Total
7019 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-20790 | 1 Tecrail | 1 Responsive Filemanager | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
| tecrail Responsive FileManager 9.13.4 allows remote attackers to delete an arbitrary file as a consequence of a paths[0] path traversal mitigation bypass through the delete_file action in execute.php. | |||||
| CVE-2018-20789 | 1 Tecrail | 1 Responsive Filemanager | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
| tecrail Responsive FileManager 9.13.4 allows remote attackers to delete an arbitrary directory as a consequence of a paths[0] path traversal mitigation bypass through the delete_folder action in execute.php. | |||||
| CVE-2018-20769 | 1 Xerox | 58 Workcentre 3655, Workcentre 3655 Firmware, Workcentre 3655i and 55 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. There is a Local File Inclusion vulnerability. | |||||
| CVE-2018-20714 | 1 Woocommerce | 1 Woocommerce | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
| The logging system of the Automattic WooCommerce plugin before 3.4.6 for WordPress is vulnerable to a File Deletion vulnerability. This allows deletion of woocommerce.php, which leads to certain privilege checks not being in place, and therefore a shop manager can escalate privileges to admin. | |||||
| CVE-2018-20647 | 1 Car Rental Script Project | 1 Car Rental Script | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| PHP Scripts Mall Car Rental Script 2.0.8 has directory traversal via a direct request for a listing of an image directory such as an images/ directory. | |||||
| CVE-2018-20646 | 1 Basic B2b Script Project | 1 Basic B2b Script | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| PHP Scripts Mall Basic B2B Script 2.0.9 has has directory traversal via a direct request for a listing of an image directory such as an uploads/ directory. | |||||
| CVE-2018-20643 | 1 Entrepreneur Job Portal Script Project | 1 Entrepreneur Job Portal Script | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has directory traversal via a direct request for a listing of an image directory such as an assets/ directory. | |||||
| CVE-2018-20638 | 1 Chartered Accountant \ | 1 Auditor Website Project | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has directory traversal via a direct request for a listing of an image directory such as an assets/ directory. | |||||
| CVE-2018-20635 | 1 Advance B2b Script Project | 1 Advance B2b Script | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| PHP Scripts Mall Advance B2B Script 2.1.4 has directory traversal via a direct request for a listing of an image directory such as an assets/ directory. | |||||
| CVE-2018-20631 | 1 Website Seller Script Project | 1 Website Seller Script | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| PHP Scripts Mall Website Seller Script 2.0.5 allows full Path Disclosure via a request for an arbitrary image URL such as a .png file. | |||||
| CVE-2018-20630 | 1 Advance Crowdfunding Script Project | 1 Advance Crowdfunding Script | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| PHP Scripts Mall Advance Crowdfunding Script 2.0.3 has directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2018/12 directory. | |||||
| CVE-2018-20629 | 1 Charity Donation Script Project | 1 Charity Donation Script | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| PHP Scripts Mall Charity Donation Script readymadeb2bscript has directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2018/12 directory. | |||||
| CVE-2018-20628 | 1 Charity Foundation Script Project | 1 Charity Foundation Script | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| PHP Scripts Mall Charity Foundation Script 1 through 3 allows directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2018/12 directory. | |||||
| CVE-2018-20626 | 1 Consumer Reviews Script Project | 1 Consumer Reviews Script | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| PHP Scripts Mall Consumer Reviews Script 4.0.3 has directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2018/12 directory. | |||||
| CVE-2018-20610 | 1 Txjia | 1 Imcat | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| imcat 4.4 allows directory traversal via the root/run/adm.php efile parameter. | |||||
| CVE-2018-20604 | 1 Lfdycms | 1 Lei Feng Tv Cms | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| Lei Feng TV CMS (aka LFCMS) 3.8.6 allows Directory Traversal via crafted use of ..* in Template/edit/path URIs, as demonstrated by the admin.php?s=/Template/edit/path/*web*..*..*..*..*1.txt.html URI to read the 1.txt file. | |||||
| CVE-2018-20566 | 1 Douco | 1 Douphp | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in DouCo DouPHP 1.5 20181221. It allows full path disclosure in "Smarty error: unable to read resource" error messages for a crafted installation page. | |||||
| CVE-2018-20525 | 1 Roxyfileman | 1 Roxy Fileman | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| Roxy Fileman 1.4.5 allows Directory Traversal in copydir.php, copyfile.php, and fileslist.php. | |||||
| CVE-2018-20470 | 1 Sahipro | 1 Sahi Pro | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A directory traversal (arbitrary file access) vulnerability exists in the web reports module. This allows an outside attacker to view contents of sensitive files. | |||||
| CVE-2018-20463 | 1 Jsmol2wp Project | 1 Jsmol2wp | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the JSmol2WP plugin 1.07 for WordPress. There is an arbitrary file read vulnerability via ../ directory traversal in query=php://filter/resource= in the jsmol.php query string. This can also be used for SSRF. | |||||