| CVE |
Vendors |
Products |
Updated |
CVSS |
| CVE-2019-17187 |
1 Fiberhome |
1 Hg2201t Firmware |
2019-10-11 |
5.0 |
| /var/WEB-GUI/cgi-bin/downloadfile.cgi on FiberHome HG2201T 1.00.M5007_JS_201804 devices allows pre-authentication Directory Traversal for reading arbitrary files. |
| CVE-2019-17399 |
|
|
2019-10-11 |
7.5 |
| The Shack Forms Pro extension before 4.0.32 for Joomla! allows path traversal via a file attachment. |
| CVE-2019-17109 |
1 Koji Project |
1 Koji |
2019-10-11 |
4.0 |
| Koji through 1.18.0 allows remote Directory Traversal, with resultant Privilege Escalation. |
| CVE-2019-17199 |
1 Webpagetest |
1 Webpagetest |
2019-10-10 |
5.0 |
| www/getfile.php in WPO WebPageTest 19.04 on Windows allows Directory Traversal (for reading arbitrary files) because of an unanchored regular expression, as demonstrated by the a.jpg\.. substring. |
| CVE-2019-12691 |
1 Cisco |
1 Firepower Management Center |
2019-10-10 |
4.0 |
| A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to perform a directory traversal attack on an affected device. The vulnerability is due to... |
| CVE-2009-5093 |
1 Php4scripte |
1 Gastebuch |
2019-10-10 |
5.0 |
| Directory traversal vulnerability in gastbuch.php in G?stebuch (Gastebuch) 1.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the start parameter. |
| CVE-2019-9922 |
1 Harmistechnology |
1 Je Messenger |
2019-10-09 |
N/A |
| An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. Directory Traversal allows read access to arbitrary files. |
| CVE-2019-7227 |
|
|
2019-10-09 |
4.1 |
| In the ABB IDAL FTP server, an authenticated attacker can traverse to arbitrary directories on the hard disk with "CWD ../" and then use the FTP server functionality to download and upload files. An unauthenticated attacker can take advantage of... |
| CVE-2019-6754 |
1 Foxitsoftware |
2 Foxit Reader, Phantompdf |
2019-10-09 |
6.8 |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.3.10826. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a... |
| CVE-2019-5624 |
1 Rapid7 |
1 Metasploit |
2019-10-09 |
6.5 |
| Rapid7 Metasploit Framework suffers from an instance of CWE-22, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in the Zip import function of Metasploit. Exploiting this vulnerability can allow an attacker to... |
| CVE-2019-5484 |
1 Bower |
1 Bower |
2019-10-09 |
5.0 |
| Bower before 1.8.8 has a path traversal vulnerability permitting file write in arbitrary locations via install command, which allows attackers to write arbitrary files when a malicious package is extracted. |
| CVE-2019-5480 |
1 Statichttpserver Project |
1 Statichttpserver |
2019-10-09 |
5.0 |
| A path traversal vulnerability in <= v0.9.7 of statichttpserver npm module allows attackers to list files in arbitrary folders. |
| CVE-2019-5447 |
2 Rejetto, Http-file-server Project |
2 Http-file-server, Http-file-server |
2019-10-09 |
5.0 |
| A path traversal vulnerability in <= v0.2.6 of http-file-server npm module allows attackers to list files in arbitrary folders. |
| CVE-2019-5444 |
1 Serve-here.js Project |
1 Serve-here.js |
2019-10-09 |
5.0 |
| Path traversal vulnerability in version up to v1.1.3 in serve-here.js npm module allows attackers to list any file in arbitrary folder. |
| CVE-2019-5438 |
1 Harpjs |
1 Harp |
2019-10-09 |
5.0 |
| Path traversal using symlink in npm harp module versions <= 0.29.0. |
| CVE-2019-5423 |
1 Http-live-simulator Project |
1 Http-live-simulator |
2019-10-09 |
N/A |
| Path traversal vulnerability in http-live-simulator npm package version 1.0.5 allows arbitrary path to be accessed on the file system by a remote attacker. |
| CVE-2019-5416 |
1 Localhost-now Project |
1 Localhost-now |
2019-10-09 |
5.0 |
| A path traversal vulnerability in localhost-now npm package version 1.0.2 allows the attackers to read content of arbitrary files on the remote server. |
| CVE-2019-4460 |
1 Ibm |
1 Api Connect |
2019-10-09 |
5.0 |
| IBM API Connect 5.0.0.0 through 5.0.8.6 developer portal could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on... |
| CVE-2019-4442 |
1 Ibm |
1 Websphere Application Server |
2019-10-09 |
4.0 |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9,0 could allow a remote attacker to traverse directories on the file system. An attacker could send a specially-crafted URL request to view arbitrary files on the system but not content. IBM... |
| CVE-2019-4430 |
1 Ibm |
1 Maximo Asset Management |
2019-10-09 |
5.0 |
| IBM Maximo Asset Management 7.6 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force... |
