Total
7020 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-14521 | 1 Emca | 1 Energy Logserver | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The api/admin/logoupload Logo File upload feature in EMCA Energy Logserver 6.1.2 allows attackers to send any kind of file to any location on the server via path traversal in the filename parameter. | |||||
| CVE-2019-14452 | 3 Canonical, Flightcrew Project, Sigil-ebook | 3 Ubuntu Linux, Flightcrew, Sigil | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Sigil before 0.9.16 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a ZIP archive entry that is mishandled during extraction. | |||||
| CVE-2019-14450 | 1 Repetier-server | 1 Repetier-server | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A directory traversal vulnerability was discovered in RepetierServer.exe in Repetier-Server 0.8 through 0.91 that allows for the creation of a user controlled XML file at an unintended location. When this is combined with CVE-2019-14451, an attacker can upload an "external command" configuration as a printer configuration, and achieve remote code execution. After exploitation, loading of the external command configuration is dependent on a system reboot or service restart. | |||||
| CVE-2019-14424 | 1 Eq-3 | 3 Ccu2, Ccu2 Firmware, Cux-daemon | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A Local File Inclusion (LFI) issue in the addon CUx-Daemon 1.11a of the eQ-3 Homematic CCU-Firmware 2.35.16 until 2.45.6 allows remote authenticated attackers to read sensitive files via a simple HTTP Request. | |||||
| CVE-2019-14418 | 1 Veritas | 1 Resiliency Platform | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1. When uploading an application bundle, a directory traversal vulnerability allows a VRP user with sufficient privileges to overwrite any file in the VRP virtual machine. A malicious VRP user could use this to replace existing files to take control of the VRP virtual machine. | |||||
| CVE-2019-14362 | 1 Openbravo | 1 Openbravo Erp | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
| Openbravo ERP before 3.0PR19Q1.3 is affected by Directory Traversal. This vulnerability could allow remote authenticated attackers to replace a file on the server via the getAttachmentDirectoryForNewAttachment inpKey value. | |||||
| CVE-2019-14322 | 2 Microsoft, Palletsprojects | 2 Windows, Werkzeug | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Pallets Werkzeug before 0.15.5, SharedDataMiddleware mishandles drive names (such as C:) in Windows pathnames. | |||||
| CVE-2019-14312 | 1 Aptana | 1 Jaxer | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Aptana Jaxer 1.0.3.4547 is vulnerable to a local file inclusion vulnerability in the wikilite source code viewer. This vulnerability allows a remote attacker to read internal files on the server via a tools/sourceViewer/index.html?filename=../ URI. | |||||
| CVE-2019-14251 | 1 Temenos | 1 T24 | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in T24 in TEMENOS Channels R15.01. The login page presents JavaScript functions to access a document on the server once successfully authenticated. However, an attacker can leverage downloadDocServer() to traverse the file system and access files or directories that are outside of the restricted directory because WealthT24/GetImage is used with the docDownloadPath and uploadLocation parameters. | |||||
| CVE-2019-14240 | 1 Wcms | 1 Wcms | 2024-11-21 | 5.8 MEDIUM | 8.1 HIGH |
| WCMS v0.3.2 has a CSRF vulnerability, with resultant directory traversal, to modify index.html via the /wex/html.php?finish=../index.html URI. | |||||
| CVE-2019-14206 | 1 Nevma | 1 Adaptive Images | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
| An Arbitrary File Deletion vulnerability in the Nevma Adaptive Images plugin before 0.6.67 for WordPress allows remote attackers to delete arbitrary files via the $REQUEST['adaptive-images-settings'] parameter in adaptive-images-script.php. | |||||
| CVE-2019-14205 | 1 Nevma | 1 Adaptive Images | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A Local File Inclusion vulnerability in the Nevma Adaptive Images plugin before 0.6.67 for WordPress allows remote attackers to retrieve arbitrary files via the $REQUEST['adaptive-images-settings']['source_file'] parameter in adaptive-images-script.php. | |||||
| CVE-2019-13944 | 1 Siemens | 6 En100 Ethernet Module, En100 Ethernet Module With Firmware Variant Dnp3 Tcp, En100 Ethernet Module With Firmware Variant Iec104 and 3 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability has been identified in EN100 Ethernet module DNP3 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module IEC104 variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). A vulnerability in the integrated web server of the affected devices could allow unauthorized attackers to obtain sensitive information about the device, including logs and configurations. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2019-13635 | 1 Wpfastestcache | 1 Wp Fastest Cache | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| The WP Fastest Cache plugin through 0.8.9.5 for WordPress allows wpFastestCache.php and inc/cache.php Directory Traversal. | |||||
| CVE-2019-13623 | 1 Nsa | 1 Ghidra | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| In NSA Ghidra before 9.1, path traversal can occur in RestoreTask.java (from the package ghidra.app.plugin.core.archive) via an archive with an executable file that has an initial ../ in its filename. This allows attackers to overwrite arbitrary files in scenarios where an intermediate analysis result is archived for sharing with other persons. To achieve arbitrary code execution, one approach is to overwrite some critical Ghidra modules, e.g., the decompile module. | |||||
| CVE-2019-13584 | 1 Fanucamerica | 1 Robotics Virtual Robot Controller | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The remote admin webserver on FANUC Robotics Virtual Robot Controller 8.23 allows Directory Traversal via a forged HTTP request. | |||||
| CVE-2019-13551 | 1 Advantech | 1 Wise-paas\/rmm | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Path traversal vulnerabilities are caused by a lack of proper validation of a user-supplied path prior to use in file operations. An attacker can leverage these vulnerabilities to remotely execute code while posing as an administrator. | |||||
| CVE-2019-13532 | 1 Codesys | 13 Control For Beaglebone, Control For Empc-a\/imx6, Control For Iot2000 and 10 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which may allow access to files outside the restricted working directory of the controller. | |||||
| CVE-2019-13408 | 2 Androvideo, Geovision | 6 Vd 1, Vd 1 Firmware, Gv-vd8700 and 3 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A relative path traversal vulnerability found in Advan VD-1 firmware versions up to 230. It allows attackers to download arbitrary files via url cgibin/ExportSettings.cgi?Download=filepath, without any authentication. | |||||
| CVE-2019-13396 | 1 Getflightpath | 1 Flightpath | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| FlightPath 4.x and 5.0-x allows directory traversal and Local File Inclusion through the form_include parameter in an index.php?q=system-handle-form-submit POST request because of an include_once in system_handle_form_submit in modules/system/system.module. | |||||