Total
5025 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-2097 | 1 Rubyonrails | 2 Rails, Ruby On Rails | 2019-08-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.2 and 4.x before 4.1.14.2 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-0752. | |||||
| CVE-2016-0752 | 1 Rubyonrails | 2 Rails, Ruby On Rails | 2019-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname. | |||||
| CVE-2014-7818 | 2 Opensuse, Rubyonrails | 3 Opensuse, Rails, Ruby On Rails | 2019-08-08 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.20, 4.0.x before 4.0.11, 4.1.x before 4.1.7, and 4.2.x before 4.2.0.beta3, when serve_static_assets is enabled, allows remote attackers to determine the existence of files outside the application root via a /..%2F sequence. | |||||
| CVE-2014-7829 | 2 Opensuse, Rubyonrails | 3 Opensuse, Rails, Ruby On Rails | 2019-08-08 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.21, 4.0.x before 4.0.12, 4.1.x before 4.1.8, and 4.2.x before 4.2.0.beta4, when serve_static_assets is enabled, allows remote attackers to determine the existence of files outside the application root via vectors involving a \ (backslash) character, a similar issue to CVE-2014-7818. | |||||
| CVE-2017-18448 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| cPanel before 64.0.21 allows certain file-read operations via a Serverinfo_manpage API call (SEC-252). | |||||
| CVE-2016-10828 | 1 Cpanel | 1 Cpanel | 2019-08-07 | 9.0 HIGH | 8.8 HIGH |
| cPanel before 55.9999.141 allows arbitrary code execution because of an unsafe @INC path (SEC-97). | |||||
| CVE-2019-7859 | 1 Magento | 1 Magento | 2019-08-06 | 5.0 MEDIUM | 7.5 HIGH |
| A path traversal vulnerability in the WYSIWYG editor for Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 could result in unauthorized access to uploaded images due to insufficient access control. | |||||
| CVE-2018-16858 | 1 Libreoffice | 1 Libreoffice | 2019-08-06 | 7.5 HIGH | 9.8 CRITICAL |
| It was found that libreoffice before versions 6.0.7 and 6.1.3 was vulnerable to a directory traversal attack which could be used to execute arbitrary macros bundled with a document. An attacker could craft a document, which when opened by LibreOffice, would execute a Python method from a script in any arbitrary file system location, specified relative to the LibreOffice install location. | |||||
| CVE-2019-14452 | 3 Canonical, Flightcrew Project, Sigil-ebook | 3 Ubuntu Linux, Flightcrew, Sigil | 2019-08-05 | 5.0 MEDIUM | 7.5 HIGH |
| Sigil before 0.9.16 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a ZIP archive entry that is mishandled during extraction. | |||||
| CVE-2019-13584 | 1 Fanucamerica | 1 Robotics Virtual Robot Controller | 2019-08-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| The remote admin webserver on FANUC Robotics Virtual Robot Controller 8.23 allows Directory Traversal via a forged HTTP request. | |||||
| CVE-2019-10265 | 1 Ahsay | 1 Cloud Backup Suite | 2019-07-31 | 7.8 HIGH | 7.5 HIGH |
| An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. On the /cbs/system/ShowAdvanced.do "File Explorer" screen, it is possible to change the directory in the JavaScript code. If changed to (for example) "C:" then one can browse the whole server. | |||||
| CVE-2019-1010205 | 1 Linagora | 1 Hublin | 2019-07-26 | 5.0 MEDIUM | 7.5 HIGH |
| LINAGORA hublin latest (commit 72ead897082403126bf8df9264e70f0a9de247ff) is affected by: Directory Traversal. The impact is: The vulnerability allows an attacker to access any file (with a fixed extension) on the server. The component is: A web-view renderer; details here: https://lgtm.com/projects/g/linagora/hublin/snapshot/af9f1ce253b4ee923ff8da8f9d908d02a8e95b7f/files/backend/webserver/views.js?sort=name&dir=ASC&mode=heatmap&showExcluded=false#xb24eb0101d2aec21:1. The attack vector is: Attacker sends a specially crafted HTTP request. | |||||
| CVE-2018-8780 | 3 Canonical, Debian, Ruby-lang | 3 Ubuntu Linux, Debian Linux, Ruby | 2019-07-21 | 7.5 HIGH | 9.1 CRITICAL |
| In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.empty? methods do not check NULL characters. When using the corresponding method, unintentional directory traversal may be performed. | |||||
| CVE-2018-6914 | 4 Canonical, Debian, Redhat and 1 more | 4 Ubuntu Linux, Debian Linux, Enterprise Linux and 1 more | 2019-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 might allow attackers to create arbitrary directories or files via a .. (dot dot) in the prefix argument. | |||||
| CVE-2019-5221 | 1 Huawei | 2 Mate 20 X, Mate 20 X Firmware | 2019-07-18 | 3.3 LOW | 6.5 MEDIUM |
| There is a path traversal vulnerability on Huawei Share. The software does not properly validate the path, an attacker could crafted a file path when transporting file through Huawei Share, successful exploit could allow the attacker to transport a file to arbitrary path on the phone. Affected products: Mate 20 X versions earlier than Ever-L29B 9.1.0.300(C432E3R1P12), versions earlier than Ever-L29B 9.1.0.300(C636E3R2P1), and versions earlier than Ever-L29B 9.1.0.300(C185E3R3P1). | |||||
| CVE-2019-3415 | 1 Zte | 2 Zxmw Nr8000, Zxmw Nr8000 Firmware | 2019-07-17 | 2.7 LOW | 5.7 MEDIUM |
| ZTE MW NR8000V2.4.4.03 and NR8000V2.4.4.04 are impacted by path traversal vulnerability. Due to path traversal,users can download any files. | |||||
| CVE-2019-13396 | 1 Getflightpath | 1 Flightpath | 2019-07-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| FlightPath 4.x and 5.0-x allows directory traversal and Local File Inclusion through the form_include parameter in an index.php?q=system-handle-form-submit POST request because of an include_once in system_handle_form_submit in modules/system/system.module. | |||||
| CVE-2019-12990 | 1 Citrix | 2 Netscaler Sd-wan, Sd-wan | 2019-07-17 | 10.0 HIGH | 9.8 CRITICAL |
| Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow Directory Traversal. | |||||
| CVE-2019-12925 | 1 Mailenable | 1 Mailenable | 2019-07-16 | 6.5 MEDIUM | 8.1 HIGH |
| MailEnable Enterprise Premium 10.23 was vulnerable to multiple directory traversal issues, with which authenticated users could add, remove, or potentially read files in arbitrary folders accessible by the IIS user. This could lead to reading other users' credentials including those of SYSADMIN accounts, reading other users' emails, or adding emails or files to other users' accounts. | |||||
| CVE-2014-6036 | 1 Zohocorp | 3 Manageengine It360, Manageengine Opmanager, Manageengine Social It Plus | 2019-07-15 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in the multipartRequest servlet in ZOHO ManageEngine OpManager 11.3 and earlier, Social IT Plus 11.0, and IT360 10.3, 10.4, and earlier allows remote attackers or remote authenticated users to delete arbitrary files via a .. (dot dot) in the fileName parameter. | |||||