Total
5025 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-15520 | 1 Comelz | 1 Quark | 2019-08-27 | 5.0 MEDIUM | 5.3 MEDIUM |
| comelz Quark before 2019-03-26 allows directory traversal to locations outside of the project directory. | |||||
| CVE-2019-15518 | 1 Swoole | 1 Swoole | 2019-08-27 | 5.0 MEDIUM | 5.3 MEDIUM |
| Swoole before 4.2.13 allows directory traversal in swPort_http_static_handler. | |||||
| CVE-2019-9648 | 1 Coreftp | 1 Core Ftp | 2019-08-26 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. A directory traversal vulnerability exists using the SIZE command along with a \..\..\ substring, allowing an attacker to enumerate file existence based on the returned information. | |||||
| CVE-2019-9649 | 1 Coreftp | 1 Core Ftp | 2019-08-26 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. Using the MDTM FTP command, a remote attacker can use a directory traversal technique (..\..\) to browse outside the root directory to determine the existence of a file on the operating system, and its last modified date. | |||||
| CVE-2016-10924 | 1 Zedna Ebook Download Project | 1 Zedna Ebook Download | 2019-08-23 | 5.0 MEDIUM | 7.5 HIGH |
| The ebook-download plugin before 1.2 for WordPress has directory traversal. | |||||
| CVE-2017-18585 | 1 Ivycat | 1 Posts In Page | 2019-08-23 | 5.5 MEDIUM | 8.1 HIGH |
| The posts-in-page plugin before 1.3.0 for WordPress has ic_add_posts template='../ directory traversal. | |||||
| CVE-2019-15326 | 1 Codection | 1 Import Users From Csv With Meta | 2019-08-23 | 5.0 MEDIUM | 7.5 HIGH |
| The import-users-from-csv-with-meta plugin before 1.14.2.1 for WordPress has directory traversal. | |||||
| CVE-2019-12479 | 1 Twentytwenty.storage Project | 1 Twentytwenty.storage | 2019-08-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in 20|20 Storage 2.11.0. A Path Traversal vulnerability in the TwentyTwenty.Storage library in the LocalStorageProvider allows creating and reading files outside of the specified basepath. If the application using this library does not sanitize user-supplied filenames, then this issue may be exploited to read or write arbitrary files. This affects LocalStorageProvider.cs. | |||||
| CVE-2019-14312 | 1 Aptana | 1 Jaxer | 2019-08-19 | 4.0 MEDIUM | 6.5 MEDIUM |
| Aptana Jaxer 1.0.3.4547 is vulnerable to a local file inclusion vulnerability in the wikilite source code viewer. This vulnerability allows a remote attacker to read internal files on the server via a tools/sourceViewer/index.html?filename=../ URI. | |||||
| CVE-2018-8741 | 2 Debian, Squirrelmail | 2 Debian Linux, Squirrelmail | 2019-08-15 | 6.5 MEDIUM | 8.8 HIGH |
| A directory traversal flaw in SquirrelMail 1.4.22 allows an authenticated attacker to exfiltrate (or potentially delete) files from the hosting server, related to ../ in the att_local_name field in Deliver.class.php. | |||||
| CVE-2019-10352 | 1 Jenkins | 1 Jenkins | 2019-08-15 | 4.0 MEDIUM | 6.5 MEDIUM |
| A path traversal vulnerability in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier in core/src/main/java/hudson/model/FileParameterValue.java allowed attackers with Job/Configure permission to define a file parameter with a file name outside the intended directory, resulting in an arbitrary file write on the Jenkins master when scheduling a build. | |||||
| CVE-2019-14798 | 1 10web | 1 Photo Gallery | 2019-08-14 | 4.0 MEDIUM | 4.9 MEDIUM |
| The 10Web Photo Gallery plugin before 1.5.25 for WordPress has Authenticated Local File Inclusion via directory traversal in the wp-admin/admin-ajax.php?action=shortcode_bwg tagtext parameter. | |||||
| CVE-2019-12143 | 1 Progress | 1 Ipswitch Ws Ftp Server | 2019-08-14 | 5.0 MEDIUM | 5.3 MEDIUM |
| A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. An attacker can supply a string using special patterns via the SCP protocol to disclose WS_FTP usernames as well as filenames. | |||||
| CVE-2019-14362 | 1 Openbravo | 1 Openbravo Erp | 2019-08-14 | 5.5 MEDIUM | 5.4 MEDIUM |
| Openbravo ERP before 3.0PR19Q1.3 is affected by Directory Traversal. This vulnerability could allow remote authenticated attackers to replace a file on the server via the getAttachmentDirectoryForNewAttachment inpKey value. | |||||
| CVE-2019-14701 | 1 Microdigital | 6 Mdc-n2190v, Mdc-n2190v Firmware, Mdc-n4090 and 3 more | 2019-08-13 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. An attacker can trigger read operations on an arbitrary file via Path Traversal in the TZ parameter, but cannot retrieve the data that is read. This causes a denial of service if the filename is, for example, /dev/random. | |||||
| CVE-2019-14700 | 1 Microdigital | 6 Mdc-n2190v, Mdc-n2190v Firmware, Mdc-n4090 and 3 more | 2019-08-13 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. There is disclosure of the existence of arbitrary files via Path Traversal in HTTPD. This occurs because the filename specified in the TZ parameter is accessed with a substantial delay if that file exists. | |||||
| CVE-2019-14521 | 1 Emca | 1 Energy Logserver | 2019-08-13 | 5.0 MEDIUM | 7.5 HIGH |
| The api/admin/logoupload Logo File upload feature in EMCA Energy Logserver 6.1.2 allows attackers to send any kind of file to any location on the server via path traversal in the filename parameter. | |||||
| CVE-2019-13635 | 1 Wpfastestcache | 1 Wp Fastest Cache | 2019-08-13 | 6.4 MEDIUM | 9.1 CRITICAL |
| The WP Fastest Cache plugin through 0.8.9.5 for WordPress allows wpFastestCache.php and inc/cache.php Directory Traversal. | |||||
| CVE-2016-6795 | 1 Apache | 1 Struts | 2019-08-12 | 7.5 HIGH | 9.8 CRITICAL |
| In the Convention plugin in Apache Struts 2.3.x before 2.3.31, and 2.5.x before 2.5.5, it is possible to prepare a special URL which will be used for path traversal and execution of arbitrary code on server side. | |||||
| CVE-2019-11508 | 1 Pulsesecure | 1 Pulse Connect Secure | 2019-08-09 | 6.5 MEDIUM | 7.2 HIGH |
| In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an authenticated attacker (via the admin web interface) can exploit Directory Traversal to execute arbitrary code on the appliance. | |||||