Total
7024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-9610 | 1 Ofcms Project | 1 Ofcms | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in OFCMS before 1.1.3. It has admin/cms/template/getTemplates.html?res_path=res&up_dir=../ directory traversal, related to the getTemplates function in TemplateController.java. | |||||
| CVE-2019-9607 | 1 Medical Store Script Project | 1 Medical Store Script | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| PHP Scripts Mall Medical Store Script 3.0.3 allows Path Traversal by navigating to the parent directory of a jpg or png file. | |||||
| CVE-2019-9489 | 2 Microsoft, Trendmicro | 6 Windows, Apex One, Apex One As A Service and 3 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (versions XG and 11.0), and Worry-Free Business Security (versions 10.0, 9.5 and 9.0) could allow an attacker to modify arbitrary files on the affected product's management console. | |||||
| CVE-2019-9281 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In GoogleContactsSyncAdapter, there is a possible path traversal due to improper input sanitization. This could lead to a bypass of user interaction requirements with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-32748076 | |||||
| CVE-2019-9222 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Insecure Permissions. | |||||
| CVE-2019-9195 | 1 Grin | 1 Grin | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| util/src/zip.rs in Grin before 1.0.2 mishandles suspicious files. An attacker can execute arbitrary code via directory traversal in a ZIP archive. | |||||
| CVE-2019-9157 | 1 Gemalto | 1 Ezio Ds3 Server | 2024-11-21 | 2.7 LOW | 5.7 MEDIUM |
| Gemalto DS3 Authentication Server 2.6.1-SP01 allows Local File Disclosure. | |||||
| CVE-2019-9106 | 1 Saet | 3 Tebe Small, Tebe Small Firmware, Webapp | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Small 05.01 build 1137 devices allows remote attackers to execute or include local .php files, as demonstrated by menu=php://filter/convert.base64-encode/resource=index.php to read index.php. | |||||
| CVE-2019-9064 | 1 Cab Booking Script Project | 1 Cab Booking Script | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| PHP Scripts Mall Cab Booking Script 1.0.3 allows Directory Traversal into the parent directory of a jpg or png file. | |||||
| CVE-2019-9060 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in CMS Made Simple 2.2.8. It is possible to achieve unauthenticated path traversal in the CGExtensions module (in the file action.setdefaulttemplate.php) with the m1_filename parameter; and through the action.showmessage.php file, it is possible to read arbitrary file content (by using that path traversal with m1_prefname set to cg_errormsg and m1_resettodefault=1). | |||||
| CVE-2019-9015 | 1 Mopcms | 1 Mopcms | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| A Path Traversal vulnerability was discovered in MOPCMS through 2018-11-30, leading to deletion of unexpected critical files. The exploitation point is in the "column management" function. The path added to the column is not verified. When a column is deleted by an attacker, the corresponding directory is deleted, as demonstrated by ./ to delete the entire web site. | |||||
| CVE-2019-9005 | 1 Cprime | 1 Power Scripts | 2024-11-21 | 6.8 MEDIUM | 6.5 MEDIUM |
| The Cprime Power Scripts app before 4.0.14 for Atlassian Jira allows Directory Traversal. | |||||
| CVE-2019-8952 | 1 Bosch | 6 Divar Ip 2000, Divar Ip 2000 Firmware, Divar Ip 5000 and 3 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A Path Traversal vulnerability located in the webserver affects several Bosch hardware and software products. The vulnerability potentially allows a remote authorized user to access arbitrary files on the system via the network interface. Affected hardware products: Bosch DIVAR IP 2000 (vulnerable versions: 3.10; 3.20; 3.21; 3.50; 3.51; 3.55; 3.60; 3.61; 3.62; fixed versions: 3.62.0019 and newer), Bosch DIVAR IP 5000 (vulnerable versions: 3.10; 3.20; 3.21; 3.50; 3.51; 3.55; 3.60; 3.61; 3.62; fixed versions: 3.80.0033 and newer). Affected software products: Video Recording Manager (VRM) (vulnerable versions: 3.10; 3.20; 3.21; 3.50; 3.51; 3.55; 3.60; 3.61; 3.62; 3.70; 3.71 before 3.71.0032 ; fixed versions: 3.71.0032; 3.81.0032 and newer), Bosch Video Management System (BVMS) (vulnerable versions: 3.50.00XX; 3.55.00XX; 3.60.00XX; 3.70.0056; fixed versions: 7.5; 3.71.0032). | |||||
| CVE-2019-8943 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An attacker (who has privileges to crop an image) can write the output image to an arbitrary directory via a filename containing two image extensions and ../ sequences, such as a filename ending with the .jpg?/../../file.jpg substring. | |||||
| CVE-2019-8925 | 1 Zohocorp | 1 Manageengine Netflow Analyzer | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. An Absolute Path Traversal vulnerability in the Administration zone, in /netflow/servlet/CReportPDFServlet (via the parameter schFilePath), allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via any file name, such as a schFilePath=C:\boot.ini value. | |||||
| CVE-2019-8903 | 1 Totaljs | 1 Total.js | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| index.js in Total.js Platform before 3.2.3 allows path traversal. | |||||
| CVE-2019-8412 | 1 Feifeicms | 1 Feifeicms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| FeiFeiCms 4.0.181010 on Windows allows remote attackers to read or delete arbitrary files via index.php?s=Admin-Data-Down-id-..\ or index.php?s=Admin-Data-Del-id-..\ directory traversal. | |||||
| CVE-2019-8411 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
| admin/dl_data.php in zzcms 2018 (2018-10-19) allows remote attackers to delete arbitrary files via action=del&filename=../ directory traversal. | |||||
| CVE-2019-8407 | 1 Hongcms Project | 1 Hongcms | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
| HongCMS 3.0.0 allows arbitrary file read and write operations via a ../ in the filename parameter to the admin/index.php/language/edit URI. | |||||
| CVE-2019-8395 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An Insecure Direct Object Reference (IDOR) vulnerability exists in Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10007 via an attachment to a request. | |||||