Total
7108 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-12666 | 1 Cisco | 1 Ios Xe | 2024-11-21 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in the Guest Shell of Cisco IOS XE Software could allow an authenticated, local attacker to perform directory traversal on the base Linux operating system of Cisco IOS XE Software. The vulnerability is due to incomplete validation of certain commands. An attacker could exploit this vulnerability by first accessing the Guest Shell and then entering specific commands. A successful exploit could allow the attacker to execute arbitrary code on the base Linux operating system. | |||||
| CVE-2019-12593 | 1 Icewarp | 1 Mail Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| IceWarp Mail Server through 10.4.4 is prone to a local file inclusion vulnerability via webmail/calendar/minimizer/index.php?style=..%5c directory traversal. | |||||
| CVE-2019-12479 | 1 Twentytwenty.storage Project | 1 Twentytwenty.storage | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in 20|20 Storage 2.11.0. A Path Traversal vulnerability in the TwentyTwenty.Storage library in the LocalStorageProvider allows creating and reading files outside of the specified basepath. If the application using this library does not sanitize user-supplied filenames, then this issue may be exploited to read or write arbitrary files. This affects LocalStorageProvider.cs. | |||||
| CVE-2019-12477 | 1 Supra | 2 Stv-lc40lt0020f, Stv-lc40lt0020f Firmware | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Supra Smart Cloud TV allows remote file inclusion in the openLiveURL function, which allows a local attacker to broadcast fake video without any authentication via a /remote/media_control?action=setUri&uri= URI. | |||||
| CVE-2019-12464 | 1 Librenms | 1 Librenms | 2024-11-21 | 6.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in LibreNMS 1.50.1. An authenticated user can perform a directory traversal attack against the /pdf.php file with a partial filename in the report parameter, to cause local file inclusion resulting in code execution. | |||||
| CVE-2019-12459 | 1 Afian | 1 Filerun | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| FileRun 2019.05.21 allows customizables/plugins/audio_player Directory Listing. This issue has been fixed in FileRun 2019.06.01. | |||||
| CVE-2019-12458 | 1 Afian | 1 Filerun | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| FileRun 2019.05.21 allows css/ext-ux Directory Listing. This issue has been fixed in FileRun 2019.06.01. | |||||
| CVE-2019-12457 | 1 Afian | 1 Filerun | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| FileRun 2019.05.21 allows images/extjs Directory Listing. This issue has been fixed in FileRun 2019.06.01. | |||||
| CVE-2019-12314 | 1 Deltek | 1 Maconomy | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Deltek Maconomy 2.2.5 is prone to local file inclusion via absolute path traversal in the WS.macx1.W_MCS/ PATH_INFO, as demonstrated by a cgi-bin/Maconomy/MaconomyWS.macx1.W_MCS/etc/passwd URI. | |||||
| CVE-2019-12310 | 1 Exagrid | 2 Backup Appliance, Backup Appliance Firmware | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| ExaGrid appliances with firmware version v4.8.1.1044.P50 have a /monitor/data/Upgrade/ directory traversal vulnerability, which allows remote attackers to view and retrieve verbose logging information. Files within this directory were observed to contain sensitive run-time information, including Base64 encoded 'support' credentials, leading to administrative access of the device. | |||||
| CVE-2019-12309 | 1 Dotcms | 1 Dotcms | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| dotCMS before 5.1.0 has a path traversal vulnerability exploitable by an administrator to create files. The vulnerability is caused by the insecure extraction of a ZIP archive. | |||||
| CVE-2019-12277 | 1 Blogifier | 1 Blogifier | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Blogifier 2.3 before 2019-05-11 does not properly restrict APIs, as demonstrated by missing checks for .. in a pathname. | |||||
| CVE-2019-12276 | 1 Grandnode | 1 Grandnode | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A Path Traversal vulnerability in Controllers/LetsEncryptController.cs in LetsEncryptController in GrandNode 4.40 allows remote, unauthenticated attackers to retrieve arbitrary files on the web server via specially crafted LetsEncrypt/Index?fileName= HTTP requests. A patch for this issue was made on 2019-05-30 in GrandNode 4.40. | |||||
| CVE-2019-12182 | 1 Safescan | 14 Ta-8010, Ta-8010 Firmware, Ta-8015 and 11 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Directory Traversal in Safescan Timemoto and TA-8000 series version 1.0 allows unauthenticated remote attackers to execute code via the administrative API. | |||||
| CVE-2019-12173 | 1 Macdown Project | 1 Macdown | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| MacDown 0.7.1 (870) allows remote code execution via a file:\\\ URI, with a .app pathname, in the HREF attribute of an A element. This is different from CVE-2019-12138. | |||||
| CVE-2019-12172 | 4 Apple, Linux, Microsoft and 1 more | 4 Mac Os X, Linux Kernel, Windows and 1 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Typora 0.9.9.21.1 (1913) allows arbitrary code execution via a modified file: URL syntax in the HREF attribute of an AREA element, as demonstrated by file:\\\ on macOS or Linux, or file://C| on Windows. This is different from CVE-2019-12137. | |||||
| CVE-2019-12169 | 1 Atutor | 1 Atutor | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| ATutor 2.2.4 allows Arbitrary File Upload and Directory Traversal, resulting in remote code execution via a ".." pathname in a ZIP archive to the mods/_core/languages/language_import.php (aka Import New Language) or mods/_standard/patcher/index_admin.php (aka Patcher) component. | |||||
| CVE-2019-12146 | 1 Ipswitch | 1 Ws Ftp Server | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. Attackers have the ability to abuse a flaw in the SCP listener by crafting strings using specific patterns to write files and create directories outside of their authorized directory. | |||||
| CVE-2019-12145 | 1 Ipswitch | 1 Ws Ftp Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. An attacker can supply a string using special patterns via the SCP protocol to disclose path names on the host operating system. | |||||
| CVE-2019-12144 | 1 Ipswitch | 1 Ws Ftp Server | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. Attackers have the ability to abuse a path traversal vulnerability using the SCP protocol. Attackers who leverage this flaw could also obtain remote code execution by crafting a payload that abuses the SITE command feature. | |||||