Total
7024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-8389 | 1 Musicloud Project | 1 Musicloud | 2024-11-21 | 4.8 MEDIUM | 8.1 HIGH |
| A file-read vulnerability was identified in the Wi-Fi transfer feature of Musicloud 1.6. By default, the application runs a transfer service on port 8080, accessible by everyone on the same Wi-Fi network. An attacker can send the POST parameters downfiles and cur-folder (with a crafted ../ payload) to the download.script endpoint. This will create a MusicPlayerArchive.zip archive that is publicly accessible and includes the content of any requested file (such as the /etc/passwd file). | |||||
| CVE-2019-8385 | 1 Thomsonreuters | 2 Concourse Matter Room, Firm Central Desktop | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Thomson Reuters Desktop Extensions 1.9.0.358. An unauthenticated directory traversal and local file inclusion vulnerability in the ThomsonReuters.Desktop.Service.exe and ThomsonReuters.Desktop.exe allows a remote attacker to list or enumerate sensitive contents of files via a \.. to port 6677. Additionally, this could allow for privilege escalation by dumping the affected machine's SAM and SYSTEM database files, as well as remote code execution. | |||||
| CVE-2019-8358 | 1 Hiawatha-webserver | 1 Hiawatha | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| In Hiawatha before 10.8.4, a remote attacker is able to do directory traversal if AllowDotFiles is enabled. | |||||
| CVE-2019-8320 | 1 Rubygems | 1 Rubygems | 2024-11-21 | 8.8 HIGH | 7.4 HIGH |
| A Directory Traversal issue was discovered in RubyGems 2.7.6 and later through 3.0.2. Before making new directories or touching files (which now include path-checking code for symlinks), it would delete the target destination. If that destination was hidden behind a symlink, a malicious gem could delete arbitrary files on the user's machine, presuming the attacker could guess at paths. Given how frequently gem is run as sudo, and how predictable paths are on modern systems (/tmp, /usr, etc.), this could likely lead to data loss or an unusable system. | |||||
| CVE-2019-8291 | 1 Online Store System Project | 1 Online Store System | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
| Online Store System v1.0 delete_file.php doesn't check to see if a user has administrative rights nor does it check for path traversal. | |||||
| CVE-2019-8238 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Acrobat and Reader versions 2019.010.20100 and earlier; 2019.010.20099 and earlier versions; 2017.011.30140 and earlier version; 2017.011.30138 and earlier version; 2015.006.30495 and earlier versions; 2015.006.30493 and earlier versions have a Path Traversal vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user. | |||||
| CVE-2019-8074 | 1 Adobe | 1 Coldfusion | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Path Traversal vulnerability. Successful exploitation could lead to Access Control Bypass in the context of the current user. | |||||
| CVE-2019-7859 | 1 Magento | 1 Magento | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A path traversal vulnerability in the WYSIWYG editor for Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 could result in unauthorized access to uploaded images due to insufficient access control. | |||||
| CVE-2019-7751 | 1 Ricoh | 1 Fusionpro Vdp | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A directory traversal and local file inclusion vulnerability in FPProducerInternetServer.exe in Ricoh MarcomCentral, formerly PTI Marketing, FusionPro VDP before 10.0 allows a remote attacker to list or enumerate sensitive contents of files. Furthermore, this could allow for privilege escalation by dumping the local machine's SAM and SYSTEM database files, and possibly remote code execution. | |||||
| CVE-2019-7678 | 1 Enphase | 1 Envoy | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A directory traversal vulnerability was discovered in Enphase Envoy R3.*.* via images/, include/, include/js, or include/css on TCP port 8888. | |||||
| CVE-2019-7618 | 1 Elastic | 1 Kibana | 2024-11-21 | 3.5 LOW | 6.5 MEDIUM |
| A local file disclosure flaw was found in Elastic Code versions 7.3.0, 7.3.1, and 7.3.2. If a malicious code repository is imported into Code it is possible to read arbitrary files from the local filesystem of the Kibana instance running Code with the permission of the Kibana system user. | |||||
| CVE-2019-7403 | 1 Phpmywind | 1 Phpmywind | 2024-11-21 | 5.5 MEDIUM | 4.9 MEDIUM |
| An issue was discovered in PHPMyWind 5.5. It allows remote attackers to delete arbitrary folders via an admin/database_backup.php?action=import&dopost=deldir&tbname=../ URI. | |||||
| CVE-2019-7387 | 1 Systrome | 6 Isg-600c, Isg-600c Firmware, Isg-600h and 3 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A local file inclusion vulnerability exists in the web interface of Systrome Cumilon ISG-600C, ISG-600H, and ISG-800W 1.1-R2.1_TRUNK-20180914.bin devices. When the export function is called from system/maintenance/export.php, it accepts the path provided by the user, leading to path traversal via the name parameter. | |||||
| CVE-2019-7315 | 1 Genieaccess | 2 Wip3bvaf, Wip3bvaf Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Genie Access WIP3BVAF WISH IP 3MP IR Auto Focus Bullet Camera devices through 3.x are vulnerable to directory traversal via the web interface, as demonstrated by reading /etc/shadow. NOTE: this product is discontinued, and its final firmware version has this vulnerability (4.x versions exist only for other Genie Access products). | |||||
| CVE-2019-7289 | 1 Apple | 1 Shortcuts | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in Shortcuts 2.1.3 for iOS. A local user may be able to view senstive user information. | |||||
| CVE-2019-7267 | 1 Nortekcontrol | 4 Linear Emerge 5000p, Linear Emerge 5000p Firmware, Linear Emerge 50p and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Linear eMerge 50P/5000P devices allow Cookie Path Traversal. | |||||
| CVE-2019-7254 | 1 Nortekcontrol | 4 Linear Emerge Elite, Linear Emerge Elite Firmware, Linear Emerge Essential and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Linear eMerge E3-Series devices allow File Inclusion. | |||||
| CVE-2019-7253 | 1 Nortekcontrol | 4 Linear Emerge Elite, Linear Emerge Elite Firmware, Linear Emerge Essential and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Linear eMerge E3-Series devices allow Directory Traversal. | |||||
| CVE-2019-7237 | 2 Idreamsoft, Microsoft | 2 Icms, Windows | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in idreamsoft iCMS 7.0.13 on Windows. editor/editor.admincp.php allows admincp.php?app=files&do=browse ..\ Directory Traversal. | |||||
| CVE-2019-7236 | 1 Idreamsoft | 1 Icms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in idreamsoft iCMS 7.0.13. editor/editor.admincp.php allows admincp.php?app=editor&do=fileManager dir=../ Directory Traversal. | |||||