Total
7108 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-15648 | 1 Elearningfreak | 1 Insert Or Embed Articulate Content | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
| The insert-or-embed-articulate-content-into-wordpress plugin before 4.29991 for WordPress has insufficient restrictions on deleting or renaming by a Subscriber. | |||||
| CVE-2019-15630 | 1 Mulesoft | 2 Api Gateway, Mule Runtime | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Directory Traversal in APIkit, HTTP connector, and OAuth2 Provider components in MuleSoft Mule Runtime 3.2.0 and higher released before August 1 2019, MuleSoft Mule Runtime 4.1.0 and higher released before August 1 2019, and all versions of MuleSoft API Gateway released before August 1 2019 allow remote attackers to read files accessible to the Mule process. | |||||
| CVE-2019-15600 | 1 Http Server Project | 1 Http Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A Path traversal exists in http_server which allows an attacker to read arbitrary system files. | |||||
| CVE-2019-15596 | 1 Statics-server Project | 1 Statics-server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A path traversal in statics-server exists in all version that allows an attacker to perform a path traversal when a symlink is used within the working directory. | |||||
| CVE-2019-15520 | 1 Comelz | 1 Quark | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| comelz Quark before 2019-03-26 allows directory traversal to locations outside of the project directory. | |||||
| CVE-2019-15519 | 1 Power-response Project | 1 Power-response | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Power-Response before 2019-02-02 allows directory traversal (up to the application's main directory) via a plugin. | |||||
| CVE-2019-15518 | 1 Swoole | 1 Swoole | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Swoole before 4.2.13 allows directory traversal in swPort_http_static_handler. | |||||
| CVE-2019-15517 | 1 Jc21 | 1 Nginx Proxy Manager | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| jc21 Nginx Proxy Manager before 2.0.13 allows %2e%2e%2f directory traversal. | |||||
| CVE-2019-15516 | 1 Cuberite | 1 Cuberite | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Cuberite before 2019-06-11 allows webadmin directory traversal via ....// because the protection mechanism simply removes one ../ substring. | |||||
| CVE-2019-15326 | 1 Codection | 1 Import Users From Csv With Meta | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The import-users-from-csv-with-meta plugin before 1.14.2.1 for WordPress has directory traversal. | |||||
| CVE-2019-15323 | 1 Ad Inserter Project | 1 Ad Inserter | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The ad-inserter plugin before 2.4.20 for WordPress has path traversal. | |||||
| CVE-2019-15266 | 1 Cisco | 1 Wireless Lan Controller Software | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
| A vulnerability in the CLI of Cisco Wireless LAN Controller (WLC) Software could allow an authenticated, local attacker to view system files that should be restricted. This vulnerability is due to improper sanitization of user-supplied input in command-line parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location. A successful exploit could allow the attacker to view system files that may contain sensitive information. | |||||
| CVE-2019-15055 | 1 Mikrotik | 1 Routeros | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
| MikroTik RouterOS through 6.44.5 and 6.45.x through 6.45.3 improperly handles the disk name, which allows authenticated users to delete arbitrary files. Attackers can exploit this vulnerability to reset credential storage, which allows them access to the management interface as an administrator without authentication. | |||||
| CVE-2019-15039 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 6.8 MEDIUM | 9.8 CRITICAL |
| An issue was discovered in JetBrains TeamCity 2018.2.4. It had a possible remote code execution issue. This was fixed in TeamCity 2019.1. | |||||
| CVE-2019-15004 | 1 Atlassian | 1 Jira Service Desk | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
| The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before 3.9.17, from 3.10.0 before 3.16.10, from 4.0.0 before 4.2.6, from 4.3.0 before 4.3.5, from 4.4.0 before 4.4.3, and from 4.5.0 before 4.5.1 allows remote attackers with portal access to view arbitrary issues in Jira Service Desk projects via a path traversal vulnerability. Note that when the 'Anyone can email the service desk or raise a request in the portal' setting is enabled, an attacker can grant themselves portal access, allowing them to exploit the vulnerability. | |||||
| CVE-2019-15003 | 1 Atlassian | 1 Jira Service Desk | 2024-11-21 | 4.3 MEDIUM | 5.3 MEDIUM |
| The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before 3.9.17, from 3.10.0 before 3.16.10, from 4.0.0 before 4.2.6, from 4.3.0 before 4.3.5, from 4.4.0 before 4.4.3, and from 4.5.0 before 4.5.1 allows remote attackers with portal access to view arbitrary issues in Jira Service Desk projects via authorization bypass. Note that when the 'Anyone can email the service desk or raise a request in the portal' setting is enabled, an attacker can grant themselves portal access, allowing them to exploit the vulnerability. | |||||
| CVE-2019-14994 | 1 Atlassian | 1 Jira Service Desk | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
| The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before version 3.9.16, from version 3.10.0 before version 3.16.8, from version 4.0.0 before version 4.1.3, from version 4.2.0 before version 4.2.5, from version 4.3.0 before version 4.3.4, and version 4.4.0 allows remote attackers with portal access to view arbitrary issues in Jira Service Desk projects via a path traversal vulnerability. Note that when the 'Anyone can email the service desk or raise a request in the portal' setting is enabled, an attacker can grant themselves portal access, allowing them to exploit the vulnerability. | |||||
| CVE-2019-14914 | 1 Prise | 1 Adas | 2024-11-21 | 7.5 HIGH | 9.1 CRITICAL |
| An issue was discovered in PRiSE adAS 1.7.0. The path is not properly escaped in the medatadata_del method, leading to an arbitrary file read and deletion via Directory Traversal. | |||||
| CVE-2019-14798 | 1 10web | 1 Photo Gallery | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| The 10Web Photo Gallery plugin before 1.5.25 for WordPress has Authenticated Local File Inclusion via directory traversal in the wp-admin/admin-ajax.php?action=shortcode_bwg tagtext parameter. | |||||
| CVE-2019-14788 | 1 Tribulant | 1 Newsletters | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| wp-admin/admin-ajax.php?action=newsletters_exportmultiple in the Tribulant Newsletters plugin before 4.6.19 for WordPress allows directory traversal with resultant remote PHP code execution via the subscribers[1][1] parameter in conjunction with an exportfile=../ value. | |||||