| CVE |
Vendors |
Products |
Updated |
CVSS |
| CVE-2019-3474 |
1 Microfocus |
1 Filr |
2019-02-21 |
4.0 |
| A path traversal vulnerability in the web application component of Micro Focus Filr 3.x allows a remote attacker authenticated as a low privilege user to download arbitrary files from the Filr server. This vulnerability affects all versions of... |
| CVE-2019-8943 |
1 Wordpress |
1 Wordpress |
2019-02-21 |
4.0 |
| WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An attacker (who has privileges to crop an image) can write the output image to an arbitrary directory via a filename containing two image extensions and ../ sequences, such as a... |
| CVE-2019-8412 |
1 Feifeicms |
1 Feifeicms |
2019-02-20 |
6.5 |
| FeiFeiCms 4.0.181010 on Windows allows remote attackers to read or delete arbitrary files via index.php?s=Admin-Data-Down-id-..\ or index.php?s=Admin-Data-Del-id-..\ directory traversal. |
| CVE-2019-8411 |
1 Zzcms |
1 Zzcms |
2019-02-19 |
6.4 |
| admin/dl_data.php in zzcms 2018 (2018-10-19) allows remote attackers to delete arbitrary files via action=del&filename=../ directory traversal. |
| CVE-2015-4617 |
1 Easy2map |
1 Easy2map-photos |
2019-02-19 |
5.0 |
| Vulnerability in Easy2map-photos WordPress Plugin v1.09 MapPinImageUpload.php and MapPinIconSave.php allows path traversal when specifying file names creating files outside of the upload directory. |
| CVE-2019-8407 |
1 Hongcms Project |
1 Hongcms |
2019-02-19 |
5.5 |
| HongCMS 3.0.0 allows arbitrary file read and write operations via a ../ in the filename parameter to the admin/index.php/language/edit URI. |
| CVE-2019-8903 |
|
|
2019-02-19 |
5.0 |
| index.js in Total.js Platform before 3.2.3 allows path traversal. |
| CVE-2019-8358 |
|
|
2019-02-19 |
6.8 |
| In Hiawatha before 10.8.4, a remote attacker is able to do directory traversal if AllowDotFiles is enabled. |
| CVE-2013-2565 |
1 Mambo-foundation |
1 Mambo Cms |
2019-02-19 |
5.0 |
| A vulnerability in Mambo CMS v4.6.5 where the scripts thumbs.php, editorFrame.php, editor.php, images.php, manager.php discloses the root path of the webserver. |
| CVE-2018-20437 |
|
|
2019-02-15 |
5.0 |
| ** DISPUTED ** An issue was discovered in the fileDownload function in the CommonController class in FEBS-Shiro before 2018-11-05. An attacker can download a file via a request of the form /common/download?filename=1.jsp&delete=false. NOTE: the... |
| CVE-2019-1000008 |
|
|
2019-02-15 |
4.3 |
| All versions of Helm between Helm >=2.0.0 and < 2.12.2 contains a CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The commands `helm fetch --untar` and `helm lint some.tgz` that can result... |
| CVE-2018-18593 |
1 Hp |
1 Ucmdb Configuration Manager |
2019-02-15 |
5.0 |
| Remote Directory Traversal and Remote Disclosure of Privileged Information in UCMDB Configuration Management Service, version 10.22, 10.22 CUP1, 10.22 CUP2, 10.22 CUP3, 10.22 CUP4, 10.22 CUP5, 10.22 CUP6, 10.22 CUP7, 10.33, 10.33 CUP1, 10.33... |
| CVE-2019-5910 |
1 Housegate |
1 House Gate |
2019-02-14 |
5.0 |
| Directory traversal vulnerability in HOUSE GATE App for iOS 1.7.8 and earlier allows remote attackers to read arbitrary files via unspecified vectors. |
| CVE-2018-1002204 |
|
|
2019-02-14 |
4.3 |
| adm-zip npm library before 0.4.9 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'. |
| CVE-2018-1000997 |
1 Jenkins |
1 Jenkins |
2019-02-14 |
4.0 |
| A path traversal vulnerability exists in the Stapler web framework used by Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/org/kohsuke/stapler/Facet.java,... |
| CVE-2018-13812 |
1 Siemens |
12 Simatic Wincc %28tia Portal%29, Simatic Wincc Runtime, Simatic Hmi Comfort Outdoor Panels Firmware and 9 more |
2019-02-14 |
5.0 |
| A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15 Update 4), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V15 Update 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900... |
| CVE-2018-0722 |
1 Qnap |
1 Photo Station |
2019-02-12 |
5.0 |
| Path Traversal vulnerability in Photo Station versions: 5.7.2 and earlier in QTS 4.3.4, 5.4.4 and earlier in QTS 4.3.3, 5.2.8 and earlier in QTS 4.2.6 could allow remote attackers to access sensitive information on the device. |
| CVE-2019-7678 |
|
|
2019-02-12 |
7.5 |
| A directory traversal vulnerability was discovered in Enphase Envoy R3.*.* via images/, include/, include/js, or include/css on TCP port 8888. |
| CVE-2015-2971 |
1 Seeds |
1 Acmailer |
2019-02-11 |
5.5 |
| Directory traversal vulnerability in Seeds acmailer before 3.8.18 and 3.9.x before 3.9.12 Beta allows remote authenticated users to delete arbitrary files via a crafted string. |
| CVE-2019-6500 |
1 Axway |
1 File Tranfer Direct |
2019-02-08 |
5.0 |
| In Axway File Transfer Direct 2.7.1, an unauthenticated Directory Traversal vulnerability can be exploited by issuing a specially crafted HTTP GET request with %2e instead of '.' characters, as demonstrated by an initial... |
