Total
7119 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-16283 | 1 Wechat Brodcast Project | 1 Wechat Brodcast | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Wechat Broadcast plugin 1.2.0 and earlier for WordPress allows Directory Traversal via the Image.php url parameter. | |||||
| CVE-2018-16237 | 1 Damicms | 1 Damicms | 2024-11-21 | 4.0 MEDIUM | 2.7 LOW |
| An issue was discovered in damiCMS V6.0.1. There is Directory Traversal via '|' characters in the s parameter to admin.php, as demonstrated by an admin.php?s=Tpl/Add/id/c:|windows|win.ini URI. | |||||
| CVE-2018-16221 | 1 Yealink | 2 Ultra-elegant Ip Phone Sip-t41p, Ultra-elegant Ip Phone Sip-t41p Firmware | 2024-11-21 | 7.7 HIGH | 8.0 HIGH |
| The diagnostics web interface in the Yeahlink Ultra-elegant IP Phone SIP-T41P (firmware 66.83.0.35) does not validate (escape) the path information (path traversal), which allows an authenticated remote attacker to get access to privileged information (e.g., /etc/passwd) via path traversal (relative path information in the file parameter of the corresponding POST request). | |||||
| CVE-2018-16202 | 1 Ionicframework | 1 Ionic Web View | 2024-11-21 | 5.0 MEDIUM | 8.6 HIGH |
| Directory traversal vulnerability in cordova-plugin-ionic-webview versions prior to 2.2.0 (not including 2.0.0-beta.0, 2.0.0-beta.1, 2.0.0-beta.2, and 2.1.0-0) allows remote attackers to access arbitrary files via unspecified vectors. | |||||
| CVE-2018-16171 | 2 Cybozu, Microsoft | 2 Remote Service Manager, Windows | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Directory traversal vulnerability in Cybozu Remote Service 3.0.0 to 3.1.8 allows remote attackers to execute Java code file on the server via unspecified vectors. | |||||
| CVE-2018-16170 | 2 Cybozu, Microsoft | 2 Remote Service Manager, Windows | 2024-11-21 | 6.5 MEDIUM | 8.1 HIGH |
| Directory traversal vulnerability in Cybozu Remote Service 3.0.0 to 3.1.8 for Windows allows remote authenticated attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2018-16141 | 1 Thinkcmf | 1 Thinkcmfx | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
| ThinkCMF X2.2.3 has an arbitrary file deletion vulnerability in do_avatar in \application\User\Controller\ProfileController.class.php via an imgurl parameter with a ..\ sequence. A member user can delete any file on a Windows server. | |||||
| CVE-2018-16133 | 1 Cybrotech | 1 Cybrohttpserver | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Cybrotech CyBroHttpServer 1.0.3 allows Directory Traversal via a ../ in the URI. | |||||
| CVE-2018-16059 | 1 Endress | 2 Wirelesshart Fieldgate Swg70, Wirelesshart Fieldgate Swg70 Firmware | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Endress+Hauser WirelessHART Fieldgate SWG70 3.x devices allow Directory Traversal via the fcgi-bin/wgsetcgi filename parameter. | |||||
| CVE-2018-15810 | 1 Visiology | 1 Flipbox | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Visiology Flipbox Software Suite before 2.7.0 allows directory traversal via %5c%2e%2e%2f because it does not sanitize filename parameters. | |||||
| CVE-2018-15782 | 1 Rsa | 1 Authentication Manager | 2024-11-21 | 7.2 HIGH | 7.7 HIGH |
| The Quick Setup component of RSA Authentication Manager versions prior to 8.4 is vulnerable to a relative path traversal vulnerability. A local attacker could potentially provide an administrator with a crafted license that if used during the quick setup deployment of the initial RSA Authentication Manager system, could allow the attacker unauthorized access to that system. | |||||
| CVE-2018-15750 | 1 Saltstack | 1 Salt | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Directory Traversal vulnerability in salt-api in SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allows remote attackers to determine which files exist on the server. | |||||
| CVE-2018-15745 | 1 Argussurveillance | 1 Dvr | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Argus Surveillance DVR 4.0.0.0 devices allow Unauthenticated Directory Traversal, leading to File Disclosure via a ..%2F in the WEBACCOUNT.CGI RESULTPAGE parameter. | |||||
| CVE-2018-15706 | 1 Advantech | 1 Webaccess | 2024-11-21 | 6.8 MEDIUM | 6.5 MEDIUM |
| WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to read any file on the filesystem due to a directory traversal vulnerability in the readFile API. | |||||
| CVE-2018-15705 | 1 Advantech | 1 Webaccess | 2024-11-21 | 8.5 HIGH | 6.5 MEDIUM |
| WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to write or overwrite any file on the filesystem due to a directory traversal vulnerability in the writeFile API. An attacker can use this vulnerability to remotely execute arbitrary code. | |||||
| CVE-2018-15695 | 1 Asustor | 1 Data Master | 2024-11-21 | 8.5 HIGH | 6.5 MEDIUM |
| ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to delete any file on the file system due to a path traversal vulnerability in wallpaper.cgi. | |||||
| CVE-2018-15694 | 1 Asustor | 1 Data Master | 2024-11-21 | 6.0 MEDIUM | 7.5 HIGH |
| ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to upload files to arbitrary locations due to a path traversal vulnerability. This could lead to code execution if the "Web Server" feature is enabled. | |||||
| CVE-2018-15610 | 1 Avaya | 1 Ip Office | 2024-11-21 | 9.0 HIGH | 7.3 HIGH |
| A vulnerability in the one-X Portal component of Avaya IP Office allows an authenticated attacker to read and delete arbitrary files on the system. Affected versions of Avaya IP Office include 9.1 through 9.1 SP12, 10.0 through 10.0 SP7, and 10.1 through 10.1 SP2. | |||||
| CVE-2018-15540 | 1 Agentejo | 1 Cockpit | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Agentejo Cockpit performs actions on files without appropriate validation and therefore allows an attacker to traverse the file system to unintended locations and/or access arbitrary files, aka /media/api Directory Traversal. | |||||
| CVE-2018-15536 | 1 Tecrail | 1 Responsive Filemanager | 2024-11-21 | 5.8 MEDIUM | 5.5 MEDIUM |
| /filemanager/ajax_calls.php in tecrail Responsive FileManager before 9.13.4 does not properly validate file paths in archives, allowing for the extraction of crafted archives to overwrite arbitrary files via an extract action, aka Directory Traversal. | |||||