Jenkins | 1 Support Core | 2019-11-24 | 5.5 MEDIUM | 6.5 MEDIUM |
| A path traversal vulnerability in Jenkins Support Core Plugin 2.63 and earlier allows attackers with Overall/Read permission to delete arbitrary files on the Jenkins master. | |||||
| CVE-2019-10765 | 1 Iobroker | 1 Iobroker.admin | 2019-11-22 | 7.5 HIGH | 9.8 CRITICAL |
| iobroker.admin before 3.6.12 allows attacker to include file contents from outside the `/log/file1/` directory. | |||||
| CVE-2015-7815 | 1 Matomo | 1 Matomo | 2019-11-21 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in core/ViewDataTable/Factory.php in Piwik before 2.15.0 allows remote attackers to include and execute arbitrary local files via the viewDataTable parameter. | |||||
| CVE-2010-2786 | 1 Matomo | 1 Matomo | 2019-11-21 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in Piwik 0.6 through 0.6.3 allows remote attackers to include arbitrary local files and possibly have unspecified other impact via directory traversal sequences in a crafted data-renderer request. | |||||
| CVE-2018-0588 | 1 Ultimatemember | 1 User Profile \& Membership | 2019-11-20 | 6.4 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in the AJAX function of Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2018-0586 | 1 Ultimatemember | 1 User Profile \& Membership | 2019-11-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| Directory traversal vulnerability in the shortcodes function of Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2013-3073 | 1 Netgear | 2 Wndr4700, Wndr4700 Firmware | 2019-11-20 | 10.0 HIGH | 9.8 CRITICAL |
| A Symlink Traversal vulnerability exists in NETGEAR Centria WNDR4700 Firmware 1.0.0.34. | |||||
| CVE-2019-3423 | 1 Ztehome | 2 C520v21, C520v21 Firmware | 2019-11-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| permission and access control vulnerability, which exists in V2.1.14 and below versions of C520V21 smart camera devices. An attacker can construct a URL for directory traversal and access to other unauthorized files or resources. | |||||
| CVE-2019-3662 | 1 Mcafee | 1 Advanced Threat Defense | 2019-11-15 | 4.0 MEDIUM | 6.5 MEDIUM |
| Path Traversal: '/absolute/pathname/here' vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to gain unintended access to files on the system via carefully constructed HTTP requests. | |||||
| CVE-2019-18951 | 1 Sibsoft | 1 Xfilesharing | 2019-11-15 | 5.0 MEDIUM | 7.5 HIGH |
| SibSoft Xfilesharing through 2.5.1 allows op=page&tmpl=../ directory traversal to read arbitrary files. | |||||
| CVE-2016-10039 | 1 Modx | 1 Modx Revolution | 2019-11-14 | 7.5 HIGH | 7.3 HIGH |
| Directory traversal in /connectors/index.php in MODX Revolution before 2.5.2-pl allows remote attackers to perform local file inclusion/traversal/manipulation via a crafted dir parameter, related to browser/directory/getfiles. | |||||
| CVE-2016-10037 | 1 Modx | 1 Modx Revolution | 2019-11-14 | 7.5 HIGH | 7.3 HIGH |
| Directory traversal in /connectors/index.php in MODX Revolution before 2.5.2-pl allows remote attackers to perform local file inclusion/traversal/manipulation via a crafted id (aka dir) parameter, related to browser/directory/getlist. | |||||
| CVE-2019-14994 | 1 Atlassian | 1 Jira Service Desk | 2019-11-14 | 4.3 MEDIUM | 7.5 HIGH |
| The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before version 3.9.16, from version 3.10.0 before version 3.16.8, from version 4.0.0 before version 4.1.3, from version 4.2.0 before version 4.2.5, from version 4.3.0 before version 4.3.4, and version 4.4.0 allows remote attackers with portal access to view arbitrary issues in Jira Service Desk projects via a path traversal vulnerability. Note that when the 'Anyone can email the service desk or raise a request in the portal' setting is enabled, an attacker can grant themselves portal access, allowing them to exploit the vulnerability. | |||||
| CVE-2019-17327 | 1 Tmaxsoft | 1 Jeus | 2019-11-13 | 6.5 MEDIUM | 7.2 HIGH |
| JEUS 7 Fix#0~5 and JEUS 8Fix#0~1 versions contains a directory traversal vulnerability caused by improper input parameter check when uploading installation file in administration web page. That leads remote attacker to execute arbitrary code via uploaded file. | |||||
| CVE-2019-15004 | 1 Atlassian | 1 Jira Service Desk | 2019-11-13 | 4.3 MEDIUM | 7.5 HIGH |
| The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before 3.9.17, from 3.10.0 before 3.16.10, from 4.0.0 before 4.2.6, from 4.3.0 before 4.3.5, from 4.4.0 before 4.4.3, and from 4.5.0 before 4.5.1 allows remote attackers with portal access to view arbitrary issues in Jira Service Desk projects via a path traversal vulnerability. Note that when the 'Anyone can email the service desk or raise a request in the portal' setting is enabled, an attacker can grant themselves portal access, allowing them to exploit the vulnerability. | |||||
| CVE-2019-18924 | 1 Systematic | 1 Iris Webforms | 2019-11-13 | 5.0 MEDIUM | 5.3 MEDIUM |
| Systematic IRIS WebForms 5.4 is vulnerable to directory traversal. By manipulating variables that reference files with ../ (and variations), it is possible to list all the directories and check if a particular file exists. | |||||
| CVE-2019-13623 | 1 Nsa | 1 Ghidra | 2019-11-12 | 6.8 MEDIUM | 7.8 HIGH |
| In NSA Ghidra before 9.1, path traversal can occur in RestoreTask.java (from the package ghidra.app.plugin.core.archive) via an archive with an executable file that has an initial ../ in its filename. This allows attackers to overwrite arbitrary files in scenarios where an intermediate analysis result is archived for sharing with other persons. To achieve arbitrary code execution, one approach is to overwrite some critical Ghidra modules, e.g., the decompile module. | |||||
| CVE-2014-9014 | 1 Wpmarketplace Project | 1 Wpmarketplace | 2019-11-07 | 4.0 MEDIUM | 4.3 MEDIUM |
| Directory traversal vulnerability in the ajaxinit function in wpmarketplace/libs/cart.php in the WP Marketplace plugin before 2.4.1 for WordPress allows remote authenticated users to download arbitrary files via a .. (dot dot) in the file parameter. | |||||