Total
5025 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-15694 | 1 Asustor | 1 Data Master | 2018-10-30 | 6.0 MEDIUM | 7.5 HIGH |
| ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to upload files to arbitrary locations due to a path traversal vulnerability. This could lead to code execution if the "Web Server" feature is enabled. | |||||
| CVE-2018-15695 | 1 Asustor | 1 Data Master | 2018-10-30 | 8.5 HIGH | 6.5 MEDIUM |
| ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to delete any file on the file system due to a path traversal vulnerability in wallpaper.cgi. | |||||
| CVE-2018-0659 | 1 Hibara | 1 Attachecase | 2018-10-30 | 5.8 MEDIUM | 5.5 MEDIUM |
| Directory traversal vulnerability in ver.2.8.4.0 and earlier and ver.3.3.0.0 and earlier allows an attacker to create or overwrite existing files via specially crafted ATC file. | |||||
| CVE-2018-0660 | 1 Hibara | 1 Attachecase | 2018-10-30 | 4.3 MEDIUM | 3.3 LOW |
| Directory traversal vulnerability in ver.2.8.4.0 and earlier and ver.3.3.0.0 and earlier allows an attacker to create arbitrary files via specially crafted ATC file. | |||||
| CVE-2018-16518 | 1 Primx | 2 Zed\!, Zed\! Free | 2018-10-26 | 7.5 HIGH | 9.8 CRITICAL |
| A directory traversal vulnerability with remote code execution in Prim'X Zed! FREE through 1.0 build 186 and Zed! Limited Edition through 6.1 build 2208 allows creation of arbitrary files on a user's workstation using crafted ZED! containers because the watermark loading function can place an executable file into a Startup folder. | |||||
| CVE-2018-1000659 | 1 Limesurvey | 1 Limesurvey | 2018-10-26 | 6.5 MEDIUM | 8.8 HIGH |
| LimeSurvey version 3.14.4 and earlier contains a directory traversal in file upload that allows upload of webshell vulnerability in file upload functionality that can result in remote code execution as authenticated user. This attack appear to be exploitable via An authenticated user can upload a specially crafted zip file to get remote code execution. This vulnerability appears to have been fixed in after commit 72a02ebaaf95a80e26127ee7ee2b123cccce05a7 / version 3.14.4. | |||||
| CVE-2018-16446 | 1 Seamcms | 1 Seacms | 2018-10-24 | 6.4 MEDIUM | 7.5 HIGH |
| An issue was discovered in SeaCMS through 6.61. adm1n/admin_database.php allows remote attackers to delete arbitrary files via directory traversal sequences in the bakfiles parameter. This can allow the product to be reinstalled by deleting install_lock.txt. | |||||
| CVE-2018-14007 | 1 Citrix | 1 Xenserver | 2018-10-23 | 10.0 HIGH | 9.8 CRITICAL |
| Citrix XenServer 7.1 and newer allows Directory Traversal. | |||||
| CVE-2018-11720 | 1 Xovis | 6 Pc2, Pc2 Firmware, Pc2r and 3 more | 2018-10-22 | 5.0 MEDIUM | 7.5 HIGH |
| Xovis PC2, PC2R, and PC3 devices through 3.6.0 allow Directory Traversal. | |||||
| CVE-2018-16133 | 1 Cybrotech | 1 Cybrohttpserver | 2018-10-19 | 5.0 MEDIUM | 5.3 MEDIUM |
| Cybrotech CyBroHttpServer 1.0.3 allows Directory Traversal via a ../ in the URI. | |||||
| CVE-2018-16237 | 1 Damicms | 1 Damicms | 2018-10-19 | 4.0 MEDIUM | 2.7 LOW |
| An issue was discovered in damiCMS V6.0.1. There is Directory Traversal via '|' characters in the s parameter to admin.php, as demonstrated by an admin.php?s=Tpl/Add/id/c:|windows|win.ini URI. | |||||
| CVE-2006-0434 | 1 Phpxplorer | 1 Phpxplorer | 2018-10-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in action.php in phpXplorer allows remote attackers to read arbitrary files via ".." (dot dot) sequences and null bytes in the sAction parameter, a different vulnerability than CVE-2006-0244. NOTE: if the functionality of phpXplorer supports the upload of PHP files, then this issue would not cross privilege boundaries and would not be a vulnerability. | |||||
| CVE-2005-4600 | 1 Moxiecode | 1 Tinymce Compressor Php | 2018-10-19 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in tiny_mce_gzip.php in TinyMCE Compressor PHP before 1.06 allows remote attackers to read or include arbitrary files via a trailing null byte (%00) in the (1) theme, (2) language, (3) plugins, or (4) lang parameter. | |||||
| CVE-2005-3548 | 1 Invision Power Services | 1 Invision Board | 2018-10-19 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in Task Manager in Invision Power Board (IP.Board) 2.0.1 allows limited remote attackers to include files via a .. (dot dot) in the "Task PHP File To Run" field. | |||||
| CVE-2005-2619 | 2 Autonomy, Ibm | 4 Keyview Export Sdk, Keyview Filter Sdk, Keyview Viewer Sdk and 1 more | 2018-10-19 | 9.3 HIGH | N/A |
| Directory traversal vulnerability in kvarcve.dll in Autonomy (formerly Verity) KeyView SDK before 9.2.0, as used in Lotus Notes 6.5.4 and 7.0, allows remote attackers to delete arbitrary files via a (1) ZIP, (2) UUE or (3) TAR archive that contains a .. (dot dot) in the filename, which is not properly handled when generating a preview. | |||||
| CVE-2005-2378 | 1 Oracle | 1 Reports | 2018-10-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Oracle Reports allows remote attackers to read arbitrary files via an absolute or relative path to the (1) CUSTOMIZE or (2) desformat parameters to rwservlet. NOTE: vector 2 is probably the same as CVE-2006-0289, and fixed in Jan 2006 CPU. | |||||
| CVE-2005-2371 | 1 Oracle | 1 Reports | 2018-10-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Oracle Reports 6.0, 6i, 9i, and 10g allows remote attackers to overwrite arbitrary files via (1) "..", (2) Windows drive letter (C:), and (3) absolute path sequences in the desname parameter. NOTE: this issue was probably fixed by REP06 in CPU Jan 2006, in which case it overlaps CVE-2006-0289. | |||||
| CVE-2005-1918 | 2 Gnu, Redhat | 4 Tar, Enterprise Linux, Enterprise Linux Desktop and 1 more | 2018-10-19 | 2.6 LOW | N/A |
| The original patch for a GNU tar directory traversal vulnerability (CVE-2002-0399) in Red Hat Enterprise Linux 3 and 2.1 uses an "incorrect optimization" that allows user-assisted attackers to overwrite arbitrary files via a crafted tar file, probably involving "/../" sequences with a leading "/". | |||||
| CVE-2004-2747 | 1 Pablo Software Solutions | 1 Quick N Easy Ftp Server | 2018-10-19 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in Pablo Software Solutions Quick 'n Easy FTP Server 1.77, and possibly earlier versions, allows remote authenticated users to determine the existence of arbitrary files via a .. (dot dot) in the DEL command, which triggers different error messages depending on whether the file exists or not. | |||||
| CVE-2004-2745 | 1 Anteco Visual Technologies | 1 Ownserver | 2018-10-19 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in Anteco Visual Technologies OwnServer 1.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in a URL. | |||||