Vulnerabilities (CVE)

CWE filter

CWE-22

Filter

2624 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-15745 1 Argussurveillance 1 Dvr 2018-12-07 5.0
Argus Surveillance DVR 4.0.0.0 devices allow Unauthenticated Directory Traversal, leading to File Disclosure via a ..%2F in the WEBACCOUNT.CGI RESULTPAGE parameter.
CVE-2018-13982 1 Smarty 1 Smarty 2018-12-07 5.0
Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the executed template code to bypass the trusted...
CVE-2018-18552 1 Serverscheck 1 Monitoring Software 2018-12-06 5.0
ServersCheck Monitoring Software through 14.3.3 allows local users to cause a denial of service (menu functionality loss) by creating an LNK file that points to a second LNK file, if this second LNK file is associated with a Start menu....
CVE-2012-6324 1 Vmware 1 Vcenter Server Appliance 2018-12-06 4.0
Directory traversal vulnerability in VMware vCenter Server Appliance (vCSA) 5.0 before Update 2 and 5.1 before Patch 1 allows remote authenticated users to read arbitrary files via unspecified vectors.
CVE-2016-10733 1 Projectsend 1 Projectsend 2018-12-06 7.5
ProjectSend (formerly cFTP) r582 allows directory traversal via file=../ in the process-zip-download.php query string.
CVE-2013-2085 1 Owncloud 1 Owncloud 2018-12-06 4.0
Directory traversal vulnerability in apps/files_trashbin/index.php in ownCloud Server before 5.0.6 allows remote authenticated users to access arbitrary files via a .. (dot dot) in the dir parameter.
CVE-2018-8041 1 Apache 1 Camel 2018-12-05 5.0
Apache Camel's Mail 2.20.0 through 2.20.3, 2.21.0 through 2.21.1 and 2.22.0 is vulnerable to path traversal.
CVE-2018-17444 1 Citrix 1 Sd-wan 2018-12-04 5.0
A Directory Traversal issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.
CVE-2018-8889 1 Blackberry 1 Enterprise Mobility Server 2018-12-04 4.7
A directory traversal vulnerability in the Connect Service of the BlackBerry Enterprise Mobility Server (BEMS) 2.8.17.29 and earlier could allow an attacker to retrieve arbitrary files in the context of a BEMS administrator account.
CVE-2018-18703 1 Phptpoint 1 Mailing Server Using File Handling 2018-12-04 5.0
PhpTpoint Mailing Server Using File Handling 1.0 suffers from multiple Arbitrary File Read vulnerabilities in different sections that allow an attacker to read sensitive files on the system via directory traversal, bypassing the login page, as...
CVE-2012-4834 1 Ibm 1 Websphere Portal 2018-12-04 5.0
Directory traversal vulnerability in LayerLoader.jsp in the theme component in IBM WebSphere Portal 7.0.0.1 and 7.0.0.2 before CF19 and 8.0 before CF03 allows remote attackers to read arbitrary files via a crafted URI.
CVE-2018-18890 1 1234n 1 Minicms 2018-12-03 5.0
MiniCMS 1.10 allows full path disclosure via /mc-admin/post.php?state=delete&delete= with an invalid filename.
CVE-2018-14806 1 Advantech 1 Webaccess 2018-12-03 7.5
Advantech WebAccess 8.3.1 and earlier has a path traversal vulnerability which may allow an attacker to execute arbitrary code.
CVE-2016-7116 1 Qemu 1 Qemu 2018-12-01 2.1
Directory traversal vulnerability in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to access host files outside the export path via a .. (dot dot) in an unspecified string.
CVE-2018-10897 2 Redhat, Rpm-software-management Project 5 Virtualization, Yum-utils, Enterprise Linux Desktop and 2 more 2018-11-30 9.3
A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the...
CVE-2018-1744 1 Ibm 1 Security Key Lifecycle Manager 2018-11-30 4.0
IBM Security Key Lifecycle Manager 2.5, 2.6, 2.7, and 3.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on...
CVE-2018-15540 1 Agentejo 1 Cockpit 2018-11-30 7.5
Agentejo Cockpit performs actions on files without appropriate validation and therefore allows an attacker to traverse the file system to unintended locations and/or access arbitrary files, aka /media/api Directory Traversal.
CVE-2018-17899 1 Lcds 1 Laquis Scada 2018-11-30 6.8
LAquis SCADA Versions 4.1.0.3870 and prior has a path traversal vulnerability, which may allow remote code execution.
CVE-2018-8780 3 Ruby-lang, Canonical, Debian 3 Ruby, Ubuntu Linux, Debian Linux 2018-11-30 7.5
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.empty? methods do not check NULL characters. When using the corresponding method, unintentional...
CVE-2018-6914 3 Ruby-lang, Canonical, Debian 3 Ruby, Ubuntu Linux, Debian Linux 2018-11-30 5.0
Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 might allow attackers to create arbitrary directories or...