Total
7108 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-18338 | 1 Siemens | 2 Sinvr 3 Central Control Server, Sinvr 3 Video Server | 2024-11-21 | 4.0 MEDIUM | 7.7 HIGH |
| A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) contains a directory traversal vulnerability in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. An authenticated remote attacker with network access to the CCS server could exploit this vulnerability to list arbitrary directories or read files outside of the CCS application context. | |||||
| CVE-2019-18253 | 1 Hitachienergy | 2 Relion 670, Relion 670 Firmware | 2024-11-21 | 7.5 HIGH | 10.0 CRITICAL |
| An attacker could use specially crafted paths in a specific request to read or delete files from Relion 670 Series (versions 1p1r26, 1.2.3.17, 2.0.0.10, RES670 2.0.0.4, 2.1.0.1, and prior) outside the intended directory. | |||||
| CVE-2019-18212 | 3 Eclipse, Theia Xml Extension Project, Xml Language Server Project | 3 Wild Web Developer, Theia Xml Extension, Xml Server Project | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| XMLLanguageService.java in XML Language Server (aka lsp4xml) before 0.9.1, as used in Red Hat XML Language Support (aka vscode-xml) before 0.9.1 for Visual Studio and other products, allows a remote attacker to write to arbitrary files via Directory Traversal. | |||||
| CVE-2019-18189 | 1 Trendmicro | 3 Apex One, Officescan, Worry-free Business Security | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (11.0, XG) and Worry-Free Business Security (9.5, 10.0) may allow an attacker to bypass authentication and log on to an affected product's management console as a root user. The vulnerability does not require authentication. | |||||
| CVE-2019-17662 | 1 Cybelsoft | 1 Thinvnc | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| ThinVNC 1.0b1 is vulnerable to arbitrary file read, which leads to a compromise of the VNC server. The vulnerability exists even when authentication is turned on during the deployment of the VNC server. The password for authentication is stored in cleartext in a file that can be read via a ../../ThinVnc.ini directory traversal attack vector. | |||||
| CVE-2019-17640 | 1 Eclipse | 1 Vert.x | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In Eclipse Vert.x 3.4.x up to 3.9.4, 4.0.0.milestone1, 4.0.0.milestone2, 4.0.0.milestone3, 4.0.0.milestone4, 4.0.0.milestone5, 4.0.0.Beta1, 4.0.0.Beta2, and 4.0.0.Beta3, StaticHandler doesn't correctly processes back slashes on Windows Operating systems, allowing, escape the webroot folder to the current working directory. | |||||
| CVE-2019-17572 | 1 Apache | 1 Rocketmq | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Apache RocketMQ 4.2.0 to 4.6.0, when the automatic topic creation in the broker is turned on by default, an evil topic like “../../../../topic2020” is sent from rocketmq-client to the broker, a topic folder will be created in the parent directory in brokers, which leads to a directory traversal vulnerability. Users of the affected versions should apply one of the following: Upgrade to Apache RocketMQ 4.6.1 or later. | |||||
| CVE-2019-17538 | 1 Jnoj | 1 Jiangnan Online Judge | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Jiangnan Online Judge (aka jnoj) 0.8.0 has Directory Traversal for file reading via the web/polygon/problem/viewfile?id=1&name=../ substring. | |||||
| CVE-2019-17537 | 1 Jnoj | 1 Jiangnan Online Judge | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
| Jiangnan Online Judge (aka jnoj) 0.8.0 has Directory Traversal for file deletion via the web/polygon/problem/deletefile?id=1&name=../ substring. | |||||
| CVE-2019-17406 | 1 Nokia | 1 Impact | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Nokia IMPACT < 18A has path traversal that may lead to RCE if chained with CVE-2019-1743 | |||||
| CVE-2019-17404 | 1 Nokia | 1 Impact | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Nokia IMPACT < 18A: allows full path disclosure | |||||
| CVE-2019-17399 | 1 Joomlashack | 1 Shack Forms Pro | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Shack Forms Pro extension before 4.0.32 for Joomla! allows path traversal via a file attachment. | |||||
| CVE-2019-17327 | 1 Tmaxsoft | 1 Jeus | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| JEUS 7 Fix#0~5 and JEUS 8Fix#0~1 versions contains a directory traversal vulnerability caused by improper input parameter check when uploading installation file in administration web page. That leads remote attacker to execute arbitrary code via uploaded file. | |||||
| CVE-2019-17324 | 1 Clipsoft | 1 Rexpert | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| ClipSoft REXPERT 1.0.0.527 and earlier version allows directory traversal by issuing a special HTTP POST request with ../ characters. This could lead to create malicious HTML file, because they can inject a content with crafted template. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. | |||||
| CVE-2019-17322 | 1 Clipsoft | 1 Rexpert | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| ClipSoft REXPERT 1.0.0.527 and earlier version allows arbitrary file creation via a POST request with the parameter set to the file path to be written. This can be an executable file that is written to in the arbitrary directory. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. | |||||
| CVE-2019-17314 | 1 Sugarcrm | 1 Sugarcrm | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the Configurator module by an Admin user. | |||||
| CVE-2019-17313 | 1 Sugarcrm | 1 Sugarcrm | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the Studio module by a Developer user. | |||||
| CVE-2019-17312 | 1 Sugarcrm | 1 Sugarcrm | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the file function by a Regular user. | |||||
| CVE-2019-17311 | 1 Sugarcrm | 1 Sugarcrm | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the attachment function by a Regular user. | |||||
| CVE-2019-17224 | 1 Compal | 2 Ch7465lg, Ch7465lg Firmware | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The web interface of the Compal Broadband CH7465LG modem (version CH7465LG-NCIP-6.12.18.25-2p6-NOSH) is vulnerable to a /%2f/ path traversal attack, which can be exploited in order to test for the existence of a file pathname outside of the web root directory. If a file exists but is not part of the product, there is a 404 error. If a file does not exist, there is a 302 redirect to index.html. | |||||