Total
7129 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-13195 | 1 Kyocera | 2 Ecosys M5526cdw, Ecosys M5526cdw Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The web application of some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) was vulnerable to path traversal, allowing an unauthenticated user to retrieve arbitrary files, or check if files or folders existed within the file system. | |||||
| CVE-2019-13157 | 1 Naver | 1 Vaccine | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
| nsGreen.dll in Naver Vaccine 2.1.4 allows remote attackers to overwrite arbitary files via directory traversal sequences in a filename within nsz archive. | |||||
| CVE-2019-13063 | 1 Sahipro | 1 Sahi Pro | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Within Sahi Pro 8.0.0, an attacker can send a specially crafted URL to include any victim files on the system via the script parameter on the Script_view page. This will result in file disclosure (i.e., being able to pull any file from the remote victim application). This can be used to steal and obtain sensitive config and other files. This can result in complete compromise of the application. The script parameter is vulnerable to directory traversal and both local and remote file inclusion. | |||||
| CVE-2019-12990 | 1 Citrix | 2 Netscaler Sd-wan, Sd-wan | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow Directory Traversal. | |||||
| CVE-2019-12925 | 1 Mailenable | 1 Mailenable | 2024-11-21 | 6.5 MEDIUM | 8.1 HIGH |
| MailEnable Enterprise Premium 10.23 was vulnerable to multiple directory traversal issues, with which authenticated users could add, remove, or potentially read files in arbitrary folders accessible by the IIS user. This could lead to reading other users' credentials including those of SYSADMIN accounts, reading other users' emails, or adding emails or files to other users' accounts. | |||||
| CVE-2019-12901 | 1 Pydio | 1 Cells | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Pydio Cells before 1.5.0 fails to neutralize '../' elements, allowing an attacker with minimum privilege to Upload files to, and Delete files/folders from, an unprivileged directory, leading to Privilege escalation. | |||||
| CVE-2019-12791 | 1 Vestacp | 1 Control Panel | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| A directory traversal vulnerability in the v-list-user script in Vesta Control Panel 0.9.8-24 allows remote attackers to escalate from regular registered users to root via the password reset form. | |||||
| CVE-2019-12704 | 1 Cisco | 4 Spa112, Spa112 Firmware, Spa122 and 1 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to view the contents of arbitrary files on an affected device. The vulnerability is due to improper input validation in the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to retrieve the contents of arbitrary files on the device, possibly resulting in the disclosure of sensitive information. | |||||
| CVE-2019-12666 | 1 Cisco | 1 Ios Xe | 2024-11-21 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in the Guest Shell of Cisco IOS XE Software could allow an authenticated, local attacker to perform directory traversal on the base Linux operating system of Cisco IOS XE Software. The vulnerability is due to incomplete validation of certain commands. An attacker could exploit this vulnerability by first accessing the Guest Shell and then entering specific commands. A successful exploit could allow the attacker to execute arbitrary code on the base Linux operating system. | |||||
| CVE-2019-12593 | 1 Icewarp | 1 Mail Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| IceWarp Mail Server through 10.4.4 is prone to a local file inclusion vulnerability via webmail/calendar/minimizer/index.php?style=..%5c directory traversal. | |||||
| CVE-2019-12479 | 1 Twentytwenty.storage Project | 1 Twentytwenty.storage | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in 20|20 Storage 2.11.0. A Path Traversal vulnerability in the TwentyTwenty.Storage library in the LocalStorageProvider allows creating and reading files outside of the specified basepath. If the application using this library does not sanitize user-supplied filenames, then this issue may be exploited to read or write arbitrary files. This affects LocalStorageProvider.cs. | |||||
| CVE-2019-12477 | 1 Supra | 2 Stv-lc40lt0020f, Stv-lc40lt0020f Firmware | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Supra Smart Cloud TV allows remote file inclusion in the openLiveURL function, which allows a local attacker to broadcast fake video without any authentication via a /remote/media_control?action=setUri&uri= URI. | |||||
| CVE-2019-12464 | 1 Librenms | 1 Librenms | 2024-11-21 | 6.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in LibreNMS 1.50.1. An authenticated user can perform a directory traversal attack against the /pdf.php file with a partial filename in the report parameter, to cause local file inclusion resulting in code execution. | |||||
| CVE-2019-12459 | 1 Afian | 1 Filerun | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| FileRun 2019.05.21 allows customizables/plugins/audio_player Directory Listing. This issue has been fixed in FileRun 2019.06.01. | |||||
| CVE-2019-12458 | 1 Afian | 1 Filerun | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| FileRun 2019.05.21 allows css/ext-ux Directory Listing. This issue has been fixed in FileRun 2019.06.01. | |||||
| CVE-2019-12457 | 1 Afian | 1 Filerun | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| FileRun 2019.05.21 allows images/extjs Directory Listing. This issue has been fixed in FileRun 2019.06.01. | |||||
| CVE-2019-12314 | 1 Deltek | 1 Maconomy | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Deltek Maconomy 2.2.5 is prone to local file inclusion via absolute path traversal in the WS.macx1.W_MCS/ PATH_INFO, as demonstrated by a cgi-bin/Maconomy/MaconomyWS.macx1.W_MCS/etc/passwd URI. | |||||
| CVE-2019-12310 | 1 Exagrid | 2 Backup Appliance, Backup Appliance Firmware | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| ExaGrid appliances with firmware version v4.8.1.1044.P50 have a /monitor/data/Upgrade/ directory traversal vulnerability, which allows remote attackers to view and retrieve verbose logging information. Files within this directory were observed to contain sensitive run-time information, including Base64 encoded 'support' credentials, leading to administrative access of the device. | |||||
| CVE-2019-12309 | 1 Dotcms | 1 Dotcms | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| dotCMS before 5.1.0 has a path traversal vulnerability exploitable by an administrator to create files. The vulnerability is caused by the insecure extraction of a ZIP archive. | |||||
| CVE-2019-12277 | 1 Blogifier | 1 Blogifier | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Blogifier 2.3 before 2019-05-11 does not properly restrict APIs, as demonstrated by missing checks for .. in a pathname. | |||||