Vulnerabilities (CVE)

CWE filter

CWE-22

Filter

2805 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-3396 1 Atlassian 1 Confluence 2019-04-18 10.0
The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 before 6.13.3 (the fixed version for 6.13.x), and...
CVE-2017-9833 1 Boa 1 Boa 2019-04-18 7.8
/cgi-bin/wapopen in BOA Webserver 0.94.14rc21 allows the injection of "../.." using the FILECAMERA variable (sent by GET) to read files with root privileges.
CVE-2018-16858 1 Libreoffice 1 Libreoffice 2019-04-18 6.8
It was found that libreoffice before versions 6.0.7 and 6.1.3 was vulnerable to a directory traversal attack which could be used to execute arbitrary macros bundled with a document. An attacker could craft a document, which when opened by...
CVE-2019-3880 4 Redhat, Samba, Debian and 1 more 5 Gluster Storage, Samba, Debian Linux and 2 more 2019-04-18 5.5
A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to...
CVE-2019-9222 1 Gitlab 1 Gitlab 2019-04-17 5.5
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Insecure Permissions.
CVE-2019-10945 1 Joomla 1 Joomla%21 2019-04-17 7.5
An issue was discovered in Joomla! before 3.9.5. The Media Manager component does not properly sanitize the folder parameter, allowing attackers to act outside the media manager root directory.
CVE-2017-17058 1 Automattic 1 Woocommerce 2019-04-17 5.0
** DISPUTED ** The WooCommerce plugin through 3.x for WordPress has a Directory Traversal Vulnerability via a /wp-content/plugins/woocommerce/templates/emails/plain/ URI, which accesses a parent directory. NOTE: a software maintainer indicates...
CVE-2018-16874 2 Golang, Opensuse 2 Go, Leap 2019-04-16 6.8
In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both '{' and '}' characters). Specifically, it is...
CVE-2013-2565 1 Mambo-foundation 1 Mambo Cms 2019-04-15 5.0
A vulnerability in Mambo CMS v4.6.5 where the scripts thumbs.php, editorFrame.php, editor.php, images.php, manager.php discloses the root path of the webserver.
CVE-2019-4178 1 Ibm 1 Cognos Analytics 2019-04-15 6.4
IBM Cognos Analytics 11 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to write or view arbitrary files on the system. IBM X-Force ID: 158919.
CVE-2018-1323 1 Apache 1 Tomcat Jk Connector 2019-04-15 5.0
The IIS/ISAPI specific code in the Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.42 that normalised the requested path before matching it to the URI-worker map did not handle some edge cases correctly. If only a sub-set of the URLs supported by...
CVE-2018-11759 3 Apache, Redhat, Debian 3 Tomcat Jk Connector, Jboss Core Services, Debian Linux 2019-04-15 5.0
The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs...
CVE-2017-7675 1 Apache 1 Tomcat 2019-04-15 5.0
The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M21 and 8.5.0 to 8.5.15 bypassed a number of security checks that prevented directory traversal attacks. It was therefore possible to bypass security constraints using a specially crafted URL.
CVE-2015-5345 3 Apache, Debian, Canonical 3 Debian Linux, Ubuntu Linux, Tomcat 2019-04-15 5.0
The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the...
CVE-2015-5174 3 Apache, Debian, Canonical 3 Debian Linux, Ubuntu Linux, Tomcat 2019-04-15 4.0
Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a...
CVE-2007-1860 1 Apache 1 Tomcat Jk Web Server Connector 2019-04-15 5.0
mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount,...
CVE-2007-0450 1 Apache 2 Http Server, Tomcat 2019-04-15 5.0
Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot)...
CVE-2019-3943 1 Mikrotik 1 Routeros 2019-04-11 7.5
MikroTik RouterOS versions Stable 6.43.12 and below, Long-term 6.42.12 and below, and Testing 6.44beta75 and below are vulnerable to an authenticated, remote directory traversal via the HTTP or Winbox interfaces. An authenticated, remote attack...
CVE-2018-19586 1 Silverpeas 1 Silverpeas 2019-04-11 9.0
Silverpeas 5.15 through 6.0.2 is affected by an authenticated Directory Traversal vulnerability that can be triggered during file uploads because core/webapi/upload/FileUploadData.java mishandles a StringUtil.java call. This vulnerability enables...
CVE-2019-1785 1 Clamav 1 Clamav 2019-04-11 6.8
A vulnerability in the RAR file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and 0.101.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The...