Total
7021 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-1717 | 1 Cisco | 1 Video Surveillance Manager | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the web-based management interface of Cisco Video Surveillance Manager could allow an unauthenticated, remote attacker to access sensitive information. The vulnerability is due to improper validation of parameters handled by the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to an affected component. A successful exploit could allow the attacker to download arbitrary files from the affected device, which could contain sensitive information. | |||||
| CVE-2019-1681 | 1 Cisco | 1 Ios Xr | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the TFTP service of Cisco Network Convergence System 1000 Series software could allow an unauthenticated, remote attacker to retrieve arbitrary files from the targeted device, possibly resulting in information disclosure. The vulnerability is due to improper validation of user-supplied input within TFTP requests processed by the affected software. An attacker could exploit this vulnerability by using directory traversal techniques in malicious requests sent to the TFTP service on a targeted device. An exploit could allow the attacker to retrieve arbitrary files from the targeted device, resulting in the disclosure of sensitive information. This vulnerability affects Cisco IOS XR Software releases prior to Release 6.5.2 for Cisco Network Convergence System 1000 Series devices when the TFTP service is enabled. | |||||
| CVE-2019-1621 | 1 Cisco | 1 Data Center Network Manager | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to gain access to sensitive files on an affected device. The vulnerability is due to incorrect permissions settings on affected DCNM software. An attacker could exploit this vulnerability by connecting to the web-based management interface of an affected device and requesting specific URLs. A successful exploit could allow the attacker to download arbitrary files from the underlying filesystem of the affected device. | |||||
| CVE-2019-1620 | 1 Cisco | 1 Data Center Network Manager | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to upload arbitrary files on an affected device. The vulnerability is due to incorrect permission settings in affected DCNM software. An attacker could exploit this vulnerability by uploading specially crafted data to the affected device. A successful exploit could allow the attacker to write arbitrary files on the filesystem and execute code with root privileges on the affected device. | |||||
| CVE-2019-1142 | 1 Microsoft | 7 .net Framework, Windows 10, Windows 8.1 and 4 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| An elevation of privilege vulnerability exists when the .NET Framework common language runtime (CLR) allows file creation in arbitrary locations, aka '.NET Framework Elevation of Privilege Vulnerability'. | |||||
| CVE-2019-19893 | 1 Ixpdata | 1 Easyinstall | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| In IXP EasyInstall 6.2.13723, there is Directory Traversal on TCP port 8000 via the Engine Service by an unauthenticated attacker, who can access the server's filesystem with the access rights of NT AUTHORITY\SYSTEM. | |||||
| CVE-2019-19877 | 1 Br-automation | 1 Industrial Automation Aprol | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An attacker can get access to sensitive information outside the working directory via Directory Traversal attacks against AprolSqlServer, a different vulnerability than CVE-2019-16357. | |||||
| CVE-2019-19848 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. It has been discovered that the extraction of manually uploaded ZIP archives in Extension Manager is vulnerable to directory traversal. Admin privileges are required in order to exploit this vulnerability. (In v9 LTS and later, System Maintainer privileges are also required.) | |||||
| CVE-2019-19845 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Joomla! before 3.9.14, a missing access check in framework files could lead to a path disclosure. | |||||
| CVE-2019-19834 | 1 Ruckuswireless | 17 C110, E510, H320 and 14 more | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| Directory Traversal in ruckus_cli2 in Ruckus Wireless Unleashed through 200.7.10.102.64 allows a remote attacker to jailbreak the CLI via enable->debug->script->exec with ../../../bin/sh as the parameter. | |||||
| CVE-2019-19790 | 1 Telerik | 2 Radchart, Ui For Asp.net Ajax | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Path traversal in RadChart in Telerik UI for ASP.NET AJAX allows a remote attacker to read and delete an image with extension .BMP, .EXIF, .GIF, .ICON, .JPEG, .PNG, .TIFF, or .WMF on the server through a specially crafted request. NOTE: RadChart was discontinued in 2014 in favor of RadHtmlChart. All RadChart versions were affected. To avoid this vulnerability, you must remove RadChart's HTTP handler from a web.config (its type is Telerik.Web.UI.ChartHttpHandler). | |||||
| CVE-2019-19731 | 1 Roxyfileman | 1 Roxy Fileman | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Roxy Fileman 1.4.5 for .NET is vulnerable to path traversal. A remote attacker can write uploaded files to arbitrary locations via the RENAMEFILE action. This can be leveraged for code execution by uploading a specially crafted Windows shortcut file and writing the file to the Startup folder (because an incomplete blacklist of file extensions allows Windows shortcut files to be uploaded). | |||||
| CVE-2019-19683 | 1 Nopcommerce | 1 Nopcommerce | 2024-11-21 | 9.0 HIGH | 9.1 CRITICAL |
| RoxyFileman, as shipped with nopCommerce v4.2.0, is vulnerable to ../ path traversal via d or f to Admin/RoxyFileman/ProcessRequest because of Libraries/Nop.Services/Media/RoxyFileman/FileRoxyFilemanService.cs. | |||||
| CVE-2019-19628 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In GitLab EE 11.3 through 12.5.3, 12.4.5, and 12.3.8, insufficient parameter sanitization for the Maven package registry could lead to privilege escalation and remote code execution vulnerabilities under certain conditions. | |||||
| CVE-2019-19486 | 1 Centreon | 1 Centreon | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Local File Inclusion in minPlayCommand.php in Centreon (19.04.4 and below) allows an attacker to traverse paths via a plugin test. | |||||
| CVE-2019-19459 | 1 Saltosystem | 1 Proaccess Space | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. An attacker can write arbitrary content to arbitrary files, as demonstrated by CVE-2019-19458 files under the web root, or .bat files that will be used with auto start. This allows an attacker to execute arbitrary commands on the server. | |||||
| CVE-2019-19458 | 1 Saltosystem | 1 Proaccess Space | 2024-11-21 | 5.0 MEDIUM | 8.6 HIGH |
| SALTO ProAccess SPACE 5.4.3.0 allows Directory Traversal in the Data Export feature. | |||||
| CVE-2019-19374 | 1 Squiz | 1 Matrix | 2024-11-21 | 7.5 HIGH | 9.1 CRITICAL |
| An issue was discovered in core/assets/form/form_question_types/form_question_type_file_upload/form_question_type_file_upload.inc in Squiz Matrix CMS 5.5.0 prior to 5.5.0.3, 5.5.1 prior to 5.5.1.8, 5.5.2 prior to 5.5.2.4, and 5.5.3 prior to 5.5.3.3 where a user can delete arbitrary files from the server during interaction with the File Upload field type, when a custom form exists. (This is related to an information disclosure issue within the File Upload field type that allows users to view the full path to uploaded files, including the product's web root directory.) | |||||
| CVE-2019-19372 | 1 Rconfig | 1 Rconfig | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A downloadFile.php download_file path traversal vulnerability in rConfig through 3.9.3 allows attackers to list files in arbitrary folders and potentially download files. NOTE: the discoverer later reported that there was not a "fully working exploit. | |||||
| CVE-2019-19297 | 1 Siemens | 2 Sinvr 3 Central Control Server, Sinvr 3 Video Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0). The streaming service (default port 5410/tcp) of the SiVMS/SiNVR Video Server contains a path traversal vulnerability, that could allow an unauthenticated remote attacker to access and download arbitrary files from the server. | |||||