Total
7182 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-9459 | 1 Google | 1 Android | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| In Attachment of Attachment.java and getFilePath of EmlAttachmentProvider.java, there is a possible Elevation of Privilege due to a path traversal error. This could lead to a remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-66230183. | |||||
| CVE-2018-9445 | 1 Google | 1 Android | 2024-11-21 | 7.2 HIGH | 6.8 MEDIUM |
| In readMetadata of Utils.cpp, there is a possible path traversal bug due to a confused deputy. This could lead to local escalation of privilege when mounting a USB device with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-80436257. | |||||
| CVE-2018-9331 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
| An issue was discovered in zzcms 8.2. user/adv.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter. This can be leveraged for database access by deleting install.lock. | |||||
| CVE-2018-9205 | 1 Drupal | 1 Avatar Uploader | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Vulnerability in avatar_uploader v7.x-1.0-beta8 , The code in view.php doesn't verify users or sanitize the file path. | |||||
| CVE-2018-9159 | 1 Sparkjava | 1 Spark | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Spark before 2.7.2, a remote attacker can read unintended static files via various representations of absolute or relative pathnames, as demonstrated by file: URLs and directory traversal sequences. NOTE: this product is unrelated to Ignite Realtime Spark. | |||||
| CVE-2018-9118 | 1 99robots | 1 Wp Background Takeover Advertisements | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| exports/download.php in the 99 Robots WP Background Takeover Advertisements plugin before 4.1.5 for WordPress has Directory Traversal via a .. in the filename parameter. | |||||
| CVE-2018-9117 | 1 Wiremock | 1 Wiremock | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| WireMock before 2.16.0 contains a vulnerability that allows a remote unauthenticated attacker to access local files beyond the application directory via a specially crafted XML request, aka Directory Traversal. | |||||
| CVE-2018-9110 | 1 Std42 | 1 Elfinder | 2024-11-21 | 7.5 HIGH | 9.1 CRITICAL |
| Studio 42 elFinder before 2.1.37 has a directory traversal vulnerability in elFinder.class.php with the zipdl() function that can allow a remote attacker to download files accessible by the web server process and delete files owned by the account running the web server process. NOTE: this issue exists because of an incomplete fix for CVE-2018-9109. | |||||
| CVE-2018-9109 | 1 Std42 | 1 Elfinder | 2024-11-21 | 7.5 HIGH | 9.1 CRITICAL |
| Studio 42 elFinder before 2.1.36 has a directory traversal vulnerability in elFinder.class.php with the zipdl() function that can allow a remote attacker to download files accessible by the web server process and delete files owned by the account running the web server process. | |||||
| CVE-2018-9074 | 1 Lenovo | 22 Iomega Ez Media \& Backup Center, Iomega Storcenter Ix2, Iomega Storcenter Ix2-dl and 19 more | 2024-11-21 | 6.8 MEDIUM | 6.5 MEDIUM |
| For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file upload functionality of the Content Explorer application is vulnerable to path traversal. As a result, users can upload files anywhere on the device's operating system as the root user. | |||||
| CVE-2018-9038 | 1 Monstra | 1 Monstra | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
| Monstra CMS 3.0.4 allows remote attackers to delete files via an admin/index.php?id=filesmanager&delete_dir=./&path=uploads/ request. | |||||
| CVE-2018-9010 | 1 Intelbras | 4 Tip200, Tip200 Firmware, Tip200lite and 1 more | 2024-11-21 | 4.0 MEDIUM | 7.2 HIGH |
| Intelbras TELEFONE IP TIP200/200 LITE 60.0.75.29 devices allow remote authenticated admins to read arbitrary files via the /cgi-bin/cgiServer.exx page parameter, aka absolute path traversal. In some cases, authentication can be achieved via the admin account with its default admin password. | |||||
| CVE-2018-8969 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
| An issue was discovered in zzcms 8.2. user/licence_save.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock. | |||||
| CVE-2018-8968 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
| An issue was discovered in zzcms 8.2. user/manage.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg or oldflv parameter in an action=modify request. This can be leveraged for database access by deleting install.lock. | |||||
| CVE-2018-8965 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
| An issue was discovered in zzcms 8.2. user/ppsave.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock. | |||||
| CVE-2018-8909 | 1 Wire | 1 Wire | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The Wire application before 2018-03-07 for Android allows attackers to write to pathnames outside of the downloads directory via a ../ in a filename of a received file, related to AssetService.scala. | |||||
| CVE-2018-8889 | 1 Blackberry | 1 Enterprise Mobility Server | 2024-11-21 | 4.7 MEDIUM | 4.7 MEDIUM |
| A directory traversal vulnerability in the Connect Service of the BlackBerry Enterprise Mobility Server (BEMS) 2.8.17.29 and earlier could allow an attacker to retrieve arbitrary files in the context of a BEMS administrator account. | |||||
| CVE-2018-8780 | 3 Canonical, Debian, Ruby-lang | 3 Ubuntu Linux, Debian Linux, Ruby | 2024-11-21 | 7.5 HIGH | 9.1 CRITICAL |
| In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.empty? methods do not check NULL characters. When using the corresponding method, unintentional directory traversal may be performed. | |||||
| CVE-2018-8741 | 2 Debian, Squirrelmail | 2 Debian Linux, Squirrelmail | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A directory traversal flaw in SquirrelMail 1.4.22 allows an authenticated attacker to exfiltrate (or potentially delete) files from the hosting server, related to ../ in the att_local_name field in Deliver.class.php. | |||||
| CVE-2018-8727 | 1 Mirasys | 1 Dvms Workstation | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Path Traversal in Gateway in Mirasys DVMS Workstation 5.12.6 and earlier allows an attacker to traverse the file system to access files or directories via the Web Client webserver. | |||||