Total
5025 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-11082 | 1 Dkpro-core Project | 1 Dkpro-core | 2019-05-10 | 6.4 MEDIUM | 7.5 HIGH |
| core/api/datasets/internal/actions/Explode.java in the Dataset API in DKPro Core through 1.10.0 allows Directory Traversal, resulting in the overwrite of local files with the contents of an archive. | |||||
| CVE-2017-17108 | 1 Konakart | 1 Konakart | 2019-05-10 | 7.5 HIGH | 9.8 CRITICAL |
| Path traversal vulnerability in the administrative panel in KonaKart eCommerce Platform version 8.7 and earlier could allow an attacker to download system files, as well as upload specially crafted JSP files and in turn gain access to the server. | |||||
| CVE-2019-4178 | 1 Ibm | 1 Cognos Analytics | 2019-05-09 | 6.4 MEDIUM | 9.1 CRITICAL |
| IBM Cognos Analytics 11 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to write or view arbitrary files on the system. IBM X-Force ID: 158919. | |||||
| CVE-2018-1000997 | 1 Jenkins | 1 Jenkins | 2019-05-08 | 4.0 MEDIUM | 6.5 MEDIUM |
| A path traversal vulnerability exists in the Stapler web framework used by Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/org/kohsuke/stapler/Facet.java, groovy/src/main/java/org/kohsuke/stapler/jelly/groovy/GroovyFacet.java, jelly/src/main/java/org/kohsuke/stapler/jelly/JellyFacet.java, jruby/src/main/java/org/kohsuke/stapler/jelly/jruby/JRubyFacet.java, jsp/src/main/java/org/kohsuke/stapler/jsp/JSPFacet.java that allows attackers to render routable objects using any view in Jenkins, exposing internal information about those objects not intended to be viewed, such as their toString() representation. | |||||
| CVE-2018-1000406 | 1 Jenkins | 1 Jenkins | 2019-05-08 | 4.0 MEDIUM | 6.5 MEDIUM |
| A path traversal vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/model/FileParameterValue.java that allows attackers with Job/Configure permission to define a file parameter with a file name outside the intended directory, resulting in an arbitrary file write on the Jenkins master when scheduling a build. | |||||
| CVE-2019-7387 | 1 Systrome | 6 Isg-600c, Isg-600c Firmware, Isg-600h and 3 more | 2019-05-08 | 4.0 MEDIUM | 6.5 MEDIUM |
| A local file inclusion vulnerability exists in the web interface of Systrome Cumilon ISG-600C, ISG-600H, and ISG-800W 1.1-R2.1_TRUNK-20180914.bin devices. When the export function is called from system/maintenance/export.php, it accepts the path provided by the user, leading to path traversal via the name parameter. | |||||
| CVE-2015-7669 | 1 Easy2map | 1 Easy2map | 2019-05-07 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple directory traversal vulnerabilities in (1) includes/MapImportCSV2.php and (2) includes/MapImportCSV.php in the Easy2Map plugin before 1.3.0 for WordPress allow remote attackers to include and execute arbitrary files via the csvfile parameter related to "upload file functionality." | |||||
| CVE-2019-0191 | 1 Apache | 1 Karaf | 2019-05-06 | 4.0 MEDIUM | 6.5 MEDIUM |
| Apache Karaf kar deployer reads .kar archives and extracts the paths from the "repository/" and "resources/" entries in the zip file. It then writes out the content of these paths to the Karaf repo and resources directories. However, it doesn't do any validation on the paths in the zip file. This means that a malicious user could craft a .kar file with ".." directory names and break out of the directories to write arbitrary content to the filesystem. This is the "Zip-slip" vulnerability - https://snyk.io/research/zip-slip-vulnerability. This vulnerability is low if the Karaf process user has limited permission on the filesystem. Any Apache Karaf releases prior 4.2.3 is impacted. | |||||
| CVE-2015-8352 | 1 Zen-cart | 1 Zen Cart | 2019-05-03 | 10.0 HIGH | 9.8 CRITICAL |
| Directory traversal vulnerability in Zen Cart 1.5.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the act parameter to ajax.php. | |||||
| CVE-2018-16716 | 1 Nih | 1 Ncbi Toolbox | 2019-05-03 | 7.5 HIGH | 9.1 CRITICAL |
| A path traversal vulnerability exists in viewcgi.c in the 2.0.7 through 2.2.26 legacy versions of the NCBI ToolBox, which may result in reading of arbitrary files (i.e., significant information disclosure) or file deletion via the nph-viewgif.cgi query string. | |||||
| CVE-2017-1000028 | 1 Oracle | 1 Glassfish Server | 2019-05-03 | 5.0 MEDIUM | 7.5 HIGH |
| Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Traversal vulnerability, that can be exploited by issuing a specially crafted HTTP GET request. | |||||
| CVE-2018-16961 | 1 Buffalo | 1 Open Xdmod | 2019-05-03 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Open XDMoD through 7.5.0. html/gui/general/dl_publication.php allows Path traversal via the file parameter, allowing remote attackers to read PDF files in arbitrary directories. | |||||
| CVE-2018-12493 | 1 Publiccms | 1 Publiccms | 2019-05-02 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in PublicCMS V4.0.20180210. There is a "Directory Traversal" and "Arbitrary file read" vulnerability via an admin/cmsWebFile/list.html?path=../ URI. | |||||
| CVE-2019-7213 | 1 Smartertools | 1 Smartermail | 2019-04-30 | 5.5 MEDIUM | 6.5 MEDIUM |
| SmarterTools SmarterMail 16.x before build 6985 allows directory traversal. An authenticated user could delete arbitrary files or could create files in new folders in arbitrary locations on the mail server. This could lead to command execution on the server for instance by putting files inside the web directories. | |||||
| CVE-2015-5079 | 1 Blackcat-cms | 1 Blackcat Cms | 2019-04-29 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in widgets/logs.php in BlackCat CMS before 1.1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the dl parameter. | |||||
| CVE-2019-11515 | 1 Gilacms | 1 Gila Cms | 2019-04-26 | 4.0 MEDIUM | 4.9 MEDIUM |
| core/classes/db_backup.php in Gila CMS 1.10.1 allows admin/db_backup?download= absolute path traversal to read arbitrary files. | |||||
| CVE-2018-10862 | 1 Redhat | 4 Enterprise Linux, Jboss Enterprise Application Platform, Virtualization and 1 more | 2019-04-26 | 4.9 MEDIUM | 5.5 MEDIUM |
| WildFly Core before version 6.0.0.Alpha3 does not properly validate file paths in .war archives, allowing for the extraction of crafted .war archives to overwrite arbitrary files. This is an instance of the 'Zip Slip' vulnerability. | |||||
| CVE-2008-3277 | 2 Openfabrics, Redhat | 2 Ibutils, Enterprise Linux | 2019-04-22 | 4.4 MEDIUM | N/A |
| Untrusted search path vulnerability in a certain Red Hat build script for the ibmssh executable in ibutils packages before ibutils-1.5.7-2.el6 in Red Hat Enterprise Linux (RHEL) 6 and ibutils-1.2-11.2.el5 in Red Hat Enterprise Linux (RHEL) 5 allows local users to gain privileges via a Trojan Horse program in refix/lib/, related to an incorrect RPATH setting in the ELF header. | |||||
| CVE-2019-9005 | 1 Cprime | 1 Power Scripts | 2019-04-19 | 6.8 MEDIUM | 6.5 MEDIUM |
| The Cprime Power Scripts app before 4.0.14 for Atlassian Jira allows Directory Traversal. | |||||
| CVE-2019-10945 | 1 Joomla | 1 Joomla\! | 2019-04-17 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Joomla! before 3.9.5. The Media Manager component does not properly sanitize the folder parameter, allowing attackers to act outside the media manager root directory. | |||||