Total
7020 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-16123 | 1 Kartatopia | 1 Piluscart | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Kartatopia PilusCart 1.4.1, the parameter filename in the file catalog.php is mishandled, leading to ../ Local File Disclosure. | |||||
| CVE-2019-16113 | 1 Bludit | 1 Bludit | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .jpg file name, and then this PHP code can write other PHP code to a ../ pathname. | |||||
| CVE-2019-16105 | 1 Silver-peak | 2 Unity Edgeconnect Sd-wan, Unity Edgeconnect Sd-wan Firmware | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows ..%2f directory traversal via a rest/json/configdb/download/ URI. | |||||
| CVE-2019-16064 | 1 Netsas | 1 Enigma Network Management Solution | 2024-11-21 | 5.5 MEDIUM | 9.6 CRITICAL |
| NETSAS Enigma NMS 65.0.0 and prior suffers from a directory traversal vulnerability that can allow an authenticated user to access files and directories stored outside of the web root folder. By exploiting this vulnerability, it is possible for an attacker to list operating-system directory contents on the server, create directories and upload files in permissible locations, and modify filenames and delete files that are accessible by the user running the web server instance. | |||||
| CVE-2019-15982 | 1 Cisco | 1 Data Center Network Manager | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| Multiple vulnerabilities in the REST and SOAP API endpoints and the Application Framework feature of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. To exploit these vulnerabilities, an attacker would need administrative privileges on the DCNM application. For more information about these vulnerabilities, see the Details section of this advisory. Note: The severity of these vulnerabilities is aggravated by the vulnerabilities described in the Cisco Data Center Network Manager Authentication Bypass Vulnerabilities advisory, published simultaneously with this one. | |||||
| CVE-2019-15981 | 1 Cisco | 1 Data Center Network Manager | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| Multiple vulnerabilities in the REST and SOAP API endpoints and the Application Framework feature of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. To exploit these vulnerabilities, an attacker would need administrative privileges on the DCNM application. For more information about these vulnerabilities, see the Details section of this advisory. Note: The severity of these vulnerabilities is aggravated by the vulnerabilities described in the Cisco Data Center Network Manager Authentication Bypass Vulnerabilities advisory, published simultaneously with this one. | |||||
| CVE-2019-15980 | 1 Cisco | 1 Data Center Network Manager | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| Multiple vulnerabilities in the REST and SOAP API endpoints and the Application Framework feature of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. To exploit these vulnerabilities, an attacker would need administrative privileges on the DCNM application. For more information about these vulnerabilities, see the Details section of this advisory. Note: The severity of these vulnerabilities is aggravated by the vulnerabilities described in the Cisco Data Center Network Manager Authentication Bypass Vulnerabilities advisory, published simultaneously with this one. | |||||
| CVE-2019-15952 | 1 Totaljs | 1 Total.js Cms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Total.js CMS 12.0.0. An authenticated user with the Pages privilege can conduct a path traversal attack (../) to include .html files that are outside the permitted directory. Also, if a page contains a template directive, then the directive will be server side processed. Thus, if a user can control the content of a .html file, then they can inject a payload with a malicious template directive to gain Remote Command Execution. The exploit will work only with the .html extension. | |||||
| CVE-2019-15931 | 1 Intesync | 1 Solismed | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Intesync Solismed 3.3sp allows Directory Traversal, a different vulnerability than CVE-2019-16246. | |||||
| CVE-2019-15855 | 1 Maarch | 1 Maarch Rm | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in Maarch RM before 2.5. A path traversal vulnerability allows an unauthenticated remote attacker to overwrite any files with a crafted POST request if the default installation procedure was followed. This results in a permanent Denial of Service. | |||||
| CVE-2019-15822 | 1 Wpserveur | 1 Wps Child Theme Generator | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The wps-child-theme-generator plugin before 1.2 for WordPress has classes/helpers.php directory traversal. | |||||
| CVE-2019-15714 | 1 Entropic Project | 1 Entropic | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| cli/lib/main.js in Entropic before 2019-06-13 does not reject / and \ in command names, which might allow a directory traversal attack in unusual situations. | |||||
| CVE-2019-15648 | 1 Elearningfreak | 1 Insert Or Embed Articulate Content | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
| The insert-or-embed-articulate-content-into-wordpress plugin before 4.29991 for WordPress has insufficient restrictions on deleting or renaming by a Subscriber. | |||||
| CVE-2019-15630 | 1 Mulesoft | 2 Api Gateway, Mule Runtime | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Directory Traversal in APIkit, HTTP connector, and OAuth2 Provider components in MuleSoft Mule Runtime 3.2.0 and higher released before August 1 2019, MuleSoft Mule Runtime 4.1.0 and higher released before August 1 2019, and all versions of MuleSoft API Gateway released before August 1 2019 allow remote attackers to read files accessible to the Mule process. | |||||
| CVE-2019-15600 | 1 Http Server Project | 1 Http Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A Path traversal exists in http_server which allows an attacker to read arbitrary system files. | |||||
| CVE-2019-15596 | 1 Statics-server Project | 1 Statics-server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A path traversal in statics-server exists in all version that allows an attacker to perform a path traversal when a symlink is used within the working directory. | |||||
| CVE-2019-15520 | 1 Comelz | 1 Quark | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| comelz Quark before 2019-03-26 allows directory traversal to locations outside of the project directory. | |||||
| CVE-2019-15519 | 1 Power-response Project | 1 Power-response | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Power-Response before 2019-02-02 allows directory traversal (up to the application's main directory) via a plugin. | |||||
| CVE-2019-15518 | 1 Swoole | 1 Swoole | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Swoole before 4.2.13 allows directory traversal in swPort_http_static_handler. | |||||
| CVE-2019-15517 | 1 Jc21 | 1 Nginx Proxy Manager | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| jc21 Nginx Proxy Manager before 2.0.13 allows %2e%2e%2f directory traversal. | |||||