Total
5025 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-18636 | 1 Esafenet | 1 Cdg | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
| CDG through 2017-01-01 allows downloadDocument.jsp?command=download&pathAndName= directory traversal. | |||||
| CVE-2019-9281 | 1 Google | 1 Android | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
| In GoogleContactsSyncAdapter, there is a possible path traversal due to improper input sanitization. This could lead to a bypass of user interaction requirements with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-32748076 | |||||
| CVE-2010-0467 | 2 Chillcreations, Joomla | 2 Com Ccnewsletter, Joomla\! | 2019-09-27 | 5.0 MEDIUM | 5.8 MEDIUM |
| Directory traversal vulnerability in the ccNewsletter (com_ccnewsletter) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a ccnewsletter action to index.php. | |||||
| CVE-2015-9406 | 1 Mtheme-unus Project | 1 Mtheme-unus | 2019-09-27 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in the mTheme-Unus theme before 2.3 for WordPress allows an attacker to read arbitrary files via a .. (dot dot) in the files parameter to css/css.php. | |||||
| CVE-2014-10396 | 1 Organizedthemes | 1 Epic | 2019-09-27 | 5.0 MEDIUM | 7.5 HIGH |
| The epic theme through 2014-09-07 for WordPress allows arbitrary file downloads via the file parameter to includes/download.php. | |||||
| CVE-2019-16903 | 1 Plutinosoft | 1 Platinum | 2019-09-26 | 5.0 MEDIUM | 5.3 MEDIUM |
| Platinum UPnP SDK 1.2.0 allows Directory Traversal in Core/PltHttpServer.cpp because it checks for /.. where it should be checking for ../ instead. | |||||
| CVE-2019-16868 | 1 Emlog | 1 Emlog | 2019-09-26 | 7.5 HIGH | 9.8 CRITICAL |
| emlog through 6.0.0beta has an arbitrary file deletion vulnerability via an admin/data.php?action=dell_all_bak request with directory traversal sequences in the bak[] parameter. | |||||
| CVE-2019-16679 | 1 Gilacms | 1 Gila Cms | 2019-09-23 | 4.0 MEDIUM | 4.9 MEDIUM |
| Gila CMS before 1.11.1 allows admin/fm/?f=../ directory traversal, leading to Local File Inclusion. | |||||
| CVE-2019-13063 | 1 Sahipro | 1 Sahi Pro | 2019-09-23 | 5.0 MEDIUM | 7.5 HIGH |
| Within Sahi Pro 8.0.0, an attacker can send a specially crafted URL to include any victim files on the system via the script parameter on the Script_view page. This will result in file disclosure (i.e., being able to pull any file from the remote victim application). This can be used to steal and obtain sensitive config and other files. This can result in complete compromise of the application. The script parameter is vulnerable to directory traversal and both local and remote file inclusion. | |||||
| CVE-2010-0287 | 1 Dokuwiki | 1 Dokuwiki | 2019-09-23 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25b allows remote attackers to list the contents of arbitrary directories via a .. (dot dot) in the ns parameter. | |||||
| CVE-2019-11327 | 1 Topcon | 2 Net-g5, Net-g5 Firmware | 2019-09-23 | 4.0 MEDIUM | 4.9 MEDIUM |
| An issue was discovered on Topcon Positioning Net-G5 GNSS Receiver devices with firmware 5.2.2. The web interface of the product has a local file inclusion vulnerability. An attacker with administrative privileges can craft a special URL to read arbitrary files from the device's files system. | |||||
| CVE-2014-10397 | 1 Para | 1 Antioch | 2019-09-23 | 5.0 MEDIUM | 7.5 HIGH |
| The Antioch theme through 2014-09-07 for WordPress allows arbitrary file downloads via the file parameter to lib/scripts/download.php. | |||||
| CVE-2019-14914 | 1 Prise | 1 Adas | 2019-09-23 | 7.5 HIGH | 9.1 CRITICAL |
| An issue was discovered in PRiSE adAS 1.7.0. The path is not properly escaped in the medatadata_del method, leading to an arbitrary file read and deletion via Directory Traversal. | |||||
| CVE-2016-10977 | 1 Neliosoftware | 1 Nelio Ab Testing | 2019-09-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| The nelio-ab-testing plugin before 4.5.0 for WordPress has filename=..%2f directory traversal. | |||||
| CVE-2016-10966 | 1 Creativeinteractivemedia | 1 Real3d Flipbook | 2019-09-17 | 5.0 MEDIUM | 7.5 HIGH |
| The real3d-flipbook-lite plugin 1.0 for WordPress has bookName=../ directory traversal for file upload. | |||||
| CVE-2016-10965 | 1 Creativeinteractivemedia | 1 Real3d Flipbook | 2019-09-17 | 6.4 MEDIUM | 7.5 HIGH |
| The real3d-flipbook-lite plugin 1.0 for WordPress has deleteBook=../ directory traversal for file deletion. | |||||
| CVE-2019-5956 | 1 Wondercms | 1 Wondercms | 2019-09-13 | 7.5 HIGH | 6.5 MEDIUM |
| Directory traversal vulnerability in WonderCMS 2.6.0 and earlier allows remote attackers to delete arbitrary files via unspecified vectors. | |||||
| CVE-2019-6783 | 1 Gitlab | 1 Gitlab | 2019-09-10 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. GitLab Pages contains a directory traversal vulnerability that could lead to remote command execution. | |||||
| CVE-2019-12464 | 1 Librenms | 1 Librenms | 2019-09-10 | 6.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in LibreNMS 1.50.1. An authenticated user can perform a directory traversal attack against the /pdf.php file with a partial filename in the report parameter, to cause local file inclusion resulting in code execution. | |||||
| CVE-2019-16132 | 1 Phpok | 1 Oklite | 2019-09-10 | 5.5 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in OKLite v1.2.25. framework/admin/tpl_control.php allows remote attackers to delete arbitrary files via a title directory-traversal pathname followed by a crafted substring. | |||||