| CVE |
Vendors |
Products |
Updated |
CVSS |
| CVE-2018-15745 |
1 Argussurveillance |
1 Dvr |
2018-12-07 |
5.0 |
| Argus Surveillance DVR 4.0.0.0 devices allow Unauthenticated Directory Traversal, leading to File Disclosure via a ..%2F in the WEBACCOUNT.CGI RESULTPAGE parameter. |
| CVE-2018-13982 |
1 Smarty |
1 Smarty |
2018-12-07 |
5.0 |
| Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the executed template code to bypass the trusted... |
| CVE-2018-18552 |
1 Serverscheck |
1 Monitoring Software |
2018-12-06 |
5.0 |
| ServersCheck Monitoring Software through 14.3.3 allows local users to cause a denial of service (menu functionality loss) by creating an LNK file that points to a second LNK file, if this second LNK file is associated with a Start menu.... |
| CVE-2012-6324 |
1 Vmware |
1 Vcenter Server Appliance |
2018-12-06 |
4.0 |
| Directory traversal vulnerability in VMware vCenter Server Appliance (vCSA) 5.0 before Update 2 and 5.1 before Patch 1 allows remote authenticated users to read arbitrary files via unspecified vectors. |
| CVE-2016-10733 |
1 Projectsend |
1 Projectsend |
2018-12-06 |
7.5 |
| ProjectSend (formerly cFTP) r582 allows directory traversal via file=../ in the process-zip-download.php query string. |
| CVE-2013-2085 |
1 Owncloud |
1 Owncloud |
2018-12-06 |
4.0 |
| Directory traversal vulnerability in apps/files_trashbin/index.php in ownCloud Server before 5.0.6 allows remote authenticated users to access arbitrary files via a .. (dot dot) in the dir parameter. |
| CVE-2018-8041 |
1 Apache |
1 Camel |
2018-12-05 |
5.0 |
| Apache Camel's Mail 2.20.0 through 2.20.3, 2.21.0 through 2.21.1 and 2.22.0 is vulnerable to path traversal. |
| CVE-2018-17444 |
1 Citrix |
1 Sd-wan |
2018-12-04 |
5.0 |
| A Directory Traversal issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. |
| CVE-2018-8889 |
1 Blackberry |
1 Enterprise Mobility Server |
2018-12-04 |
4.7 |
| A directory traversal vulnerability in the Connect Service of the BlackBerry Enterprise Mobility Server (BEMS) 2.8.17.29 and earlier could allow an attacker to retrieve arbitrary files in the context of a BEMS administrator account. |
| CVE-2018-18703 |
1 Phptpoint |
1 Mailing Server Using File Handling |
2018-12-04 |
5.0 |
| PhpTpoint Mailing Server Using File Handling 1.0 suffers from multiple Arbitrary File Read vulnerabilities in different sections that allow an attacker to read sensitive files on the system via directory traversal, bypassing the login page, as... |
| CVE-2012-4834 |
1 Ibm |
1 Websphere Portal |
2018-12-04 |
5.0 |
| Directory traversal vulnerability in LayerLoader.jsp in the theme component in IBM WebSphere Portal 7.0.0.1 and 7.0.0.2 before CF19 and 8.0 before CF03 allows remote attackers to read arbitrary files via a crafted URI. |
| CVE-2018-18890 |
1 1234n |
1 Minicms |
2018-12-03 |
5.0 |
| MiniCMS 1.10 allows full path disclosure via /mc-admin/post.php?state=delete&delete= with an invalid filename. |
| CVE-2018-14806 |
1 Advantech |
1 Webaccess |
2018-12-03 |
7.5 |
| Advantech WebAccess 8.3.1 and earlier has a path traversal vulnerability which may allow an attacker to execute arbitrary code. |
| CVE-2016-7116 |
1 Qemu |
1 Qemu |
2018-12-01 |
2.1 |
| Directory traversal vulnerability in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to access host files outside the export path via a .. (dot dot) in an unspecified string. |
| CVE-2018-10897 |
2 Redhat, Rpm-software-management Project |
5 Virtualization, Yum-utils, Enterprise Linux Desktop and 2 more |
2018-11-30 |
9.3 |
| A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the... |
| CVE-2018-1744 |
1 Ibm |
1 Security Key Lifecycle Manager |
2018-11-30 |
4.0 |
| IBM Security Key Lifecycle Manager 2.5, 2.6, 2.7, and 3.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on... |
| CVE-2018-15540 |
1 Agentejo |
1 Cockpit |
2018-11-30 |
7.5 |
| Agentejo Cockpit performs actions on files without appropriate validation and therefore allows an attacker to traverse the file system to unintended locations and/or access arbitrary files, aka /media/api Directory Traversal. |
| CVE-2018-17899 |
1 Lcds |
1 Laquis Scada |
2018-11-30 |
6.8 |
| LAquis SCADA Versions 4.1.0.3870 and prior has a path traversal vulnerability, which may allow remote code execution. |
| CVE-2018-8780 |
3 Ruby-lang, Canonical, Debian |
3 Ruby, Ubuntu Linux, Debian Linux |
2018-11-30 |
7.5 |
| In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.empty? methods do not check NULL characters. When using the corresponding method, unintentional... |
| CVE-2018-6914 |
3 Ruby-lang, Canonical, Debian |
3 Ruby, Ubuntu Linux, Debian Linux |
2018-11-30 |
5.0 |
| Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 might allow attackers to create arbitrary directories or... |
