Total
7108 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-8291 | 1 Online Store System Project | 1 Online Store System | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
| Online Store System v1.0 delete_file.php doesn't check to see if a user has administrative rights nor does it check for path traversal. | |||||
| CVE-2019-8238 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Acrobat and Reader versions 2019.010.20100 and earlier; 2019.010.20099 and earlier versions; 2017.011.30140 and earlier version; 2017.011.30138 and earlier version; 2015.006.30495 and earlier versions; 2015.006.30493 and earlier versions have a Path Traversal vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user. | |||||
| CVE-2019-8074 | 1 Adobe | 1 Coldfusion | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Path Traversal vulnerability. Successful exploitation could lead to Access Control Bypass in the context of the current user. | |||||
| CVE-2019-7859 | 1 Magento | 1 Magento | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A path traversal vulnerability in the WYSIWYG editor for Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 could result in unauthorized access to uploaded images due to insufficient access control. | |||||
| CVE-2019-7751 | 1 Ricoh | 1 Fusionpro Vdp | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A directory traversal and local file inclusion vulnerability in FPProducerInternetServer.exe in Ricoh MarcomCentral, formerly PTI Marketing, FusionPro VDP before 10.0 allows a remote attacker to list or enumerate sensitive contents of files. Furthermore, this could allow for privilege escalation by dumping the local machine's SAM and SYSTEM database files, and possibly remote code execution. | |||||
| CVE-2019-7678 | 1 Enphase | 1 Envoy | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A directory traversal vulnerability was discovered in Enphase Envoy R3.*.* via images/, include/, include/js, or include/css on TCP port 8888. | |||||
| CVE-2019-7618 | 1 Elastic | 1 Kibana | 2024-11-21 | 3.5 LOW | 6.5 MEDIUM |
| A local file disclosure flaw was found in Elastic Code versions 7.3.0, 7.3.1, and 7.3.2. If a malicious code repository is imported into Code it is possible to read arbitrary files from the local filesystem of the Kibana instance running Code with the permission of the Kibana system user. | |||||
| CVE-2019-7403 | 1 Phpmywind | 1 Phpmywind | 2024-11-21 | 5.5 MEDIUM | 4.9 MEDIUM |
| An issue was discovered in PHPMyWind 5.5. It allows remote attackers to delete arbitrary folders via an admin/database_backup.php?action=import&dopost=deldir&tbname=../ URI. | |||||
| CVE-2019-7387 | 1 Systrome | 6 Isg-600c, Isg-600c Firmware, Isg-600h and 3 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A local file inclusion vulnerability exists in the web interface of Systrome Cumilon ISG-600C, ISG-600H, and ISG-800W 1.1-R2.1_TRUNK-20180914.bin devices. When the export function is called from system/maintenance/export.php, it accepts the path provided by the user, leading to path traversal via the name parameter. | |||||
| CVE-2019-7315 | 1 Genieaccess | 2 Wip3bvaf, Wip3bvaf Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Genie Access WIP3BVAF WISH IP 3MP IR Auto Focus Bullet Camera devices through 3.x are vulnerable to directory traversal via the web interface, as demonstrated by reading /etc/shadow. NOTE: this product is discontinued, and its final firmware version has this vulnerability (4.x versions exist only for other Genie Access products). | |||||
| CVE-2019-7289 | 1 Apple | 1 Shortcuts | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in Shortcuts 2.1.3 for iOS. A local user may be able to view senstive user information. | |||||
| CVE-2019-7267 | 1 Nortekcontrol | 4 Linear Emerge 5000p, Linear Emerge 5000p Firmware, Linear Emerge 50p and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Linear eMerge 50P/5000P devices allow Cookie Path Traversal. | |||||
| CVE-2019-7254 | 1 Nortekcontrol | 4 Linear Emerge Elite, Linear Emerge Elite Firmware, Linear Emerge Essential and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Linear eMerge E3-Series devices allow File Inclusion. | |||||
| CVE-2019-7253 | 1 Nortekcontrol | 4 Linear Emerge Elite, Linear Emerge Elite Firmware, Linear Emerge Essential and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Linear eMerge E3-Series devices allow Directory Traversal. | |||||
| CVE-2019-7237 | 2 Idreamsoft, Microsoft | 2 Icms, Windows | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in idreamsoft iCMS 7.0.13 on Windows. editor/editor.admincp.php allows admincp.php?app=files&do=browse ..\ Directory Traversal. | |||||
| CVE-2019-7236 | 1 Idreamsoft | 1 Icms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in idreamsoft iCMS 7.0.13. editor/editor.admincp.php allows admincp.php?app=editor&do=fileManager dir=../ Directory Traversal. | |||||
| CVE-2019-7235 | 1 Idreamsoft | 1 Icms | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
| An issue was discovered in idreamsoft iCMS 7.0.13. admincp.php?app=apps&do=save allows directory traversal via _app=/../ to designate an arbitrary directory because of an apps.admincp.php error. This directory can then be deleted via an admincp.php?app=apps&do=uninstall request. | |||||
| CVE-2019-7234 | 1 Idreamsoft | 1 Icms | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in idreamsoft iCMS 7.0.13. admincp.php?app=apps&do=save allows directory traversal via _app=/../ to begin the process of creating a ZIP archive file with the complete contents of any directory because of an apps.admincp.php error. This ZIP archive file can then be downloaded via an admincp.php?app=apps&do=pack request. | |||||
| CVE-2019-7227 | 1 Abb | 2 Pb610 Panel Builder 600, Pb610 Panel Builder 600 Firmware | 2024-11-21 | 4.1 MEDIUM | 7.3 HIGH |
| In the ABB IDAL FTP server, an authenticated attacker can traverse to arbitrary directories on the hard disk with "CWD ../" and then use the FTP server functionality to download and upload files. An unauthenticated attacker can take advantage of the hardcoded or default credential pair exor/exor to become an authenticated attacker. | |||||
| CVE-2019-7213 | 1 Smartertools | 1 Smartermail | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
| SmarterTools SmarterMail 16.x before build 6985 allows directory traversal. An authenticated user could delete arbitrary files or could create files in new folders in arbitrary locations on the mail server. This could lead to command execution on the server for instance by putting files inside the web directories. | |||||