Total
7182 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-1000532 | 1 Beep Project | 1 Beep | 2024-11-21 | 1.9 LOW | 4.7 MEDIUM |
| beep version 1.3 and up contains a External Control of File Name or Path vulnerability in --device option that can result in Local unprivileged user can inhibit execution of arbitrary programs by other users, allowing DoS. This attack appear to be exploitable via The system must allow local users to run beep. | |||||
| CVE-2018-1000406 | 1 Jenkins | 1 Jenkins | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A path traversal vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/model/FileParameterValue.java that allows attackers with Job/Configure permission to define a file parameter with a file name outside the intended directory, resulting in an arbitrary file write on the Jenkins master when scheduling a build. | |||||
| CVE-2018-1000208 | 1 Modx | 1 Modx Revolution | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
| MODX Revolution version <=2.6.4 contains a Directory Traversal vulnerability in /core/model/modx/modmanagerrequest.class.php that can result in remove files. This attack appear to be exploitable via web request via security/login processor. This vulnerability appears to have been fixed in pull 13980. | |||||
| CVE-2018-1000194 | 2 Jenkins, Oracle | 2 Jenkins, Communications Cloud Native Core Automated Test Suite | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
| A path traversal vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in FilePath.java, SoloFilePathFilter.java that allows malicious agents to read and write arbitrary files on the Jenkins master, bypassing the agent-to-master security subsystem protection. | |||||
| CVE-2018-1000175 | 1 Jenkins | 1 Html Publisher | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A path traversal vulnerability exists in Jenkins HTML Publisher Plugin 1.15 and older in HtmlPublisherTarget.java that allows attackers able to configure the HTML Publisher build step to override arbitrary files on the Jenkins master. | |||||
| CVE-2018-1000161 | 1 Nmap | 1 Nmap | 2024-11-21 | 3.5 LOW | 5.7 MEDIUM |
| nmap version 6.49BETA6 through 7.60, up to and including SVN revision 37147 contains a Directory Traversal vulnerability in NSE script http-fetch that can result in file overwrite as the user is running it. This attack appears to be exploitable via a victim that runs NSE script http-fetch against a malicious web site. This vulnerability appears to have been fixed in 7.7. | |||||
| CVE-2018-1000083 | 1 Ajenti | 1 Ajenti | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Ajenti version version 2 contains a Improper Error Handling vulnerability in Login JSON request that can result in The requisition leaks a path of the server. This attack appear to be exploitable via By sending a malformed JSON, the tool responds with a traceback error that leaks a path of the server. | |||||
| CVE-2018-1000079 | 1 Rubygems | 1 Rubygems | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in gem installation that can result in the gem could write to arbitrary filesystem locations during installation. This attack appear to be exploitable via the victim must install a malicious gem. This vulnerability appears to have been fixed in 2.7.6. | |||||
| CVE-2018-0722 | 1 Qnap | 2 Photo Station, Qts | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Path Traversal vulnerability in Photo Station versions: 5.7.2 and earlier in QTS 4.3.4, 5.4.4 and earlier in QTS 4.3.3, 5.2.8 and earlier in QTS 4.2.6 could allow remote attackers to access sensitive information on the device. | |||||
| CVE-2018-0705 | 1 Cybozu | 1 Dezie | 2024-11-21 | 7.5 HIGH | 9.1 CRITICAL |
| Directory traversal vulnerability in Cybozu Dezie 8.0.2 to 8.1.2 allows remote attackers to read arbitrary files via HTTP requests. | |||||
| CVE-2018-0704 | 1 Cybozu | 1 Office | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 allows remote attackers to delete arbitrary files via Keitai Screen. | |||||
| CVE-2018-0703 | 1 Cybozu | 1 Office | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 allows remote attackers to delete arbitrary files via HTTP requests. | |||||
| CVE-2018-0702 | 1 Cybozu | 1 Mailwise | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in Cybozu Mailwise 5.0.0 to 5.4.5 allows remote attackers to delete arbitrary files via unspecified vectors. | |||||
| CVE-2018-0693 | 1 Soliton | 1 Filezen | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in FileZen V3.0.0 to V4.2.1 allows remote attackers to upload an arbitrary file in the specific directory in FileZen via unspecified vectors. | |||||
| CVE-2018-0673 | 1 Cybozu | 1 Garoon | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
| Directory traversal vulnerability in Cybozu Garoon 3.5.0 to 4.6.3 allows authenticated attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2018-0660 | 1 Hibara | 1 Attachecase | 2024-11-21 | 4.3 MEDIUM | 3.3 LOW |
| Directory traversal vulnerability in ver.2.8.4.0 and earlier and ver.3.3.0.0 and earlier allows an attacker to create arbitrary files via specially crafted ATC file. | |||||
| CVE-2018-0659 | 1 Hibara | 1 Attachecase | 2024-11-21 | 5.8 MEDIUM | 5.5 MEDIUM |
| Directory traversal vulnerability in ver.2.8.4.0 and earlier and ver.3.3.0.0 and earlier allows an attacker to create or overwrite existing files via specially crafted ATC file. | |||||
| CVE-2018-0646 | 1 Ponsoftware | 1 Explzh | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Directory traversal vulnerability in Explzh v.7.58 and earlier allows an attacker to read arbitrary files via unspecified vectors. | |||||
| CVE-2018-0617 | 1 Chama | 1 Memocgi | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in ChamaNet MemoCGI v2.1800 to v2.2200 allows remote attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2018-0588 | 1 Ultimatemember | 1 User Profile \& Membership | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in the AJAX function of Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote attackers to read arbitrary files via unspecified vectors. | |||||