Total
7129 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-0074 | 1 Juniper | 6 Ex9200, Junos, Nfx150 and 3 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| A path traversal vulnerability in NFX150 Series and QFX10K Series, EX9200 Series, MX Series and PTX Series devices with Next-Generation Routing Engine (NG-RE) allows a local authenticated user to read sensitive system files. This issue only affects NFX150 Series and QFX10K Series, EX9200 Series, MX Series and PTX Series with Next-Generation Routing Engine (NG-RE) which uses vmhost. This issue affects Juniper Networks Junos OS on NFX150 Series and QFX10K, EX9200 Series, MX Series and PTX Series with NG-RE and vmhost: 15.1F versions prior to 15.1F6-S12 16.1 versions starting from 16.1R6 and later releases, including the Service Releases, prior to 16.1R6-S6, 16.1R7-S3; 17.1 versions prior to 17.1R3; 17.2 versions starting from 17.2R1-S3, 17.2R3 and later releases, including the Service Releases, prior to 17.2R3-S1; 17.3 versions starting from 17.3R1-S1, 17.3R2 and later releases, including the Service Releases, prior to 17.3R3-S3; 17.4 versions starting from 17.4R1 and later releases, including the Service Releases, prior to 17.4R1-S6, 17.4R2-S2, 17.4R3; 18.1 versions prior to 18.1R2-S4, 18.1R3-S3; 18.2 versions prior to 18.2R2; 18.2X75 versions prior to 18.2X75-D40; 18.3 versions prior to 18.3R1-S2, 18.3R2; 18.4 versions prior to 18.4R1-S1, 18.4R2. This issue does not affect: Juniper Networks Junos OS 15.1 and 16.2. | |||||
| CVE-2018-9921 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| In CMS Made Simple 2.2.7, a Directory Traversal issue makes it possible to determine the existence of files and directories outside the web-site installation directory, and determine whether a file has contents matching a specified checksum. The attack uses an admin/checksum.php?__c= request. | |||||
| CVE-2018-9851 | 1 Gxlcms | 1 Gxlcms Qy | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\TplAction.class.php allows remote attackers to read any file via a modified pathname in an Admin-Tpl request, as demonstrated by use of '|' instead of '/' as a directory separator, in conjunction with a ".." sequence. | |||||
| CVE-2018-9850 | 1 Gxlcms | 1 Gxlcms Qy | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
| In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\DataAction.class.php allows remote attackers to delete any file via directory traversal sequences in the id parameter of an Admin-Data-del request. | |||||
| CVE-2018-9459 | 1 Google | 1 Android | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| In Attachment of Attachment.java and getFilePath of EmlAttachmentProvider.java, there is a possible Elevation of Privilege due to a path traversal error. This could lead to a remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-66230183. | |||||
| CVE-2018-9445 | 1 Google | 1 Android | 2024-11-21 | 7.2 HIGH | 6.8 MEDIUM |
| In readMetadata of Utils.cpp, there is a possible path traversal bug due to a confused deputy. This could lead to local escalation of privilege when mounting a USB device with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-80436257. | |||||
| CVE-2018-9331 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
| An issue was discovered in zzcms 8.2. user/adv.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter. This can be leveraged for database access by deleting install.lock. | |||||
| CVE-2018-9205 | 1 Drupal | 1 Avatar Uploader | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Vulnerability in avatar_uploader v7.x-1.0-beta8 , The code in view.php doesn't verify users or sanitize the file path. | |||||
| CVE-2018-9159 | 1 Sparkjava | 1 Spark | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Spark before 2.7.2, a remote attacker can read unintended static files via various representations of absolute or relative pathnames, as demonstrated by file: URLs and directory traversal sequences. NOTE: this product is unrelated to Ignite Realtime Spark. | |||||
| CVE-2018-9118 | 1 99robots | 1 Wp Background Takeover Advertisements | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| exports/download.php in the 99 Robots WP Background Takeover Advertisements plugin before 4.1.5 for WordPress has Directory Traversal via a .. in the filename parameter. | |||||
| CVE-2018-9117 | 1 Wiremock | 1 Wiremock | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| WireMock before 2.16.0 contains a vulnerability that allows a remote unauthenticated attacker to access local files beyond the application directory via a specially crafted XML request, aka Directory Traversal. | |||||
| CVE-2018-9110 | 1 Std42 | 1 Elfinder | 2024-11-21 | 7.5 HIGH | 9.1 CRITICAL |
| Studio 42 elFinder before 2.1.37 has a directory traversal vulnerability in elFinder.class.php with the zipdl() function that can allow a remote attacker to download files accessible by the web server process and delete files owned by the account running the web server process. NOTE: this issue exists because of an incomplete fix for CVE-2018-9109. | |||||
| CVE-2018-9109 | 1 Std42 | 1 Elfinder | 2024-11-21 | 7.5 HIGH | 9.1 CRITICAL |
| Studio 42 elFinder before 2.1.36 has a directory traversal vulnerability in elFinder.class.php with the zipdl() function that can allow a remote attacker to download files accessible by the web server process and delete files owned by the account running the web server process. | |||||
| CVE-2018-9074 | 1 Lenovo | 22 Iomega Ez Media \& Backup Center, Iomega Storcenter Ix2, Iomega Storcenter Ix2-dl and 19 more | 2024-11-21 | 6.8 MEDIUM | 6.5 MEDIUM |
| For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file upload functionality of the Content Explorer application is vulnerable to path traversal. As a result, users can upload files anywhere on the device's operating system as the root user. | |||||
| CVE-2018-9038 | 1 Monstra | 1 Monstra | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
| Monstra CMS 3.0.4 allows remote attackers to delete files via an admin/index.php?id=filesmanager&delete_dir=./&path=uploads/ request. | |||||
| CVE-2018-9010 | 1 Intelbras | 4 Tip200, Tip200 Firmware, Tip200lite and 1 more | 2024-11-21 | 4.0 MEDIUM | 7.2 HIGH |
| Intelbras TELEFONE IP TIP200/200 LITE 60.0.75.29 devices allow remote authenticated admins to read arbitrary files via the /cgi-bin/cgiServer.exx page parameter, aka absolute path traversal. In some cases, authentication can be achieved via the admin account with its default admin password. | |||||
| CVE-2018-8969 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
| An issue was discovered in zzcms 8.2. user/licence_save.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock. | |||||
| CVE-2018-8968 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
| An issue was discovered in zzcms 8.2. user/manage.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg or oldflv parameter in an action=modify request. This can be leveraged for database access by deleting install.lock. | |||||
| CVE-2018-8965 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
| An issue was discovered in zzcms 8.2. user/ppsave.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock. | |||||
| CVE-2018-8909 | 1 Wire | 1 Wire | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The Wire application before 2018-03-07 for Android allows attackers to write to pathnames outside of the downloads directory via a ../ in a filename of a received file, related to AssetService.scala. | |||||