Total
5025 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-16654 | 2 Debian, Sensiolabs | 2 Debian Linux, Symfony | 2019-03-13 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5. The Intl component includes various bundle readers that are used to read resource bundles from the local filesystem. The read() methods of these classes use a path and a locale to determine the language bundle to retrieve. The locale argument value is commonly retrieved from untrusted user input (like a URL parameter). An attacker can use this argument to navigate to arbitrary directories via the dot-dot-slash attack, aka Directory Traversal. | |||||
| CVE-2019-5923 | 1 Ichain | 1 Insurance Wallet | 2019-03-13 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in iChain Insurance Wallet App for iOS Version 1.3.0 and earlier allows remote attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2013-7466 | 1 Simplemachines | 1 Simple Machines Forum | 2019-03-12 | 6.5 MEDIUM | 8.8 HIGH |
| Simple Machines Forum (SMF) 2.0.4 allows local file inclusion, with resultant remote code execution, in install.php via ../ directory traversal in the db_type parameter if install.php remains present after installation. | |||||
| CVE-2018-14056 | 2 Debian, Znc | 2 Debian Linux, Znc | 2019-03-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| ZNC before 1.7.1-rc1 is prone to a path traversal flaw via ../ in a web skin name to access files outside of the intended skins directories. | |||||
| CVE-2019-9622 | 1 Ebrigade | 1 Ebrigade | 2019-03-07 | 4.0 MEDIUM | 4.3 MEDIUM |
| eBrigade through 4.5 allows Arbitrary File Download via ../ directory traversal in the showfile.php file parameter, as demonstrated by reading the user-data/save/backup.sql file. | |||||
| CVE-2019-9610 | 1 Ofcms Project | 1 Ofcms | 2019-03-07 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in OFCMS before 1.1.3. It has admin/cms/template/getTemplates.html?res_path=res&up_dir=../ directory traversal, related to the getTemplates function in TemplateController.java. | |||||
| CVE-2019-9611 | 1 Ofcms Project | 1 Ofcms | 2019-03-07 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in OFCMS before 1.1.3. It allows admin/cms/template/getTemplates.html?res_path=res directory traversal, with ../ in the dir parameter, to write arbitrary content (in the file_content parameter) into an arbitrary file (specified by the file_name parameter). This is related to the save function in TemplateController.java. | |||||
| CVE-2019-9607 | 1 Medical Store Script Project | 1 Medical Store Script | 2019-03-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| PHP Scripts Mall Medical Store Script 3.0.3 allows Path Traversal by navigating to the parent directory of a jpg or png file. | |||||
| CVE-2018-14847 | 1 Mikrotik | 1 Routeros | 2019-03-07 | 6.4 MEDIUM | 9.1 CRITICAL |
| MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface. | |||||
| CVE-2018-5337 | 1 Zohocorp | 1 Manageengine Desktop Central | 2019-03-05 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: directory traversal in the SCRIPT_NAME field when modifying existing scripts. | |||||
| CVE-2018-0496 | 2 Debian, Dinknetwork | 3 Debian Linux, Dfarc, Dfarc2 | 2019-03-01 | 6.4 MEDIUM | 7.5 HIGH |
| Directory traversal issues in the D-Mod extractor in DFArc and DFArc2 (as well as in RTsoft's Dink Smallwood HD / ProtonSDK version) before 3.14 allow an attacker to overwrite arbitrary files on the user's system. | |||||
| CVE-2018-9117 | 1 Wiremock | 1 Wiremock | 2019-02-27 | 5.0 MEDIUM | 5.3 MEDIUM |
| WireMock before 2.16.0 contains a vulnerability that allows a remote unauthenticated attacker to access local files beyond the application directory via a specially crafted XML request, aka Directory Traversal. | |||||
| CVE-2013-3661 | 1 Microsoft | 8 Windows 7, Windows 8, Windows Rt and 5 more | 2019-02-26 | 4.9 MEDIUM | N/A |
| The EPATHOBJ::bFlatten function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not check whether linked-list traversal is continually accessing the same list member, which allows local users to cause a denial of service (infinite traversal) via vectors that trigger a crafted PATHRECORD chain. | |||||
| CVE-2018-20793 | 1 Tecrail | 1 Responsive Filemanager | 2019-02-25 | 5.0 MEDIUM | 7.5 HIGH |
| tecrail Responsive FileManager 9.13.4 allows remote attackers to write to an arbitrary file as a consequence of a paths[0] path traversal mitigation bypass, through the create_file action in execute.php. | |||||
| CVE-2018-20794 | 1 Tecrail | 1 Responsive Filemanager | 2019-02-25 | 5.0 MEDIUM | 7.5 HIGH |
| tecrail Responsive FileManager 9.13.4 allows remote attackers to write to an arbitrary image file (jpg/jpeg/png) via path traversal with the path parameter, through the save_img action in ajax_calls.php. | |||||
| CVE-2018-20795 | 1 Tecrail | 1 Responsive Filemanager | 2019-02-25 | 5.0 MEDIUM | 7.5 HIGH |
| tecrail Responsive FileManager 9.13.4 allows remote attackers to read arbitrary files via path traversal with the path parameter, through the copy_cut action in ajax_calls.php and the paste_clipboard action in execute.php. | |||||
| CVE-2019-9064 | 1 Cab Booking Script Project | 1 Cab Booking Script | 2019-02-25 | 5.0 MEDIUM | 5.3 MEDIUM |
| PHP Scripts Mall Cab Booking Script 1.0.3 allows Directory Traversal into the parent directory of a jpg or png file. | |||||
| CVE-2018-20789 | 1 Tecrail | 1 Responsive Filemanager | 2019-02-25 | 6.4 MEDIUM | 7.5 HIGH |
| tecrail Responsive FileManager 9.13.4 allows remote attackers to delete an arbitrary directory as a consequence of a paths[0] path traversal mitigation bypass through the delete_folder action in execute.php. | |||||
| CVE-2018-20790 | 1 Tecrail | 1 Responsive Filemanager | 2019-02-25 | 6.4 MEDIUM | 7.5 HIGH |
| tecrail Responsive FileManager 9.13.4 allows remote attackers to delete an arbitrary file as a consequence of a paths[0] path traversal mitigation bypass through the delete_file action in execute.php. | |||||
| CVE-2018-20792 | 1 Tecrail | 1 Responsive Filemanager | 2019-02-25 | 5.0 MEDIUM | 7.5 HIGH |
| tecrail Responsive FileManager 9.13.4 allows remote attackers to read arbitrary file via path traversal with the path parameter, through the get_file action in ajax_calls.php. | |||||