Vulnerabilities (CVE)

CWE filter

CWE-22

Filter

3050 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-16278 1 Nazgul 1 Nostromo Nhttpd 2019-10-16 7.5
Directory Traversal in the function http_verify in nostromo nhttpd through 1.9.6 allows an attacker to achieve remote code execution via a crafted HTTP request.
CVE-2019-16279 1 Nazgul 1 Nostromo Nhttpd 2019-10-16 5.0
Directory Traversal in the function SSL_accept in nostromo nhttpd through 1.9.6 allows an attacker to trigger a denial of service via a crafted HTTP request.
CVE-2019-17180 1 Valvesoftware 1 Steam Client 2019-10-15 7.2
Valve Steam Client before 2019-09-12 allows placing or appending partially controlled filesystem content, as demonstrated by file modifications on Windows in the context of NT AUTHORITY\SYSTEM. This could lead to denial of service, elevation of...
CVE-2015-9463 1 S3bubble 1 S3bubble-amazon-s3-audio-streaming 2019-10-15 5.0
The s3bubble-amazon-s3-audio-streaming plugin 2.0 for WordPress has directory traversal via the adverts/assets/plugins/ultimate/content/downloader.php path parameter.
CVE-2015-9464 1 S3bubble 1 S3bubble-amazon-s3-html-5-video-with-adverts 2019-10-15 5.0
The s3bubble-amazon-s3-html-5-video-with-adverts plugin 0.7 for WordPress has directory traversal via the adverts/assets/plugins/ultimate/content/downloader.php path parameter.
CVE-2015-9473 1 Estrutura-basica Project 1 Estrutura-basica 2019-10-15 5.0
The estrutura-basica theme through 2015-09-13 for WordPress has directory traversal via the scripts/download.php arquivo parameter.
CVE-2018-16202 1 Ionicframework 2 Cordova-plugin-ionic-webview, Ionic Web View 2019-10-15 5.0
Directory traversal vulnerability in cordova-plugin-ionic-webview versions prior to 2.2.0 (not including 2.0.0-beta.0, 2.0.0-beta.1, 2.0.0-beta.2, and 2.1.0-0) allows remote attackers to access arbitrary files via unspecified vectors.
CVE-2015-9480 1 Robot-cpa 1 Robotcpa 2019-10-15 5.0
The RobotCPA plugin 5 for WordPress has directory traversal via the f.php l parameter.
CVE-2019-17187 1 Fiberhome 1 Hg2201t Firmware 2019-10-11 5.0
/var/WEB-GUI/cgi-bin/downloadfile.cgi on FiberHome HG2201T 1.00.M5007_JS_201804 devices allows pre-authentication Directory Traversal for reading arbitrary files.
CVE-2019-17399 2019-10-11 7.5
The Shack Forms Pro extension before 4.0.32 for Joomla! allows path traversal via a file attachment.
CVE-2019-17109 1 Koji Project 1 Koji 2019-10-11 4.0
Koji through 1.18.0 allows remote Directory Traversal, with resultant Privilege Escalation.
CVE-2019-17199 1 Webpagetest 1 Webpagetest 2019-10-10 5.0
www/getfile.php in WPO WebPageTest 19.04 on Windows allows Directory Traversal (for reading arbitrary files) because of an unanchored regular expression, as demonstrated by the a.jpg\.. substring.
CVE-2019-12691 1 Cisco 1 Firepower Management Center 2019-10-10 4.0
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to perform a directory traversal attack on an affected device. The vulnerability is due to...
CVE-2009-5093 1 Php4scripte 1 Gastebuch 2019-10-10 5.0
Directory traversal vulnerability in gastbuch.php in G?stebuch (Gastebuch) 1.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the start parameter.
CVE-2019-9922 1 Harmistechnology 1 Je Messenger 2019-10-09 N/A
An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. Directory Traversal allows read access to arbitrary files.
CVE-2019-7227 2019-10-09 4.1
In the ABB IDAL FTP server, an authenticated attacker can traverse to arbitrary directories on the hard disk with "CWD ../" and then use the FTP server functionality to download and upload files. An unauthenticated attacker can take advantage of...
CVE-2019-6754 1 Foxitsoftware 2 Foxit Reader, Phantompdf 2019-10-09 6.8
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.3.10826. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...
CVE-2019-5624 1 Rapid7 1 Metasploit 2019-10-09 6.5
Rapid7 Metasploit Framework suffers from an instance of CWE-22, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in the Zip import function of Metasploit. Exploiting this vulnerability can allow an attacker to...
CVE-2019-5484 1 Bower 1 Bower 2019-10-09 5.0
Bower before 1.8.8 has a path traversal vulnerability permitting file write in arbitrary locations via install command, which allows attackers to write arbitrary files when a malicious package is extracted.
CVE-2019-5480 1 Statichttpserver Project 1 Statichttpserver 2019-10-09 5.0
A path traversal vulnerability in <= v0.9.7 of statichttpserver npm module allows attackers to list files in arbitrary folders.