Total
5025 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-7866 | 1 Zohocorp | 3 Manageengine It360, Manageengine Opmanager, Manageengine Social It Plus | 2019-07-15 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in ZOHO ManageEngine OpManager 8 (build 88xx) through 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allow remote attackers or remote authenticated users to write and execute arbitrary files via a .. (dot dot) in the (1) fileName parameter to the MigrateLEEData servlet or (2) zipFileName parameter in a downloadFileFromProbe operation to the MigrateCentralData servlet. | |||||
| CVE-2014-5446 | 1 Zohocorp | 2 Manageengine It360, Manageengine Netflow Analyzer | 2019-07-15 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the DisplayChartPDF servlet in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 allows remote attackers and remote authenticated users to read arbitrary files via a .. (dot dot) in the filename parameter. | |||||
| CVE-2014-5445 | 1 Zohocorp | 2 Manageengine It360, Manageengine Netflow Analyzer | 2019-07-15 | 5.0 MEDIUM | N/A |
| Multiple absolute path traversal vulnerabilities in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 allow remote attackers or remote authenticated users to read arbitrary files via a full pathname in the schFilePath parameter to the (1) CSVServlet or (2) CReportPDFServlet servlet. | |||||
| CVE-2014-3578 | 1 Pivotal Software | 1 Spring Framework | 2019-07-13 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Pivotal Spring Framework 3.x before 3.2.9 and 4.0 before 4.0.5 allows remote attackers to read arbitrary files via a crafted URL. | |||||
| CVE-2012-3865 | 2 Puppet, Puppetlabs | 3 Puppet, Puppet Enterprise, Puppet | 2019-07-10 | 3.5 LOW | N/A |
| Directory traversal vulnerability in lib/puppet/reports/store.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, when Delete is enabled in auth.conf, allows remote authenticated users to delete arbitrary files on the puppet master server via a .. (dot dot) in a node name. | |||||
| CVE-2019-10717 | 1 Dotnetblogengine | 1 Blogengine.net | 2019-07-10 | 5.5 MEDIUM | 7.1 HIGH |
| BlogEngine.NET 3.3.7.0 allows /api/filemanager Directory Traversal via the path parameter. | |||||
| CVE-2011-3848 | 2 Puppet, Puppetlabs | 2 Puppet, Puppet | 2019-07-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Puppet 2.6.x before 2.6.10 and 2.7.x before 2.7.4 allows remote attackers to write X.509 Certificate Signing Request (CSR) to arbitrary locations via (1) a double-encoded key parameter in the URI in 2.7.x, (2) the CN in the Subject of a CSR in 2.6 and 0.25. | |||||
| CVE-2015-5065 | 1 Intelligent-it | 1 Paypal Currency Converter Basic For Woocommerce | 2019-07-03 | 5.0 MEDIUM | N/A |
| Absolute path traversal vulnerability in proxy.php in the google currency lookup in the Paypal Currency Converter Basic For WooCommerce plugin before 1.4 for WordPress allows remote attackers to read arbitrary files via a full pathname in the requrl parameter. | |||||
| CVE-2019-7253 | 1 Nortekcontrol | 4 Linear Emerge Elite, Linear Emerge Elite Firmware, Linear Emerge Essential and 1 more | 2019-07-03 | 7.5 HIGH | 9.8 CRITICAL |
| Linear eMerge E3-Series devices allow Directory Traversal. | |||||
| CVE-2018-14918 | 1 Loytec | 2 Lgate-902, Lgate-902 Firmware | 2019-07-03 | 7.8 HIGH | 7.5 HIGH |
| LOYTEC LGATE-902 6.3.2 devices allow Directory Traversal. | |||||
| CVE-2019-12276 | 1 Grandnode | 1 Grandnode | 2019-06-24 | 5.0 MEDIUM | 7.5 HIGH |
| A Path Traversal vulnerability in Controllers/LetsEncryptController.cs in LetsEncryptController in GrandNode 4.40 allows remote, unauthenticated attackers to retrieve arbitrary files on the web server via specially crafted LetsEncrypt/Index?fileName= HTTP requests. A patch for this issue was made on 2019-05-30 in GrandNode 4.40. | |||||
| CVE-2018-16594 | 1 Sony | 105 Kd-43xe7000, Kd-43xe7002, Kd-43xe7003 and 102 more | 2019-06-24 | 4.8 MEDIUM | 8.1 HIGH |
| The Photo Sharing Plus component on Sony Bravia TV through 8.587 devices allows Directory Traversal. | |||||
| CVE-2015-4031 | 1 Visualmining | 1 Netcharts Server | 2019-06-24 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in saveFile.jsp in the development installation in Visual Mining NetChart allows remote attackers to write to arbitrary files via unspecified vectors. | |||||
| CVE-2019-10719 | 1 Dotnetblogengine | 1 Blogengine.net | 2019-06-23 | 6.5 MEDIUM | 8.8 HIGH |
| BlogEngine.NET 3.3.7.0 and earlier allows Directory Traversal and Remote Code Execution because file creation is mishandled, related to /api/upload and BlogEngine.NET/AppCode/Api/UploadController.cs. NOTE: this issue exists because of an incomplete fix for CVE-2019-6714. | |||||
| CVE-2017-9386 | 1 Getvera | 4 Veraedge, Veraedge Firmware, Veralite and 1 more | 2019-06-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a script file called "get_file.sh" which allows a user to retrieve any file stored in the "cmh-ext" folder on the device. However, the "filename" parameter is not validated correctly and this allows an attacker to directory traverse outside the /cmh-ext folder and read any file on the device. It is necessary to create the folder "cmh-ext" on the device which can be executed by an attacker first in an unauthenticated fashion and then execute a directory traversal attack. | |||||
| CVE-2018-20092 | 1 Ptc | 1 Thingworx Platform | 2019-06-20 | 5.0 MEDIUM | 7.5 HIGH |
| PTC ThingWorx Platform through 8.3.0 is vulnerable to a directory traversal attack on ZIP files via a POST request. | |||||
| CVE-2019-10257 | 1 Zucchetti | 1 Hr Portal | 2019-06-20 | 5.0 MEDIUM | 7.5 HIGH |
| Zucchetti HR Portal through 2019-03-15 allows Directory Traversal. Unauthenticated users can escape outside of the restricted location (dot-dot-slash notation) to access files or directories that are elsewhere on the system. Through this vulnerability it is possible to read the application's java sources from /WEB-INF/classes/*.class | |||||
| CVE-2017-9382 | 1 Getvera | 4 Veraedge, Veraedge Firmware, Veralite and 1 more | 2019-06-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides UPnP services that are available on port 3480 and can also be accessed via port 80 using the url "/port_3480". It seems that the UPnP services provide "file" as one of the service actions for a normal user to read a file that is stored under the /etc/cmh-lu folder. It retrieves the value from the "parameters" query string variable and then passes it to an internal function "FileUtils::ReadFileIntoBuffer" which is a library function that does not perform any sanitization on the value submitted and this allows an attacker to use directory traversal characters "../" and read files from other folders within the device. | |||||
| CVE-2019-7315 | 1 Genieaccess | 2 Wip3bvaf, Wip3bvaf Firmware | 2019-06-20 | 5.0 MEDIUM | 7.5 HIGH |
| Genie Access WIP3BVAF WISH IP 3MP IR Auto Focus Bullet Camera devices through 3.x are vulnerable to directory traversal via the web interface, as demonstrated by reading /etc/shadow. NOTE: this product is discontinued, and its final firmware version has this vulnerability (4.x versions exist only for other Genie Access products). | |||||
| CVE-2018-18863 | 1 Ngahr | 1 Resourcelink | 2019-06-19 | 4.0 MEDIUM | 6.5 MEDIUM |
| NGA ResourceLink 20.0.2.1 allows local file inclusion. | |||||