| CVE |
Vendors |
Products |
Updated |
CVSS |
| CVE-2019-3396 |
1 Atlassian |
1 Confluence |
2019-04-18 |
10.0 |
| The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 before 6.13.3 (the fixed version for 6.13.x), and... |
| CVE-2017-9833 |
1 Boa |
1 Boa |
2019-04-18 |
7.8 |
| /cgi-bin/wapopen in BOA Webserver 0.94.14rc21 allows the injection of "../.." using the FILECAMERA variable (sent by GET) to read files with root privileges. |
| CVE-2018-16858 |
1 Libreoffice |
1 Libreoffice |
2019-04-18 |
6.8 |
| It was found that libreoffice before versions 6.0.7 and 6.1.3 was vulnerable to a directory traversal attack which could be used to execute arbitrary macros bundled with a document. An attacker could craft a document, which when opened by... |
| CVE-2019-3880 |
4 Redhat, Samba, Debian and 1 more |
5 Gluster Storage, Samba, Debian Linux and 2 more |
2019-04-18 |
5.5 |
| A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to... |
| CVE-2019-9222 |
1 Gitlab |
1 Gitlab |
2019-04-17 |
5.5 |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Insecure Permissions. |
| CVE-2019-10945 |
1 Joomla |
1 Joomla%21 |
2019-04-17 |
7.5 |
| An issue was discovered in Joomla! before 3.9.5. The Media Manager component does not properly sanitize the folder parameter, allowing attackers to act outside the media manager root directory. |
| CVE-2017-17058 |
1 Automattic |
1 Woocommerce |
2019-04-17 |
5.0 |
| ** DISPUTED ** The WooCommerce plugin through 3.x for WordPress has a Directory Traversal Vulnerability via a /wp-content/plugins/woocommerce/templates/emails/plain/ URI, which accesses a parent directory. NOTE: a software maintainer indicates... |
| CVE-2018-16874 |
2 Golang, Opensuse |
2 Go, Leap |
2019-04-16 |
6.8 |
| In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both '{' and '}' characters). Specifically, it is... |
| CVE-2013-2565 |
1 Mambo-foundation |
1 Mambo Cms |
2019-04-15 |
5.0 |
| A vulnerability in Mambo CMS v4.6.5 where the scripts thumbs.php, editorFrame.php, editor.php, images.php, manager.php discloses the root path of the webserver. |
| CVE-2019-4178 |
1 Ibm |
1 Cognos Analytics |
2019-04-15 |
6.4 |
| IBM Cognos Analytics 11 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to write or view arbitrary files on the system. IBM X-Force ID: 158919. |
| CVE-2018-1323 |
1 Apache |
1 Tomcat Jk Connector |
2019-04-15 |
5.0 |
| The IIS/ISAPI specific code in the Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.42 that normalised the requested path before matching it to the URI-worker map did not handle some edge cases correctly. If only a sub-set of the URLs supported by... |
| CVE-2018-11759 |
3 Apache, Redhat, Debian |
3 Tomcat Jk Connector, Jboss Core Services, Debian Linux |
2019-04-15 |
5.0 |
| The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs... |
| CVE-2017-7675 |
1 Apache |
1 Tomcat |
2019-04-15 |
5.0 |
| The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M21 and 8.5.0 to 8.5.15 bypassed a number of security checks that prevented directory traversal attacks. It was therefore possible to bypass security constraints using a specially crafted URL. |
| CVE-2015-5345 |
3 Apache, Debian, Canonical |
3 Debian Linux, Ubuntu Linux, Tomcat |
2019-04-15 |
5.0 |
| The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the... |
| CVE-2015-5174 |
3 Apache, Debian, Canonical |
3 Debian Linux, Ubuntu Linux, Tomcat |
2019-04-15 |
4.0 |
| Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a... |
| CVE-2007-1860 |
1 Apache |
1 Tomcat Jk Web Server Connector |
2019-04-15 |
5.0 |
| mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount,... |
| CVE-2007-0450 |
1 Apache |
2 Http Server, Tomcat |
2019-04-15 |
5.0 |
| Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot)... |
| CVE-2019-3943 |
1 Mikrotik |
1 Routeros |
2019-04-11 |
7.5 |
| MikroTik RouterOS versions Stable 6.43.12 and below, Long-term 6.42.12 and below, and Testing 6.44beta75 and below are vulnerable to an authenticated, remote directory traversal via the HTTP or Winbox interfaces. An authenticated, remote attack... |
| CVE-2018-19586 |
1 Silverpeas |
1 Silverpeas |
2019-04-11 |
9.0 |
| Silverpeas 5.15 through 6.0.2 is affected by an authenticated Directory Traversal vulnerability that can be triggered during file uploads because core/webapi/upload/FileUploadData.java mishandles a StringUtil.java call. This vulnerability enables... |
| CVE-2019-1785 |
1 Clamav |
1 Clamav |
2019-04-11 |
6.8 |
| A vulnerability in the RAR file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and 0.101.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The... |
