| CVE |
Vendors |
Products |
Updated |
CVSS |
| CVE-2019-16278 |
1 Nazgul |
1 Nostromo Nhttpd |
2019-10-16 |
7.5 |
| Directory Traversal in the function http_verify in nostromo nhttpd through 1.9.6 allows an attacker to achieve remote code execution via a crafted HTTP request. |
| CVE-2019-16279 |
1 Nazgul |
1 Nostromo Nhttpd |
2019-10-16 |
5.0 |
| Directory Traversal in the function SSL_accept in nostromo nhttpd through 1.9.6 allows an attacker to trigger a denial of service via a crafted HTTP request. |
| CVE-2019-17180 |
1 Valvesoftware |
1 Steam Client |
2019-10-15 |
7.2 |
| Valve Steam Client before 2019-09-12 allows placing or appending partially controlled filesystem content, as demonstrated by file modifications on Windows in the context of NT AUTHORITY\SYSTEM. This could lead to denial of service, elevation of... |
| CVE-2015-9463 |
1 S3bubble |
1 S3bubble-amazon-s3-audio-streaming |
2019-10-15 |
5.0 |
| The s3bubble-amazon-s3-audio-streaming plugin 2.0 for WordPress has directory traversal via the adverts/assets/plugins/ultimate/content/downloader.php path parameter. |
| CVE-2015-9464 |
1 S3bubble |
1 S3bubble-amazon-s3-html-5-video-with-adverts |
2019-10-15 |
5.0 |
| The s3bubble-amazon-s3-html-5-video-with-adverts plugin 0.7 for WordPress has directory traversal via the adverts/assets/plugins/ultimate/content/downloader.php path parameter. |
| CVE-2015-9473 |
1 Estrutura-basica Project |
1 Estrutura-basica |
2019-10-15 |
5.0 |
| The estrutura-basica theme through 2015-09-13 for WordPress has directory traversal via the scripts/download.php arquivo parameter. |
| CVE-2018-16202 |
1 Ionicframework |
2 Cordova-plugin-ionic-webview, Ionic Web View |
2019-10-15 |
5.0 |
| Directory traversal vulnerability in cordova-plugin-ionic-webview versions prior to 2.2.0 (not including 2.0.0-beta.0, 2.0.0-beta.1, 2.0.0-beta.2, and 2.1.0-0) allows remote attackers to access arbitrary files via unspecified vectors. |
| CVE-2015-9480 |
1 Robot-cpa |
1 Robotcpa |
2019-10-15 |
5.0 |
| The RobotCPA plugin 5 for WordPress has directory traversal via the f.php l parameter. |
| CVE-2019-17187 |
1 Fiberhome |
1 Hg2201t Firmware |
2019-10-11 |
5.0 |
| /var/WEB-GUI/cgi-bin/downloadfile.cgi on FiberHome HG2201T 1.00.M5007_JS_201804 devices allows pre-authentication Directory Traversal for reading arbitrary files. |
| CVE-2019-17399 |
|
|
2019-10-11 |
7.5 |
| The Shack Forms Pro extension before 4.0.32 for Joomla! allows path traversal via a file attachment. |
| CVE-2019-17109 |
1 Koji Project |
1 Koji |
2019-10-11 |
4.0 |
| Koji through 1.18.0 allows remote Directory Traversal, with resultant Privilege Escalation. |
| CVE-2019-17199 |
1 Webpagetest |
1 Webpagetest |
2019-10-10 |
5.0 |
| www/getfile.php in WPO WebPageTest 19.04 on Windows allows Directory Traversal (for reading arbitrary files) because of an unanchored regular expression, as demonstrated by the a.jpg\.. substring. |
| CVE-2019-12691 |
1 Cisco |
1 Firepower Management Center |
2019-10-10 |
4.0 |
| A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to perform a directory traversal attack on an affected device. The vulnerability is due to... |
| CVE-2009-5093 |
1 Php4scripte |
1 Gastebuch |
2019-10-10 |
5.0 |
| Directory traversal vulnerability in gastbuch.php in G?stebuch (Gastebuch) 1.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the start parameter. |
| CVE-2019-9922 |
1 Harmistechnology |
1 Je Messenger |
2019-10-09 |
N/A |
| An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. Directory Traversal allows read access to arbitrary files. |
| CVE-2019-7227 |
|
|
2019-10-09 |
4.1 |
| In the ABB IDAL FTP server, an authenticated attacker can traverse to arbitrary directories on the hard disk with "CWD ../" and then use the FTP server functionality to download and upload files. An unauthenticated attacker can take advantage of... |
| CVE-2019-6754 |
1 Foxitsoftware |
2 Foxit Reader, Phantompdf |
2019-10-09 |
6.8 |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.3.10826. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a... |
| CVE-2019-5624 |
1 Rapid7 |
1 Metasploit |
2019-10-09 |
6.5 |
| Rapid7 Metasploit Framework suffers from an instance of CWE-22, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in the Zip import function of Metasploit. Exploiting this vulnerability can allow an attacker to... |
| CVE-2019-5484 |
1 Bower |
1 Bower |
2019-10-09 |
5.0 |
| Bower before 1.8.8 has a path traversal vulnerability permitting file write in arbitrary locations via install command, which allows attackers to write arbitrary files when a malicious package is extracted. |
| CVE-2019-5480 |
1 Statichttpserver Project |
1 Statichttpserver |
2019-10-09 |
5.0 |
| A path traversal vulnerability in <= v0.9.7 of statichttpserver npm module allows attackers to list files in arbitrary folders. |
