Total
7108 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-15140 | 1 Open-emr | 1 Openemr | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Directory traversal in portal/import_template.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker authenticated in the patient portal to read arbitrary files via the "docid" parameter when the mode is set to get. | |||||
| CVE-2018-15138 | 1 Ericssonlg | 1 Ipecs Nms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Ericsson-LG iPECS NMS 30M allows directory traversal via ipecs-cm/download?filename=../ URIs. | |||||
| CVE-2018-14957 | 1 Isweb | 1 Isweb | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| CMS ISWEB 3.5.3 is vulnerable to directory traversal and local file download, as demonstrated by moduli/downloadFile.php?file=oggetto_documenti/../.././inc/config.php (one can take the control of the application because credentials are present in that config.php file). | |||||
| CVE-2018-14942 | 1 Harmonicinc | 2 Nsg 9000, Nsg 9000 Firmware | 2024-11-21 | 4.0 MEDIUM | 8.8 HIGH |
| Harmonic NSG 9000 devices allow remote authenticated users to conduct directory traversal attacks, as demonstrated by "POST /PY/EMULATION_GET_FILE" or "POST /PY/EMULATION_EXPORT" with FileName=../../../passwd in the POST data. | |||||
| CVE-2018-14927 | 1 Matera | 1 Banco | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Matera Banco 1.0.0 is vulnerable to path traversal (allowing access to system files outside the default application folder) via the /contingency/servlet/ServletFileDownload file parameter, related to /contingency/web/receiptQuery/receiptDisplay.jsp. | |||||
| CVE-2018-14918 | 1 Loytec | 2 Lgate-902, Lgate-902 Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| LOYTEC LGATE-902 6.3.2 devices allow Directory Traversal. | |||||
| CVE-2018-14912 | 2 Cgit Project, Debian | 2 Cgit, Debian Linux | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| cgit_clone_objects in CGit before 1.2.1 has a directory traversal vulnerability when `enable-http-clone=1` is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request. | |||||
| CVE-2018-14806 | 1 Advantech | 1 Webaccess | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Advantech WebAccess 8.3.1 and earlier has a path traversal vulnerability which may allow an attacker to execute arbitrary code. | |||||
| CVE-2018-14795 | 1 Emerson | 1 Deltav | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable due to improper path validation which may allow an attacker to replace executable files. | |||||
| CVE-2018-14707 | 1 Drobo | 2 5n2, 5n2 Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| Directory traversal in the Drobo Pix web application on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to upload files to arbitrary locations. | |||||
| CVE-2018-14672 | 1 Yandex | 1 Clickhouse | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| In ClickHouse before 18.12.13, functions for loading CatBoost models allowed path traversal and reading arbitrary files through error messages. | |||||
| CVE-2018-14654 | 2 Debian, Redhat | 6 Debian Linux, Enterprise Linux Server, Enterprise Linux Virtualization and 3 more | 2024-11-21 | 8.5 HIGH | 6.5 MEDIUM |
| The Gluster file system through version 4.1.4 is vulnerable to abuse of the 'features/index' translator. A remote attacker with access to mount volumes could exploit this via the 'GF_XATTROP_ENTRY_IN_KEY' xattrop to create arbitrary, empty files on the target server. | |||||
| CVE-2018-14573 | 1 Trms | 1 Tightrope Media Carousel Digital Signage | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| A Local File Inclusion (LFI) vulnerability exists in the Web Interface API of TightRope Media Carousel Digital Signage before 7.3.5. The RenderingFetch API allows for the downloading of arbitrary files through the use of directory traversal sequences, aka CSL-1683. | |||||
| CVE-2018-14429 | 1 Man-cgi Project | 1 Man-cgi | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| man-cgi before 1.16 allows Local File Inclusion via absolute path traversal, as demonstrated by a cgi-bin/man-cgi?/etc/passwd URI. | |||||
| CVE-2018-14371 | 1 Eclipse | 1 Mojarra | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The getLocalePrefix function in ResourceManager.java in Eclipse Mojarra before 2.3.7 is affected by Directory Traversal via the loc parameter. A remote attacker can download configuration files or Java bytecodes from applications. | |||||
| CVE-2018-14364 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| GitLab Community and Enterprise Edition before 10.7.7, 10.8.x before 10.8.6, and 11.x before 11.0.4 allows Directory Traversal with write access and resultant remote code execution via the GitLab projects import component. | |||||
| CVE-2018-14363 | 2 Debian, Neomutt | 2 Debian Linux, Neomutt | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in NeoMutt before 2018-07-16. newsrc.c does not properly restrict '/' characters that may have unsafe interaction with cache pathnames. | |||||
| CVE-2018-14355 | 4 Canonical, Debian, Mutt and 1 more | 4 Ubuntu Linux, Debian Linux, Mutt and 1 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/util.c mishandles ".." directory traversal in a mailbox name. | |||||
| CVE-2018-14064 | 1 Velotismart Project | 2 Velotismart Wifi, Velotismart Wifi Firmware | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| The uc-http service 1.0.0 on VelotiSmart WiFi B-380 camera devices allows Directory Traversal, as demonstrated by /../../etc/passwd on TCP port 80. | |||||
| CVE-2018-14056 | 2 Debian, Znc | 2 Debian Linux, Znc | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| ZNC before 1.7.1-rc1 is prone to a path traversal flaw via ../ in a web skin name to access files outside of the intended skins directories. | |||||