Total
7008 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-12976 | 1 Godoc | 1 Go Doc Dot Org | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In Go Doc Dot Org (gddo) through 2018-06-27, an attacker could use specially crafted <go-import> tags in packages being fetched by gddo to cause a directory traversal and remote code execution. | |||||
| CVE-2018-12939 | 1 Seeddms | 1 Seeddms | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
| A directory traversal flaw in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows an authenticated attacker to write to (or potentially delete) arbitrary files via a .. (dot dot) in the "op/op.UploadChunks.php" "qquuid" parameter. NOTE: this can be leveraged to execute arbitrary code by using CVE-2018-12940. | |||||
| CVE-2018-12909 | 1 Webgrind Project | 1 Webgrind | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| Webgrind 1.5 relies on user input to display a file, which lets anyone view files from the local filesystem (that the webserver user has access to) via an index.php?op=fileviewer&file= URI. NOTE: the vendor indicates that the product is not intended for a "publicly accessible environment. | |||||
| CVE-2018-12895 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| WordPress through 4.9.6 allows Author users to execute arbitrary code by leveraging directory traversal in the wp-admin/post.php thumb parameter, which is passed to the PHP unlink function and can delete the wp-config.php file. This is related to missing filename validation in the wp-includes/post.php wp_delete_attachment function. The attacker must have capabilities for files and posts that are normally available only to the Author, Editor, and Administrator roles. The attack methodology is to delete wp-config.php and then launch a new installation process to increase the attacker's privileges. | |||||
| CVE-2018-12631 | 1 Redatam | 1 Redatam | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Redatam7 (formerly Redatam WebServer) allows remote attackers to read arbitrary files via /redbin/rpwebutilities.exe/text?LFN=../ directory traversal. | |||||
| CVE-2018-12560 | 1 Cantata Project | 1 Cantata | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. Arbitrary unmounts can be performed by regular users via directory traversal sequences such as a home/../sys/kernel substring. | |||||
| CVE-2018-12559 | 1 Cantata Project | 1 Cantata | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. The mount target path check in mounter.cpp `mpOk()` is insufficient. A regular user can consequently mount a CIFS filesystem anywhere (e.g., outside of the /home directory tree) by passing directory traversal sequences such as a home/../usr substring. | |||||
| CVE-2018-12542 | 2 Eclipse, Microsoft | 2 Vert.x, Windows | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the StaticHandler uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '\' (forward slashes) sequences that can resolve to a location that is outside of that directory when running on Windows Operating Systems. | |||||
| CVE-2018-12530 | 1 Metinfo | 1 Metinfo | 2024-11-21 | 5.8 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in MetInfo 6.0.0. admin/app/batch/csvup.php allows remote attackers to delete arbitrary files via a flienamecsv=../ directory traversal. This can be exploited via CSRF. | |||||
| CVE-2018-12494 | 1 Publiccms | 1 Publiccms | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in PublicCMS V4.0.20180210. There is a "Directory Traversal" and "Arbitrary file read" vulnerability via an admin/cmsTemplate/content.html?path=../ URI. | |||||
| CVE-2018-12493 | 1 Publiccms | 1 Publiccms | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in PublicCMS V4.0.20180210. There is a "Directory Traversal" and "Arbitrary file read" vulnerability via an admin/cmsWebFile/list.html?path=../ URI. | |||||
| CVE-2018-12476 | 1 Suse | 3 Obs-service-tar Scm, Opensuse Factory, Suse Linux Enterprise Server | 2024-11-21 | 6.4 MEDIUM | 4.3 MEDIUM |
| Relative Path Traversal vulnerability in obs-service-tar_scm of SUSE Linux Enterprise Server 15; openSUSE Factory allows remote attackers with control over a repository to overwrite files on the machine of the local user if a malicious service is executed. This issue affects: SUSE Linux Enterprise Server 15 obs-service-tar_scm versions prior to 0.9.2.1537788075.fefaa74:. openSUSE Factory obs-service-tar_scm versions prior to 0.9.2.1537788075.fefaa74. | |||||
| CVE-2018-12473 | 1 Opensuse | 1 Open Build Service | 2024-11-21 | 5.0 MEDIUM | 3.1 LOW |
| A path traversal traversal vulnerability in obs-service-tar_scm of Open Build Service allows remote attackers to cause access files not in the current build. On the server itself this is prevented by confining the worker via KVM. Affected releases are openSUSE Open Build Service: versions prior to 70d1aa4cc4d7b940180553a63805c22fc62e2cf0. | |||||
| CVE-2018-12314 | 1 Asustor | 2 As602t, Data Master | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| Directory Traversal in downloadwallpaper.cgi in ASUSTOR ADM version 3.1.1 allows attackers to download arbitrary files by manipulating the "file" and "folder" URL parameters. | |||||
| CVE-2018-12309 | 1 Asustor | 2 As602t, Data Master | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Directory Traversal in upload.cgi in ASUSTOR ADM version 3.1.1 allows attackers to upload files to arbitrary locations by modifying the "path" URL parameter. NOTE: the "filename" POST parameter is covered by CVE-2018-11345. | |||||
| CVE-2018-12306 | 1 Asustor | 2 As602t, Data Master | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Directory Traversal in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to view arbitrary files by modifying the "file1" URL parameter, a similar issue to CVE-2018-11344. | |||||
| CVE-2018-12298 | 1 Seagate | 1 Nas Os | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Directory Traversal in filebrowser in Seagate NAS OS 4.3.15.1 allows attackers to read files within the application's container via a URL path. | |||||
| CVE-2018-12054 | 1 Schools Alert Management Script Project | 1 Schools Alert Management Script | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Arbitrary File Read exists in PHP Scripts Mall Schools Alert Management Script via the f parameter in img.php, aka absolute path traversal. | |||||
| CVE-2018-12053 | 1 Schools Alert Management Script Project | 1 Schools Alert Management Script | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
| Arbitrary File Deletion exists in PHP Scripts Mall Schools Alert Management Script via the img parameter in delete_img.php by using directory traversal. | |||||
| CVE-2018-12042 | 1 Roxyfileman | 1 Roxy Fileman | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Roxy Fileman through v1.4.5 has Directory traversal via the php/download.php f parameter. | |||||