| CVE |
Vendors |
Products |
Updated |
CVSS |
| CVE-2016-10924 |
|
|
2019-08-23 |
5.0 |
| The ebook-download plugin before 1.2 for WordPress has directory traversal. |
| CVE-2017-18585 |
1 Ivycat |
1 Posts In Page |
2019-08-23 |
5.5 |
| The posts-in-page plugin before 1.3.0 for WordPress has ic_add_posts template='../ directory traversal. |
| CVE-2019-15326 |
1 Codection |
1 Import Users From Csv With Meta |
2019-08-23 |
5.0 |
| The import-users-from-csv-with-meta plugin before 1.14.2.1 for WordPress has directory traversal. |
| CVE-2019-4460 |
1 Ibm |
1 Api Connect |
2019-08-23 |
5.0 |
| IBM API Connect 5.0.0.0 through 5.0.8.6 developer portal could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on... |
| CVE-2019-14788 |
1 Tribulant |
1 Newsletter |
2019-08-22 |
6.5 |
| wp-admin/admin-ajax.php?action=newsletters_exportmultiple in the Tribulant Newsletters plugin before 4.6.19 for WordPress allows directory traversal with resultant remote PHP code execution via the subscribers[1][1] parameter in conjunction with... |
| CVE-2019-12479 |
1 Twentytwenty.storage Project |
1 Twentytwenty.storage |
2019-08-21 |
6.4 |
| An issue was discovered in 20|20 Storage 2.11.0. A Path Traversal vulnerability in the TwentyTwenty.Storage library in the LocalStorageProvider allows creating and reading files outside of the specified basepath. If the application using this... |
| CVE-2019-14530 |
1 Open-emr |
1 Openemr |
2019-08-19 |
4.0 |
| An issue was discovered in custom/ajax_download.php in OpenEMR before 5.0.2 via the fileName parameter. An attacker can download any file (that is readable by the user www-data) from server storage. If the requested file is writable for the... |
| CVE-2019-14312 |
1 Aptana |
1 Jaxer |
2019-08-19 |
4.0 |
| Aptana Jaxer 1.0.3.4547 is vulnerable to a local file inclusion vulnerability in the wikilite source code viewer. This vulnerability allows a remote attacker to read internal files on the server via a tools/sourceViewer/index.html?filename=../ URI. |
| CVE-2018-8741 |
2 Squirrelmail, Debian |
2 Squirrelmail, Debian Linux |
2019-08-15 |
6.5 |
| A directory traversal flaw in SquirrelMail 1.4.22 allows an authenticated attacker to exfiltrate (or potentially delete) files from the hosting server, related to ../ in the att_local_name field in Deliver.class.php. |
| CVE-2019-1952 |
|
|
2019-08-15 |
4.6 |
| A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to overwrite or read arbitrary files. The attacker would need valid administrator privilege-level credentials. This... |
| CVE-2019-10352 |
1 Jenkins |
1 Jenkins |
2019-08-15 |
4.0 |
| A path traversal vulnerability in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier in core/src/main/java/hudson/model/FileParameterValue.java allowed attackers with Job/Configure permission to define a file parameter with a file name outside... |
| CVE-2019-10185 |
1 Icetea-web Project |
1 Icetea-web |
2019-08-15 |
6.4 |
| It was found that icedtea-web up to and including 1.7.2 and 1.8.2 was vulnerable to a zip-slip attack during auto-extraction of a JAR file. An attacker could use this flaw to write files to arbitrary locations. This could also be used to replace... |
| CVE-2019-10182 |
2 Icedtea-web Project, Redhat |
6 Icedtea-web, Enterprise Linux Desktop, Enterprise Linux Server and 3 more |
2019-08-15 |
5.8 |
| It was found that icedtea-web though 1.7.2 and 1.8.2 did not properly sanitize paths from <jar/> elements in JNLP files. An attacker could trick a victim into running a specially crafted application and use this flaw to upload arbitrary files to... |
| CVE-2019-14798 |
1 10web |
1 Photo Gallery |
2019-08-14 |
4.0 |
| The 10Web Photo Gallery plugin before 1.5.25 for WordPress has Authenticated Local File Inclusion via directory traversal in the wp-admin/admin-ajax.php?action=shortcode_bwg tagtext parameter. |
| CVE-2019-12143 |
2 Ipswitch, Progress |
2 Ws Ftp Server, Ipswitch Ws Ftp Server |
2019-08-14 |
5.0 |
| A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. An attacker can supply a string using special patterns via the SCP protocol to disclose WS_FTP usernames as well as filenames. |
| CVE-2019-14362 |
1 Openbravo |
1 Openbravo Erp |
2019-08-14 |
5.5 |
| Openbravo ERP before 3.0PR19Q1.3 is affected by Directory Traversal. This vulnerability could allow remote authenticated attackers to replace a file on the server via the getAttachmentDirectoryForNewAttachment inpKey value. |
| CVE-2019-14701 |
1 Microdigital |
3 Mdc-n2190v Firmware, Mdc-n4090 Firmware, Mdc-n4090w Firmware |
2019-08-13 |
5.0 |
| An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. An attacker can trigger read operations on an arbitrary file via Path Traversal in the TZ parameter, but cannot retrieve the data that is read. This causes... |
| CVE-2019-14700 |
1 Microdigital |
3 Mdc-n2190v Firmware, Mdc-n4090 Firmware, Mdc-n4090w Firmware |
2019-08-13 |
5.0 |
| An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. There is disclosure of the existence of arbitrary files via Path Traversal in HTTPD. This occurs because the filename specified in the TZ parameter is... |
| CVE-2019-14521 |
1 Emca |
1 Energy Logserver |
2019-08-13 |
5.0 |
| The api/admin/logoupload Logo File upload feature in EMCA Energy Logserver 6.1.2 allows attackers to send any kind of file to any location on the server via path traversal in the filename parameter. |
| CVE-2019-13635 |
1 Wpfastestcache |
1 Wp Fastest Cache |
2019-08-13 |
6.4 |
| The WP Fastest Cache plugin through 0.8.9.5 for WordPress allows wpFastestCache.php and inc/cache.php Directory Traversal. |
