Total
5025 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-7807 | 1 Schneider-electric | 1 Struxureware Data Center Expert | 2018-12-28 | 6.5 MEDIUM | 8.8 HIGH |
| Data Center Expert, versions 7.5.0 and earlier, allows for the upload of a zip file from its user interface to the server. A carefully crafted, malicious file could be mistakenly uploaded by an authenticated user via this feature which could contain path traversal file names. As such, it could allow for the arbitrary upload of files contained with the zip onto the server file system outside of the intended directory. This is leveraging the more commonly known ZipSlip vulnerability within Java code. | |||||
| CVE-2018-17605 | 1 Asset Pipeline Project | 1 Asset-pipeline | 2018-12-28 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the Asset Pipeline plugin before 3.0.4 for Grails. An attacker can perform directory traversal via a crafted request when a servlet-based application is executed in Jetty, because there is a classloader vulnerability that can allow a reverse file traversal route in AssetPipelineFilter.groovy or AssetPipelineFilterCore.groovy. | |||||
| CVE-2018-12306 | 1 Asustor | 2 As602t, Data Master | 2018-12-27 | 5.0 MEDIUM | 7.5 HIGH |
| Directory Traversal in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to view arbitrary files by modifying the "file1" URL parameter, a similar issue to CVE-2018-11344. | |||||
| CVE-2018-12309 | 1 Asustor | 2 As602t, Data Master | 2018-12-27 | 5.0 MEDIUM | 7.5 HIGH |
| Directory Traversal in upload.cgi in ASUSTOR ADM version 3.1.1 allows attackers to upload files to arbitrary locations by modifying the "path" URL parameter. NOTE: the "filename" POST parameter is covered by CVE-2018-11345. | |||||
| CVE-2018-19753 | 1 Oracle | 1 Tarantella Enterprise | 2018-12-26 | 5.0 MEDIUM | 7.5 HIGH |
| Tarantella Enterprise before 3.11 allows Directory Traversal. | |||||
| CVE-2018-13322 | 1 Buffalo | 2 Ts5600d1206, Ts5600d1206 Firmware | 2018-12-26 | 4.0 MEDIUM | 6.5 MEDIUM |
| Directory traversal in list_folders method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to list directory contents via the "path" parameter. | |||||
| CVE-2018-19748 | 1 Sdcms | 1 Sdcms | 2018-12-21 | 5.0 MEDIUM | 7.5 HIGH |
| app/plug/attachment/controller/admincontroller.php in SDCMS 1.6 allows reading arbitrary files via a /?m=plug&c=admin&a=index&p=attachment&root= directory traversal. The value of the root parameter must be base64 encoded (note that base64 encoding, instead of URL encoding, is very rare in a directory traversal attack vector). | |||||
| CVE-2018-12314 | 1 Asustor | 2 As602t, Data Master | 2018-12-21 | 7.8 HIGH | 7.5 HIGH |
| Directory Traversal in downloadwallpaper.cgi in ASUSTOR ADM version 3.1.1 allows attackers to download arbitrary files by manipulating the "file" and "folder" URL parameters. | |||||
| CVE-2018-13332 | 1 Terra-master | 1 Terramaster Operating System | 2018-12-20 | 5.0 MEDIUM | 7.5 HIGH |
| Directory Traversal in the explorer application in TerraMaster TOS version 3.1.03 allows attackers to upload files to arbitrary locations via the "path" URL parameter. | |||||
| CVE-2018-14707 | 1 Drobo | 2 5n2, 5n2 Firmware | 2018-12-20 | 7.8 HIGH | 7.5 HIGH |
| Directory traversal in the Drobo Pix web application on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to upload files to arbitrary locations. | |||||
| CVE-2018-7102 | 1 Hp | 1 Intelligent Management Center | 2018-12-20 | 5.0 MEDIUM | 7.5 HIGH |
| A security vulnerability in HPE Intelligent Management Center (iMC) PLAT E0506P09, createFabricAutoCfgFile could be remotely exploited via directory traversal to allow remote arbitrary file modification. | |||||
| CVE-2018-14957 | 1 Isweb | 1 Isweb | 2018-12-19 | 7.5 HIGH | 9.8 CRITICAL |
| CMS ISWEB 3.5.3 is vulnerable to directory traversal and local file download, as demonstrated by moduli/downloadFile.php?file=oggetto_documenti/../.././inc/config.php (one can take the control of the application because credentials are present in that config.php file). | |||||
| CVE-2018-0693 | 1 Soliton | 1 Filezen | 2018-12-17 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in FileZen V3.0.0 to V4.2.1 allows remote attackers to upload an arbitrary file in the specific directory in FileZen via unspecified vectors. | |||||
| CVE-2018-19326 | 1 Zyxel | 2 Vmg1312-b10d, Vmg1312-b10d Firmware | 2018-12-17 | 5.0 MEDIUM | 7.5 HIGH |
| Zyxel VMG1312-B10D devices before 5.13(AAXA.8)C0 allow ../ Directory Traversal, as demonstrated by reading /etc/passwd. | |||||
| CVE-2015-7254 | 1 Huawei | 3 Hg532e, Hg532n, Hg532s | 2018-12-15 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability on Huawei HG532e, HG532n, and HG532s devices allows remote attackers to read arbitrary files via a .. (dot dot) in an icon/ URI. | |||||
| CVE-2018-0673 | 1 Cybozu | 1 Garoon | 2018-12-14 | 5.5 MEDIUM | 8.1 HIGH |
| Directory traversal vulnerability in Cybozu Garoon 3.5.0 to 4.6.3 allows authenticated attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2014-2535 | 1 Mcafee | 1 Web Gateway | 2018-12-13 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in McAfee Web Gateway (MWG) 7.4.x before 7.4.1, 7.3.x before 7.3.2.6, and 7.2.0.9 and earlier allows remote authenticated users to read arbitrary files via a crafted request to the web filtering port. | |||||
| CVE-2018-9445 | 1 Google | 1 Android | 2018-12-12 | 7.2 HIGH | 6.8 MEDIUM |
| In readMetadata of Utils.cpp, there is a possible path traversal bug due to a confused deputy. This could lead to local escalation of privilege when mounting a USB device with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-80436257. | |||||
| CVE-2018-15705 | 1 Advantech | 1 Webaccess | 2018-12-12 | 8.5 HIGH | 6.5 MEDIUM |
| WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to write or overwrite any file on the filesystem due to a directory traversal vulnerability in the writeFile API. An attacker can use this vulnerability to remotely execute arbitrary code. | |||||
| CVE-2018-19181 | 1 Yunucms | 1 Yunucms | 2018-12-12 | 6.4 MEDIUM | 7.5 HIGH |
| statics/ueditor/php/vendor/Local.class.php in YUNUCMS 1.1.5 allows arbitrary file deletion via the statics/ueditor/php/controller.php?action=remove key parameter, as demonstrated by using directory traversal to delete the install.lock file. | |||||