Total
7108 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-18713 | 1 Phpyun | 1 Phpyun | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The function down_sql_action() in /admin/model/database.class.php in PHPYun 4.6 allows remote attackers to read arbitrary files via directory traversal in an m=database&c=down_sql&name=../ URI. | |||||
| CVE-2018-18703 | 1 Phptpoint | 1 Mailing Server Using File Handling | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| PhpTpoint Mailing Server Using File Handling 1.0 suffers from multiple Arbitrary File Read vulnerabilities in different sections that allow an attacker to read sensitive files on the system via directory traversal, bypassing the login page, as demonstrated by the Mailserver_filesystem/home.php coninb, consent, contrsh, condrft, or conspam parameter. | |||||
| CVE-2018-18593 | 1 Hp | 1 Ucmdb Configuration Manager | 2024-11-21 | 5.0 MEDIUM | 6.5 MEDIUM |
| Remote Directory Traversal and Remote Disclosure of Privileged Information in UCMDB Configuration Management Service, version 10.22, 10.22 CUP1, 10.22 CUP2, 10.22 CUP3, 10.22 CUP4, 10.22 CUP5, 10.22 CUP6, 10.22 CUP7, 10.33, 10.33 CUP1, 10.33 CUP2, 10.33 CUP3, 2018.02, 2018.05, 2018.08, 2018.11. The vulnerabilities could allow Remote Directory Traversal and Remote Disclosure of Privileged Information | |||||
| CVE-2018-18586 | 1 Kyzer | 1 Libmspack | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| chmextract.c in the chmextract sample program, as distributed with libmspack before 0.8alpha, does not protect against absolute/relative pathnames in CHM files, leading to Directory Traversal. NOTE: the vendor disputes that this is a libmspack vulnerability, because chmextract.c was only intended as a source-code example, not a supported application | |||||
| CVE-2018-18576 | 1 Incsub | 1 Hustle | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Hustle (aka wordpress-popup) plugin through 6.0.5 for WordPress allows Directory Traversal to obtain a directory listing via the views/admin/dashboard/ URI. | |||||
| CVE-2018-18552 | 1 Serverscheck | 1 Monitoring Software | 2024-11-21 | 5.0 MEDIUM | 6.5 MEDIUM |
| ServersCheck Monitoring Software through 14.3.3 allows local users to cause a denial of service (menu functionality loss) by creating an LNK file that points to a second LNK file, if this second LNK file is associated with a Start menu. Ultimately, this behavior comes from a Directory Traversal bug (via the sensor_details.html id parameter) that allows creating empty files in arbitrary directories. | |||||
| CVE-2018-18485 | 1 Phpshe | 1 Phpshe | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
| An issue was discovered in PHPSHE 1.7. admin.php?mod=db&act=del allows remote attackers to delete arbitrary files via directory traversal sequences in the dbname parameter. This can be leveraged to reload the product by deleting install.lock. | |||||
| CVE-2018-18434 | 1 Litemall Project | 1 Litemall | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in litemall 0.9.0. Arbitrary file download is possible via ../ directory traversal in linlinjava/litemall/wx/web/WxStorageController.java in the litemall-wx-api component. | |||||
| CVE-2018-18323 | 1 Control-webpanel | 1 Webpanel | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has Local File Inclusion via directory traversal with an admin/index.php?module=file_editor&file=/../ URI. | |||||
| CVE-2018-18257 | 1 Bagesoft | 1 Bagecms | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
| An issue was discovered in BageCMS 3.1.3. An attacker can delete any files and folders on the web server via an index.php?r=admini/template/batch&command=deleteFile&fileName= or index.php?r=admini/template/batch&command=deleteFolder&folderName=../ directory traversal URI. | |||||
| CVE-2018-17934 | 1 Nuuo | 1 Nuuo Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| NUUO CMS All versions 3.3 and prior the application allows external input to construct a pathname that is able to be resolved outside the intended directory. This could allow an attacker to impersonate a legitimate user, obtain restricted information, or execute arbitrary code. | |||||
| CVE-2018-17899 | 1 Lcds | 1 Laquis Scada | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| LAquis SCADA Versions 4.1.0.3870 and prior has a path traversal vulnerability, which may allow remote code execution. | |||||
| CVE-2018-17838 | 1 Jtbc | 1 Jtbc Php | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in JTBC(PHP) 3.0.1.6. Arbitrary file read operations are possible via a /console/#/console/file/manage.php?type=list&path=c:/ substring. | |||||
| CVE-2018-17837 | 1 Jtbc | 1 Jtbc Php | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
| An issue was discovered in JTBC(PHP) 3.0.1.6. Arbitrary file deletion is possible via a /console/file/manage.php?type=action&action=delete&path=c%3A%2F substring. | |||||
| CVE-2018-17836 | 1 Jtbc | 1 Jtbc Php | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in JTBC(PHP) 3.0.1.6. It allows remote attackers to execute arbitrary PHP code by using a /console/file/manage.php?type=action&action=addfile&path=..%2F substring to upload, in conjunction with a multipart/form-data PHP payload. | |||||
| CVE-2018-17828 | 1 Zziplib Project | 1 Zziplib | 2024-11-21 | 5.8 MEDIUM | 5.5 MEDIUM |
| Directory traversal vulnerability in ZZIPlib 0.13.69 allows attackers to overwrite arbitrary files via a .. (dot dot) in a zip file, because of the function unzzip_cat in the bins/unzzipcat-mem.c file. | |||||
| CVE-2018-17798 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in zzcms 8.3. user/ztconfig.php allows remote attackers to delete arbitrary files via an absolute pathname in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock. | |||||
| CVE-2018-17797 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in zzcms 8.3. user/zssave.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock. | |||||
| CVE-2018-17785 | 1 Blynk | 1 Blynk-server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In blynk-server in Blynk before 0.39.7, Directory Traversal exists via a ../ in a URI that has /static or /static/js at the beginning, as demonstrated by reading the /etc/passwd file. | |||||
| CVE-2018-17605 | 1 Asset Pipeline Project | 1 Asset-pipeline | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the Asset Pipeline plugin before 3.0.4 for Grails. An attacker can perform directory traversal via a crafted request when a servlet-based application is executed in Jetty, because there is a classloader vulnerability that can allow a reverse file traversal route in AssetPipelineFilter.groovy or AssetPipelineFilterCore.groovy. | |||||