Vulnerabilities (CVE)

CWE filter

CWE-22

Filter

2745 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-3474 1 Microfocus 1 Filr 2019-02-21 4.0
A path traversal vulnerability in the web application component of Micro Focus Filr 3.x allows a remote attacker authenticated as a low privilege user to download arbitrary files from the Filr server. This vulnerability affects all versions of...
CVE-2019-8943 1 Wordpress 1 Wordpress 2019-02-21 4.0
WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An attacker (who has privileges to crop an image) can write the output image to an arbitrary directory via a filename containing two image extensions and ../ sequences, such as a...
CVE-2019-8412 1 Feifeicms 1 Feifeicms 2019-02-20 6.5
FeiFeiCms 4.0.181010 on Windows allows remote attackers to read or delete arbitrary files via index.php?s=Admin-Data-Down-id-..\ or index.php?s=Admin-Data-Del-id-..\ directory traversal.
CVE-2019-8411 1 Zzcms 1 Zzcms 2019-02-19 6.4
admin/dl_data.php in zzcms 2018 (2018-10-19) allows remote attackers to delete arbitrary files via action=del&filename=../ directory traversal.
CVE-2015-4617 1 Easy2map 1 Easy2map-photos 2019-02-19 5.0
Vulnerability in Easy2map-photos WordPress Plugin v1.09 MapPinImageUpload.php and MapPinIconSave.php allows path traversal when specifying file names creating files outside of the upload directory.
CVE-2019-8407 1 Hongcms Project 1 Hongcms 2019-02-19 5.5
HongCMS 3.0.0 allows arbitrary file read and write operations via a ../ in the filename parameter to the admin/index.php/language/edit URI.
CVE-2019-8903 2019-02-19 5.0
index.js in Total.js Platform before 3.2.3 allows path traversal.
CVE-2019-8358 2019-02-19 6.8
In Hiawatha before 10.8.4, a remote attacker is able to do directory traversal if AllowDotFiles is enabled.
CVE-2013-2565 1 Mambo-foundation 1 Mambo Cms 2019-02-19 5.0
A vulnerability in Mambo CMS v4.6.5 where the scripts thumbs.php, editorFrame.php, editor.php, images.php, manager.php discloses the root path of the webserver.
CVE-2018-20437 2019-02-15 5.0
** DISPUTED ** An issue was discovered in the fileDownload function in the CommonController class in FEBS-Shiro before 2018-11-05. An attacker can download a file via a request of the form /common/download?filename=1.jsp&delete=false. NOTE: the...
CVE-2019-1000008 2019-02-15 4.3
All versions of Helm between Helm >=2.0.0 and < 2.12.2 contains a CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The commands `helm fetch --untar` and `helm lint some.tgz` that can result...
CVE-2018-18593 1 Hp 1 Ucmdb Configuration Manager 2019-02-15 5.0
Remote Directory Traversal and Remote Disclosure of Privileged Information in UCMDB Configuration Management Service, version 10.22, 10.22 CUP1, 10.22 CUP2, 10.22 CUP3, 10.22 CUP4, 10.22 CUP5, 10.22 CUP6, 10.22 CUP7, 10.33, 10.33 CUP1, 10.33...
CVE-2019-5910 1 Housegate 1 House Gate 2019-02-14 5.0
Directory traversal vulnerability in HOUSE GATE App for iOS 1.7.8 and earlier allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2018-1002204 2019-02-14 4.3
adm-zip npm library before 0.4.9 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.
CVE-2018-1000997 1 Jenkins 1 Jenkins 2019-02-14 4.0
A path traversal vulnerability exists in the Stapler web framework used by Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/org/kohsuke/stapler/Facet.java,...
CVE-2018-13812 1 Siemens 12 Simatic Wincc %28tia Portal%29, Simatic Wincc Runtime, Simatic Hmi Comfort Outdoor Panels Firmware and 9 more 2019-02-14 5.0
A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15 Update 4), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V15 Update 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900...
CVE-2018-0722 1 Qnap 1 Photo Station 2019-02-12 5.0
Path Traversal vulnerability in Photo Station versions: 5.7.2 and earlier in QTS 4.3.4, 5.4.4 and earlier in QTS 4.3.3, 5.2.8 and earlier in QTS 4.2.6 could allow remote attackers to access sensitive information on the device.
CVE-2019-7678 2019-02-12 7.5
A directory traversal vulnerability was discovered in Enphase Envoy R3.*.* via images/, include/, include/js, or include/css on TCP port 8888.
CVE-2015-2971 1 Seeds 1 Acmailer 2019-02-11 5.5
Directory traversal vulnerability in Seeds acmailer before 3.8.18 and 3.9.x before 3.9.12 Beta allows remote authenticated users to delete arbitrary files via a crafted string.
CVE-2019-6500 1 Axway 1 File Tranfer Direct 2019-02-08 5.0
In Axway File Transfer Direct 2.7.1, an unauthenticated Directory Traversal vulnerability can be exploited by issuing a specially crafted HTTP GET request with %2e instead of '.' characters, as demonstrated by an initial...