Vulnerabilities (CVE)

CWE filter

CWE-22

Filter

3043 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-17187 1 Fiberhome 1 Hg2201t Firmware 2019-10-11 5.0
/var/WEB-GUI/cgi-bin/downloadfile.cgi on FiberHome HG2201T 1.00.M5007_JS_201804 devices allows pre-authentication Directory Traversal for reading arbitrary files.
CVE-2019-17399 2019-10-11 7.5
The Shack Forms Pro extension before 4.0.32 for Joomla! allows path traversal via a file attachment.
CVE-2019-17109 1 Koji Project 1 Koji 2019-10-11 4.0
Koji through 1.18.0 allows remote Directory Traversal, with resultant Privilege Escalation.
CVE-2019-17199 1 Webpagetest 1 Webpagetest 2019-10-10 5.0
www/getfile.php in WPO WebPageTest 19.04 on Windows allows Directory Traversal (for reading arbitrary files) because of an unanchored regular expression, as demonstrated by the a.jpg\.. substring.
CVE-2019-12691 1 Cisco 1 Firepower Management Center 2019-10-10 4.0
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to perform a directory traversal attack on an affected device. The vulnerability is due to...
CVE-2009-5093 1 Php4scripte 1 Gastebuch 2019-10-10 5.0
Directory traversal vulnerability in gastbuch.php in G?stebuch (Gastebuch) 1.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the start parameter.
CVE-2019-9922 1 Harmistechnology 1 Je Messenger 2019-10-09 N/A
An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. Directory Traversal allows read access to arbitrary files.
CVE-2019-7227 2019-10-09 4.1
In the ABB IDAL FTP server, an authenticated attacker can traverse to arbitrary directories on the hard disk with "CWD ../" and then use the FTP server functionality to download and upload files. An unauthenticated attacker can take advantage of...
CVE-2019-6754 1 Foxitsoftware 2 Foxit Reader, Phantompdf 2019-10-09 6.8
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.3.10826. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...
CVE-2019-5624 1 Rapid7 1 Metasploit 2019-10-09 6.5
Rapid7 Metasploit Framework suffers from an instance of CWE-22, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in the Zip import function of Metasploit. Exploiting this vulnerability can allow an attacker to...
CVE-2019-5484 1 Bower 1 Bower 2019-10-09 5.0
Bower before 1.8.8 has a path traversal vulnerability permitting file write in arbitrary locations via install command, which allows attackers to write arbitrary files when a malicious package is extracted.
CVE-2019-5480 1 Statichttpserver Project 1 Statichttpserver 2019-10-09 5.0
A path traversal vulnerability in <= v0.9.7 of statichttpserver npm module allows attackers to list files in arbitrary folders.
CVE-2019-5447 2 Rejetto, Http-file-server Project 2 Http-file-server, Http-file-server 2019-10-09 5.0
A path traversal vulnerability in <= v0.2.6 of http-file-server npm module allows attackers to list files in arbitrary folders.
CVE-2019-5444 1 Serve-here.js Project 1 Serve-here.js 2019-10-09 5.0
Path traversal vulnerability in version up to v1.1.3 in serve-here.js npm module allows attackers to list any file in arbitrary folder.
CVE-2019-5438 1 Harpjs 1 Harp 2019-10-09 5.0
Path traversal using symlink in npm harp module versions <= 0.29.0.
CVE-2019-5423 1 Http-live-simulator Project 1 Http-live-simulator 2019-10-09 N/A
Path traversal vulnerability in http-live-simulator npm package version 1.0.5 allows arbitrary path to be accessed on the file system by a remote attacker.
CVE-2019-5416 1 Localhost-now Project 1 Localhost-now 2019-10-09 5.0
A path traversal vulnerability in localhost-now npm package version 1.0.2 allows the attackers to read content of arbitrary files on the remote server.
CVE-2019-4460 1 Ibm 1 Api Connect 2019-10-09 5.0
IBM API Connect 5.0.0.0 through 5.0.8.6 developer portal could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on...
CVE-2019-4442 1 Ibm 1 Websphere Application Server 2019-10-09 4.0
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9,0 could allow a remote attacker to traverse directories on the file system. An attacker could send a specially-crafted URL request to view arbitrary files on the system but not content. IBM...
CVE-2019-4430 1 Ibm 1 Maximo Asset Management 2019-10-09 5.0
IBM Maximo Asset Management 7.6 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force...