Total
7020 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-11654 | 1 Microfocus | 1 Verastream Host Integrator | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Path traversal vulnerability in Micro Focus Verastream Host Integrator (VHI), versions 7.7 SP2 and earlier, The vulnerability allows remote unauthenticated attackers to read arbitrary files. | |||||
| CVE-2019-11624 | 1 Doorgets | 1 Doorgets Cms | 2024-11-21 | 5.5 MEDIUM | 4.9 MEDIUM |
| doorGets 7.0 has an arbitrary file deletion vulnerability in /doorgets/app/requests/user/configurationRequest.php. A remote background administrator privilege user can exploit this vulnerability to delete arbitrary files. | |||||
| CVE-2019-11612 | 1 Doorgets | 1 Doorgets Cms | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
| doorGets 7.0 has an arbitrary file deletion vulnerability in /fileman/php/deletefile.php. A remote unauthenticated attacker can exploit this vulnerability to delete arbitrary files. | |||||
| CVE-2019-11611 | 1 Doorgets | 1 Doorgets Cms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/download.php. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information. | |||||
| CVE-2019-11610 | 1 Doorgets | 1 Doorgets Cms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/downloaddir.php. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information. | |||||
| CVE-2019-11609 | 1 Doorgets | 1 Doorgets Cms | 2024-11-21 | 6.4 MEDIUM | 8.2 HIGH |
| doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/movefile.php. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information or make the server unserviceable. | |||||
| CVE-2019-11608 | 1 Doorgets | 1 Doorgets Cms | 2024-11-21 | 6.4 MEDIUM | 8.2 HIGH |
| doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/renamefile.php. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information or make the server unserviceable. | |||||
| CVE-2019-11607 | 1 Doorgets | 1 Doorgets Cms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/copydir.php. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information. | |||||
| CVE-2019-11606 | 1 Doorgets | 1 Doorgets Cms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/copyfile.php. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information. | |||||
| CVE-2019-11603 | 1 Bosch | 2 Iot Gateway Software, Prosyst Mbs Sdk | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A HTTP Traversal Attack in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.0.2 allows remote attackers to read files outside the http root. | |||||
| CVE-2019-11601 | 1 Bosch | 2 Iot Gateway Software, Prosyst Mbs Sdk | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
| A directory traversal vulnerability in remote access to backup & restore in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.2.0 allows remote attackers to write or delete files at any location. | |||||
| CVE-2019-11591 | 1 Web-dorado | 1 Contact Form | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The WebDorado Contact Form plugin before 1.13.5 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because there can be a discrepancy between the $_POST['action'] value and the $_GET['action'] value, and the latter is unsanitized. | |||||
| CVE-2019-11590 | 1 10web | 1 Form Maker | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The 10Web Form Maker plugin before 1.13.5 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because there can be a discrepancy between the $_POST['action'] value and the $_GET['action'] value, and the latter is unsanitized. | |||||
| CVE-2019-11557 | 1 Web-dorado | 1 Wp Form Builder | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The WebDorado Contact Form Builder plugin before 1.0.69 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because there can be a discrepancy between the $_POST['action'] value and the $_GET['action'] value, and the latter is unsanitized. | |||||
| CVE-2019-11515 | 1 Gilacms | 1 Gila Cms | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| core/classes/db_backup.php in Gila CMS 1.10.1 allows admin/db_backup?download= absolute path traversal to read arbitrary files. | |||||
| CVE-2019-11508 | 2 Ivanti, Pulsesecure | 2 Connect Secure, Pulse Connect Secure | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an authenticated attacker (via the admin web interface) can exploit Directory Traversal to execute arbitrary code on the appliance. | |||||
| CVE-2019-11397 | 2 Microsoft, Rapidflows | 2 .net Framework, Rapid4 | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| GetFile.aspx in Rapid4 RapidFlows Enterprise Application Builder 4.5M.23 (when used with .NET Framework 4.5) allows Local File Inclusion via the FileDesc parameter. | |||||
| CVE-2019-11378 | 1 Projectsend | 1 Projectsend | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in ProjectSend r1053. upload-process-form.php allows finished_files[]=../ directory traversal. It is possible for users to read arbitrary files and (potentially) access the supporting database, delete arbitrary files, access user passwords, or run arbitrary code. | |||||
| CVE-2019-11327 | 1 Topcon | 2 Net-g5, Net-g5 Firmware | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| An issue was discovered on Topcon Positioning Net-G5 GNSS Receiver devices with firmware 5.2.2. The web interface of the product has a local file inclusion vulnerability. An attacker with administrative privileges can craft a special URL to read arbitrary files from the device's files system. | |||||
| CVE-2019-11249 | 2 Kubernetes, Redhat | 2 Kubernetes, Openshift Container Platform | 2024-11-21 | 5.8 MEDIUM | 6.5 MEDIUM |
| The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in the container is malicious, it could run any code and output unexpected, malicious results. An attacker could use this to write files to any path on the user’s machine when kubectl cp is called, limited only by the system permissions of the local user. Kubernetes affected versions include versions prior to 1.13.9, versions prior to 1.14.5, versions prior to 1.15.2, and versions 1.1, 1.2, 1.4, 1.4, 1.5, 1.6, 1.7, 1.8, 1.9, 1.10, 1.11, 1.12. | |||||