Total
7019 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-5700 | 1 Magicwinmail | 1 Winmail Server | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Winmail Server through 6.2 allows remote code execution by authenticated users who leverage directory traversal in a netdisk.php copy_folder_file call (in inc/class.ftpfolder.php) to move a .php file from the FTP folder into a web folder. | |||||
| CVE-2018-5448 | 1 Medtronic | 2 2090 Carelink Programmer, 2090 Carelink Programmer Firmware | 2024-11-21 | 2.7 LOW | 5.7 MEDIUM |
| All versions of the Medtronic 2090 Carelink Programmer are affected by a directory traversal vulnerability where the product's software deployment network could allow an attacker to read files on the system. | |||||
| CVE-2018-5445 | 1 Advantech | 1 Webaccess\/scada | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A Path Traversal issue was discovered in Advantech WebAccess/SCADA versions prior to V8.2_20170817. An attacker has read access to files within the directory structure of the target device. | |||||
| CVE-2018-5337 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: directory traversal in the SCRIPT_NAME field when modifying existing scripts. | |||||
| CVE-2018-5310 | 1 Media From Ftp Project | 1 Media From Ftp | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| In the "Media from FTP" plugin before 9.85 for WordPress, Directory Traversal exists via the searchdir parameter to the wp-admin/admin.php?page=mediafromftp-search-register URI. | |||||
| CVE-2018-5291 | 1 Gd Rating System Project | 1 Gd Rating System | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-tools page. | |||||
| CVE-2018-5290 | 1 Gd Rating System Project | 1 Gd Rating System | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-transfer page. | |||||
| CVE-2018-5289 | 1 Gd Rating System Project | 1 Gd Rating System | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-information page. | |||||
| CVE-2018-5287 | 1 Gd Rating System Project | 1 Gd Rating System | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-about page. | |||||
| CVE-2018-5283 | 1 Photos In Wifi Project | 1 Photos In Wifi | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The Photos in Wifi application 1.0.1 for iOS has directory traversal via the ext parameter to assets-library://asset/asset.php. | |||||
| CVE-2018-3949 | 1 Tp-link | 2 Tl-r600vpn, Tl-r600vpn Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An exploitable information disclosure vulnerability exists in the HTTP server functionality of the TP-Link TL-R600VPN. A specially crafted URL can cause a directory traversal, resulting in the disclosure of sensitive system files. An attacker can send either an unauthenticated or an authenticated web request to trigger this vulnerability. | |||||
| CVE-2018-3822 | 1 Elastic | 1 X-pack | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| X-Pack Security versions 6.2.0, 6.2.1, and 6.2.2 are vulnerable to a user impersonation attack via incorrect XML canonicalization and DOM traversal. An attacker might have been able to impersonate a legitimate user if the SAML Identity Provider allows for self registration with arbitrary identifiers and the attacker can register an account which an identifier that shares a suffix with a legitimate account. Both of those conditions must be true in order to exploit this flaw. | |||||
| CVE-2018-3787 | 1 Simplehttpserver Project | 1 Simplehttpserver | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Path traversal in simplehttpserver <v0.2.1 allows listing any file on the server. | |||||
| CVE-2018-3770 | 1 Markdown-pdf Project | 1 Markdown-pdf | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| A path traversal exists in markdown-pdf version <9.0.0 that allows a user to insert a malicious html code that can result in reading the local files. | |||||
| CVE-2018-3766 | 1 Buttle Project | 1 Buttle | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Path traversal in buttle module versions <= 0.2.0 allows to read any file in the server. | |||||
| CVE-2018-3744 | 1 Html-pages Project | 1 Html-pages | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| The html-pages node module contains a path traversal vulnerabilities that allows an attacker to read any file from the server with cURL. | |||||
| CVE-2018-3734 | 1 Stattic Project | 1 Stattic | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| stattic node module suffers from a Path Traversal vulnerability due to lack of validation of path, which allows a malicious user to read content of any file with known path. | |||||
| CVE-2018-3733 | 1 Crud-file-server Project | 1 Crud-file-server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| crud-file-server node module before 0.9.0 suffers from a Path Traversal vulnerability due to incorrect validation of url, which allows a malicious user to read content of any file with known path. | |||||
| CVE-2018-3732 | 1 Resolve-path Project | 1 Resolve-path | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| resolve-path node module before 1.4.0 suffers from a Path Traversal vulnerability due to lack of validation of paths with certain special characters, which allows a malicious user to read content of any file with known path. | |||||
| CVE-2018-3731 | 1 Public.js Project | 1 Public.js | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| public node module suffers from a Path Traversal vulnerability due to lack of validation of filePath, which allows a malicious user to read content of any file with known path. | |||||