Vulnerabilities (CVE)

CWE filter

CWE-22

Filter

2872 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-0182 1 Intel 2 Open Cloud Integrity Tehnology, Openattestation 2019-06-14 2.1
Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2011-5325 1 Busybox 1 Busybox 2019-06-13 5.0
Directory traversal vulnerability in the BusyBox implementation of tar before 1.22.0 v5 allows remote attackers to point to files outside the current working directory via a symlink.
CVE-2019-12137 1 Typora 1 Typora 2019-06-13 6.8
Typora 0.9.9.24.6 on macOS allows directory traversal, for execution of arbitrary programs, via a file:/// or ../ substring in a shared note.
CVE-2017-7675 1 Apache 1 Tomcat 2019-06-12 5.0
The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M21 and 8.5.0 to 8.5.15 bypassed a number of security checks that prevented directory traversal attacks. It was therefore possible to bypass security constraints using a specially crafted URL.
CVE-2019-12144 1 Ipswitch 1 Ws Ftp Server 2019-06-12 7.5
An issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. Attackers have the ability to abuse a path traversal vulnerability using the SCP protocol. Attackers who leverage this flaw could also obtain remote...
CVE-2019-12146 1 Ipswitch 1 Ws Ftp Server 2019-06-12 6.4
A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. Attackers have the ability to abuse a flaw in the SCP listener by crafting strings using specific patterns to write files and...
CVE-2019-12145 1 Ipswitch 1 Ws Ftp Server 2019-06-12 5.0
A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. An attacker can supply a string using special patterns via the SCP protocol to disclose path names on the host operating system.
CVE-2019-12143 1 Ipswitch 1 Ws Ftp Server 2019-06-12 5.0
A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. An attacker can supply a string using special patterns via the SCP protocol to disclose WS_FTP usernames as well as filenames.
CVE-2019-9723 2019-06-11 5.5
LogicalDOC Community Edition 8.x before 8.2.1 has a path traversal vulnerability that allows reading arbitrary files and the creation of directories, in the class PluginRegistry.
CVE-2019-12477 1 Supra 1 Stv-lc40lt0020f Firmware 2019-06-11 2.1
Supra Smart Cloud TV allows remote file inclusion in the openLiveURL function, which allows a local attacker to broadcast fake video without any authentication via a /remote/media_control?action=setUri&uri= URI.
CVE-2019-8320 1 Rubygems 1 Rubygems 2019-06-11 8.8
A Directory Traversal issue was discovered in RubyGems 2.7.6 and later through 3.0.2. Before making new directories or touching files (which now include path-checking code for symlinks), it would delete the target destination. If that destination...
CVE-2018-13379 1 Fortinet 1 Fortios 2019-06-10 5.0
An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP...
CVE-2019-12276 1 Grandnode 1 Grandnode 2019-06-07 5.0
A Path Traversal vulnerability in Controllers/LetsEncryptController.cs in LetsEncryptController in GrandNode 4.40 allows remote, unauthenticated attackers to retrieve arbitrary files on the web server via specially crafted...
CVE-2019-8385 2019-06-06 7.5
An issue was discovered in Thomson Reuters Desktop Extensions 1.9.0.358. An unauthenticated directory traversal and local file inclusion vulnerability in the ThomsonReuters.Desktop.Service.exe and ThomsonReuters.Desktop.exe allows a remote...
CVE-2019-10009 1 Southrivertech 1 Titan Ftp Server 2019-06-06 4.0
A Directory Traversal issue was discovered in the Web GUI in Titan FTP Server 2019 Build 3505. When an authenticated user attempts to preview an uploaded file (through PreviewHandler.ashx) by using a \..\..\ technique, arbitrary files can be...
CVE-2019-5356 1 Hp 1 Intelligent Management Center 2019-06-06 10.0
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
CVE-2019-6754 1 Foxitsoftware 2 Foxit Reader, Phantompdf 2019-06-05 6.8
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.3.10826. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...
CVE-2019-12593 1 Icewarp 1 Mail Server 2019-06-04 5.0
IceWarp Mail Server through 10.4.4 is prone to a local file inclusion vulnerability via webmail/calendar/minimizer/index.php?style=..%5c directory traversal.
CVE-2019-12310 1 Exagrid 1 Backup Appliance Firmware 2019-06-04 5.0
ExaGrid appliances with firmware version v4.8.1.1044.P50 have a /monitor/data/Upgrade/ directory traversal vulnerability, which allows remote attackers to view and retrieve verbose logging information. Files within this directory were observed to...
CVE-2018-16874 2 Golang, Opensuse 2 Go, Leap 2019-06-03 6.8
In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both '{' and '}' characters). Specifically, it is...