Total
7108 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-7160 | 1 Idreamsoft | 1 Icms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| idreamsoft iCMS 7.0.13 allows admincp.php?app=files ../ Directory Traversal via the udir parameter to files.admincp.php, resulting in execution of arbitrary PHP code from a ZIP file via the admincp.php?app=apps zipfile parameter to apps.admincp.php. | |||||
| CVE-2019-7106 | 2 Adobe, Apple | 2 Xd, Mac Os X | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe XD versions 16.0 and earlier have a path traversal vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2019-7105 | 2 Adobe, Apple | 2 Xd, Mac Os X | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe XD versions 16.0 and earlier have a path traversal vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2019-7007 | 1 Avaya | 1 Aura Conferencing | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A directory traversal vulnerability has been found in the Avaya Equinox Management(iView)versions R9.1.9.0 and earlier. Successful exploitation could potentially allow an unauthenticated attacker to access files that are outside the restricted directory on the remote server. | |||||
| CVE-2019-6783 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. GitLab Pages contains a directory traversal vulnerability that could lead to remote command execution. | |||||
| CVE-2019-6754 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.3.10826. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the localFileStorage method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7407. | |||||
| CVE-2019-6726 | 1 Wpfastestcache | 1 Wp Fastest Cache | 2024-11-21 | 5.8 MEDIUM | 6.5 MEDIUM |
| The WP Fastest Cache plugin through 0.8.9.0 for WordPress allows remote attackers to delete arbitrary files because wp_postratings_clear_fastest_cache and rm_folder_recursively in wpFastestCache.php mishandle ../ in an HTTP Referer header. | |||||
| CVE-2019-6714 | 1 Blogengine | 1 Blogengine.net | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in BlogEngine.NET through 3.3.6.0. A path traversal and Local File Inclusion vulnerability in PostList.ascx.cs can cause unauthenticated users to load a PostView.ascx component from a potentially untrusted location on the local filesystem. This is especially dangerous if an authenticated user uploads a PostView.ascx file using the file manager utility, which is currently allowed. This results in remote code execution for an authenticated user. | |||||
| CVE-2019-6500 | 1 Axway | 1 File Tranfer Direct | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Axway File Transfer Direct 2.7.1, an unauthenticated Directory Traversal vulnerability can be exploited by issuing a specially crafted HTTP GET request with %2e instead of '.' characters, as demonstrated by an initial /h2hdocumentation//%2e%2e/ substring. | |||||
| CVE-2019-6274 | 1 Gl-inet | 2 Gl-ar300m-lite, Gl-ar300m-lite Firmware | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Directory traversal vulnerability in storage_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to have unspecified impact via directory traversal sequences. | |||||
| CVE-2019-6273 | 1 Gl-inet | 2 Gl-ar300m-lite, Gl-ar300m-lite Firmware | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| download_file in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to download arbitrary files. | |||||
| CVE-2019-6240 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.4. It allows Directory Traversal. | |||||
| CVE-2019-6113 | 1 Onkyo | 2 Tx-nr686, Tx-nr686 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability on ONKYO TX-NR686 1030-5000-1040-0010 A/V Receiver devices allows remote attackers to read arbitrary files via a .. (dot dot) and %2f to the default URI. | |||||
| CVE-2019-6111 | 10 Apache, Canonical, Debian and 7 more | 27 Mina Sshd, Ubuntu Linux, Debian Linux and 24 more | 2024-11-21 | 5.8 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file). | |||||
| CVE-2019-6022 | 1 Cybozu | 1 Office | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.3 allows remote authenticated attackers to alter arbitrary files via the 'Customapp' function. | |||||
| CVE-2019-5956 | 1 Wondercms | 1 Wondercms | 2024-11-21 | 7.5 HIGH | 6.5 MEDIUM |
| Directory traversal vulnerability in WonderCMS 2.6.0 and earlier allows remote attackers to delete arbitrary files via unspecified vectors. | |||||
| CVE-2019-5936 | 1 Cybozu | 1 Garoon | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
| Directory traversal vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to obtain files without access privileges via the application 'Work Flow'. | |||||
| CVE-2019-5927 | 1 Weban | 1 An | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in 'an' App for iOS Version 3.2.0 and earlier allows remote attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2019-5923 | 1 Ichain | 1 Insurance Wallet | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in iChain Insurance Wallet App for iOS Version 1.3.0 and earlier allows remote attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2019-5910 | 1 Housegate | 1 House Gate | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in HOUSE GATE App for iOS 1.7.8 and earlier allows remote attackers to read arbitrary files via unspecified vectors. | |||||