Total
7108 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-13944 | 1 Siemens | 6 En100 Ethernet Module, En100 Ethernet Module With Firmware Variant Dnp3 Tcp, En100 Ethernet Module With Firmware Variant Iec104 and 3 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability has been identified in EN100 Ethernet module DNP3 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module IEC104 variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). A vulnerability in the integrated web server of the affected devices could allow unauthorized attackers to obtain sensitive information about the device, including logs and configurations. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2019-13635 | 1 Wpfastestcache | 1 Wp Fastest Cache | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| The WP Fastest Cache plugin through 0.8.9.5 for WordPress allows wpFastestCache.php and inc/cache.php Directory Traversal. | |||||
| CVE-2019-13623 | 1 Nsa | 1 Ghidra | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| In NSA Ghidra before 9.1, path traversal can occur in RestoreTask.java (from the package ghidra.app.plugin.core.archive) via an archive with an executable file that has an initial ../ in its filename. This allows attackers to overwrite arbitrary files in scenarios where an intermediate analysis result is archived for sharing with other persons. To achieve arbitrary code execution, one approach is to overwrite some critical Ghidra modules, e.g., the decompile module. | |||||
| CVE-2019-13584 | 1 Fanucamerica | 1 Robotics Virtual Robot Controller | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The remote admin webserver on FANUC Robotics Virtual Robot Controller 8.23 allows Directory Traversal via a forged HTTP request. | |||||
| CVE-2019-13551 | 1 Advantech | 1 Wise-paas\/rmm | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Path traversal vulnerabilities are caused by a lack of proper validation of a user-supplied path prior to use in file operations. An attacker can leverage these vulnerabilities to remotely execute code while posing as an administrator. | |||||
| CVE-2019-13532 | 1 Codesys | 13 Control For Beaglebone, Control For Empc-a\/imx6, Control For Iot2000 and 10 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which may allow access to files outside the restricted working directory of the controller. | |||||
| CVE-2019-13408 | 2 Androvideo, Geovision | 6 Vd 1, Vd 1 Firmware, Gv-vd8700 and 3 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A relative path traversal vulnerability found in Advan VD-1 firmware versions up to 230. It allows attackers to download arbitrary files via url cgibin/ExportSettings.cgi?Download=filepath, without any authentication. | |||||
| CVE-2019-13396 | 1 Getflightpath | 1 Flightpath | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| FlightPath 4.x and 5.0-x allows directory traversal and Local File Inclusion through the form_include parameter in an index.php?q=system-handle-form-submit POST request because of an include_once in system_handle_form_submit in modules/system/system.module. | |||||
| CVE-2019-13385 | 1 Control-webpanel | 1 Webpanel | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.840, File and Directory Information Exposure in filemanager allows attackers to enumerate users and check for active users of the application by reading /tmp/login.log. | |||||
| CVE-2019-13343 | 1 Butor | 1 Portal | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Butor Portal before 1.0.27 is affected by a Path Traversal vulnerability leading to a pre-authentication arbitrary file download. Effectively, a remote anonymous user can download any file on servers running Butor Portal. WhiteLabelingServlet is responsible for this vulnerability. It does not properly sanitize user input on the theme t parameter before reusing it in a path. This path is then used without validation to fetch a file and return its raw content to the user via the /wl?t=../../...&h= substring followed by a filename. | |||||
| CVE-2019-13241 | 2 Canonical, Flightcrew Project | 2 Ubuntu Linux, Flightcrew | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| FlightCrew v0.9.2 and older are vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a ZIP archive entry that is mishandled during extraction. | |||||
| CVE-2019-13237 | 1 Alkacon | 1 Opencms Apollo Template | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| In Alkacon OpenCms 10.5.4 and 10.5.5, there are multiple resources vulnerable to Local File Inclusion that allow an attacker to access server resources: clearhistory.jsp, convertxml.jsp, group_new.jsp, loginmessage.jsp, xmlcontentrepair.jsp, and /system/workplace/admin/history/settings/index.jsp. | |||||
| CVE-2019-13195 | 1 Kyocera | 2 Ecosys M5526cdw, Ecosys M5526cdw Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The web application of some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) was vulnerable to path traversal, allowing an unauthenticated user to retrieve arbitrary files, or check if files or folders existed within the file system. | |||||
| CVE-2019-13157 | 1 Naver | 1 Vaccine | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
| nsGreen.dll in Naver Vaccine 2.1.4 allows remote attackers to overwrite arbitary files via directory traversal sequences in a filename within nsz archive. | |||||
| CVE-2019-13063 | 1 Sahipro | 1 Sahi Pro | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Within Sahi Pro 8.0.0, an attacker can send a specially crafted URL to include any victim files on the system via the script parameter on the Script_view page. This will result in file disclosure (i.e., being able to pull any file from the remote victim application). This can be used to steal and obtain sensitive config and other files. This can result in complete compromise of the application. The script parameter is vulnerable to directory traversal and both local and remote file inclusion. | |||||
| CVE-2019-12990 | 1 Citrix | 2 Netscaler Sd-wan, Sd-wan | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow Directory Traversal. | |||||
| CVE-2019-12925 | 1 Mailenable | 1 Mailenable | 2024-11-21 | 6.5 MEDIUM | 8.1 HIGH |
| MailEnable Enterprise Premium 10.23 was vulnerable to multiple directory traversal issues, with which authenticated users could add, remove, or potentially read files in arbitrary folders accessible by the IIS user. This could lead to reading other users' credentials including those of SYSADMIN accounts, reading other users' emails, or adding emails or files to other users' accounts. | |||||
| CVE-2019-12901 | 1 Pydio | 1 Cells | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Pydio Cells before 1.5.0 fails to neutralize '../' elements, allowing an attacker with minimum privilege to Upload files to, and Delete files/folders from, an unprivileged directory, leading to Privilege escalation. | |||||
| CVE-2019-12791 | 1 Vestacp | 1 Control Panel | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| A directory traversal vulnerability in the v-list-user script in Vesta Control Panel 0.9.8-24 allows remote attackers to escalate from regular registered users to root via the password reset form. | |||||
| CVE-2019-12704 | 1 Cisco | 4 Spa112, Spa112 Firmware, Spa122 and 1 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to view the contents of arbitrary files on an affected device. The vulnerability is due to improper input validation in the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to retrieve the contents of arbitrary files on the device, possibly resulting in the disclosure of sensitive information. | |||||