Total
5025 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-7835 | 1 Schneider-electric | 1 Iiot Monior | 2019-02-01 | 7.8 HIGH | 7.5 HIGH |
| An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in IIoT Monitor 3.1.38 which could allow access to files available to SYSTEM user. | |||||
| CVE-2018-19040 | 1 Media File Manager Project | 1 Media File Manager | 2019-02-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Media File Manager plugin 1.4.2 for WordPress allows directory listing via a ../ directory traversal in the dir parameter of an mrelocator_getdir action to the wp-admin/admin-ajax.php URI. | |||||
| CVE-2018-19042 | 1 Media File Manager Project | 1 Media File Manager | 2019-02-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Media File Manager plugin 1.4.2 for WordPress allows arbitrary file movement via a ../ directory traversal in the dir_from and dir_to parameters of an mrelocator_move action to the wp-admin/admin-ajax.php URI. | |||||
| CVE-2018-19043 | 1 Media File Manager Project | 1 Media File Manager | 2019-02-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Media File Manager plugin 1.4.2 for WordPress allows arbitrary file renaming (specifying a "from" and "to" filename) via a ../ directory traversal in the dir parameter of an mrelocator_rename action to the wp-admin/admin-ajax.php URI. | |||||
| CVE-2019-7235 | 1 Idreamsoft | 1 Icms | 2019-01-31 | 6.4 MEDIUM | 7.5 HIGH |
| An issue was discovered in idreamsoft iCMS 7.0.13. admincp.php?app=apps&do=save allows directory traversal via _app=/../ to designate an arbitrary directory because of an apps.admincp.php error. This directory can then be deleted via an admincp.php?app=apps&do=uninstall request. | |||||
| CVE-2018-20303 | 1 Gogs | 1 Gogs | 2019-01-31 | 5.0 MEDIUM | 7.5 HIGH |
| In pkg/tool/path.go in Gogs before 0.11.82.1218, a directory traversal in the file-upload functionality can allow an attacker to create a file under data/sessions on the server, a similar issue to CVE-2018-18925. | |||||
| CVE-2019-7237 | 2 Idreamsoft, Microsoft | 2 Icms, Windows | 2019-01-31 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in idreamsoft iCMS 7.0.13 on Windows. editor/editor.admincp.php allows admincp.php?app=files&do=browse ..\ Directory Traversal. | |||||
| CVE-2019-7236 | 1 Idreamsoft | 1 Icms | 2019-01-31 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in idreamsoft iCMS 7.0.13. editor/editor.admincp.php allows admincp.php?app=editor&do=fileManager dir=../ Directory Traversal. | |||||
| CVE-2018-15706 | 1 Advantech | 1 Webaccess | 2019-01-30 | 6.8 MEDIUM | 6.5 MEDIUM |
| WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to read any file on the filesystem due to a directory traversal vulnerability in the readFile API. | |||||
| CVE-2018-9459 | 1 Google | 1 Android | 2019-01-30 | 6.8 MEDIUM | 8.8 HIGH |
| In Attachment of Attachment.java and getFilePath of EmlAttachmentProvider.java, there is a possible Elevation of Privilege due to a path traversal error. This could lead to a remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-66230183. | |||||
| CVE-2018-15490 | 2 Expressvpn, Microsoft | 2 Expressvpn, Windows | 2019-01-30 | 6.6 MEDIUM | 7.1 HIGH |
| An issue was discovered in ExpressVPN on Windows. The Xvpnd.exe process (which runs as a service with SYSTEM privileges) listens on TCP port 2015, which is used as an RPC interface for communication with the client side of the ExpressVPN application. A JSON-RPC protocol over HTTP is used for communication. The JSON-RPC XVPN.GetPreference and XVPN.SetPreference methods are vulnerable to path traversal, and allow reading and writing files on the file system on behalf of the service. | |||||
| CVE-2018-18713 | 1 Phpyun | 1 Phpyun | 2019-01-28 | 5.0 MEDIUM | 7.5 HIGH |
| The function down_sql_action() in /admin/model/database.class.php in PHPYun 4.6 allows remote attackers to read arbitrary files via directory traversal in an m=database&c=down_sql&name=../ URI. | |||||
| CVE-2019-3580 | 1 Openrefine | 1 Openrefine | 2019-01-25 | 5.0 MEDIUM | 7.5 HIGH |
| OpenRefine through 3.1 allows arbitrary file write because Directory Traversal can occur during the import of a crafted project file. | |||||
| CVE-2018-7431 | 1 Splunk | 1 Splunk | 2019-01-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| Directory traversal vulnerability in the Splunk Django App in Splunk Enterprise 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.14, 6.3.x before 6.3.10, 6.4.x before 6.4.6, and 6.5.x before 6.5.3; and Splunk Light before 6.6.0 allows remote authenticated users to read arbitrary files via unspecified vectors. | |||||
| CVE-2018-19197 | 1 Xiaocms | 1 Xiaocms | 2019-01-23 | 5.5 MEDIUM | 4.9 MEDIUM |
| An issue was discovered in XiaoCms 20141229. admin\controller\database.php allows arbitrary directory deletion via admin/index.php?c=database&a=import&paths[]=../ directory traversal. | |||||
| CVE-2018-10822 | 1 D-link | 16 Dir-140l, Dir-140l Firmware, Dir-640l and 13 more | 2019-01-23 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in the web interface on D-Link DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices allows remote attackers to read arbitrary files via a /.. or // after "GET /uir" in an HTTP request. NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-6190. | |||||
| CVE-2019-5887 | 1 Shopxo | 1 Shopxo | 2019-01-18 | 6.4 MEDIUM | 7.5 HIGH |
| An issue was discovered in ShopXO 1.2.0. In the UnlinkDir method of the FileUtil.php file, the input parameters are not checked, resulting in input mishandling by the rmdir method. Attackers can delete arbitrary files by using "../" directory traversal. | |||||
| CVE-2015-9277 | 1 Mailenable | 1 Mailenable | 2019-01-17 | 7.5 HIGH | 9.1 CRITICAL |
| MailEnable before 8.60 allows Directory Traversal for reading the messages of other users, uploading files, and deleting files because "/../" and "/.. /" are mishandled. | |||||
| CVE-2018-0705 | 1 Cybozu | 1 Dezie | 2019-01-15 | 7.5 HIGH | 9.1 CRITICAL |
| Directory traversal vulnerability in Cybozu Dezie 8.0.2 to 8.1.2 allows remote attackers to read arbitrary files via HTTP requests. | |||||
| CVE-2018-0704 | 1 Cybozu | 1 Office | 2019-01-15 | 6.4 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 allows remote attackers to delete arbitrary files via Keitai Screen. | |||||