Vulnerabilities (CVE)

CWE filter

CWE-22

Filter

2932 total CVE
CVE Vendors Products Updated CVSS
CVE-2016-10924 2019-08-23 5.0
The ebook-download plugin before 1.2 for WordPress has directory traversal.
CVE-2017-18585 1 Ivycat 1 Posts In Page 2019-08-23 5.5
The posts-in-page plugin before 1.3.0 for WordPress has ic_add_posts template='../ directory traversal.
CVE-2019-15326 1 Codection 1 Import Users From Csv With Meta 2019-08-23 5.0
The import-users-from-csv-with-meta plugin before 1.14.2.1 for WordPress has directory traversal.
CVE-2019-4460 1 Ibm 1 Api Connect 2019-08-23 5.0
IBM API Connect 5.0.0.0 through 5.0.8.6 developer portal could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on...
CVE-2019-14788 1 Tribulant 1 Newsletter 2019-08-22 6.5
wp-admin/admin-ajax.php?action=newsletters_exportmultiple in the Tribulant Newsletters plugin before 4.6.19 for WordPress allows directory traversal with resultant remote PHP code execution via the subscribers[1][1] parameter in conjunction with...
CVE-2019-12479 1 Twentytwenty.storage Project 1 Twentytwenty.storage 2019-08-21 6.4
An issue was discovered in 20|20 Storage 2.11.0. A Path Traversal vulnerability in the TwentyTwenty.Storage library in the LocalStorageProvider allows creating and reading files outside of the specified basepath. If the application using this...
CVE-2019-14530 1 Open-emr 1 Openemr 2019-08-19 4.0
An issue was discovered in custom/ajax_download.php in OpenEMR before 5.0.2 via the fileName parameter. An attacker can download any file (that is readable by the user www-data) from server storage. If the requested file is writable for the...
CVE-2019-14312 1 Aptana 1 Jaxer 2019-08-19 4.0
Aptana Jaxer 1.0.3.4547 is vulnerable to a local file inclusion vulnerability in the wikilite source code viewer. This vulnerability allows a remote attacker to read internal files on the server via a tools/sourceViewer/index.html?filename=../ URI.
CVE-2018-8741 2 Squirrelmail, Debian 2 Squirrelmail, Debian Linux 2019-08-15 6.5
A directory traversal flaw in SquirrelMail 1.4.22 allows an authenticated attacker to exfiltrate (or potentially delete) files from the hosting server, related to ../ in the att_local_name field in Deliver.class.php.
CVE-2019-1952 2019-08-15 4.6
A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to overwrite or read arbitrary files. The attacker would need valid administrator privilege-level credentials. This...
CVE-2019-10352 1 Jenkins 1 Jenkins 2019-08-15 4.0
A path traversal vulnerability in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier in core/src/main/java/hudson/model/FileParameterValue.java allowed attackers with Job/Configure permission to define a file parameter with a file name outside...
CVE-2019-10185 1 Icetea-web Project 1 Icetea-web 2019-08-15 6.4
It was found that icedtea-web up to and including 1.7.2 and 1.8.2 was vulnerable to a zip-slip attack during auto-extraction of a JAR file. An attacker could use this flaw to write files to arbitrary locations. This could also be used to replace...
CVE-2019-10182 2 Icedtea-web Project, Redhat 6 Icedtea-web, Enterprise Linux Desktop, Enterprise Linux Server and 3 more 2019-08-15 5.8
It was found that icedtea-web though 1.7.2 and 1.8.2 did not properly sanitize paths from <jar/> elements in JNLP files. An attacker could trick a victim into running a specially crafted application and use this flaw to upload arbitrary files to...
CVE-2019-14798 1 10web 1 Photo Gallery 2019-08-14 4.0
The 10Web Photo Gallery plugin before 1.5.25 for WordPress has Authenticated Local File Inclusion via directory traversal in the wp-admin/admin-ajax.php?action=shortcode_bwg tagtext parameter.
CVE-2019-12143 2 Ipswitch, Progress 2 Ws Ftp Server, Ipswitch Ws Ftp Server 2019-08-14 5.0
A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. An attacker can supply a string using special patterns via the SCP protocol to disclose WS_FTP usernames as well as filenames.
CVE-2019-14362 1 Openbravo 1 Openbravo Erp 2019-08-14 5.5
Openbravo ERP before 3.0PR19Q1.3 is affected by Directory Traversal. This vulnerability could allow remote authenticated attackers to replace a file on the server via the getAttachmentDirectoryForNewAttachment inpKey value.
CVE-2019-14701 1 Microdigital 3 Mdc-n2190v Firmware, Mdc-n4090 Firmware, Mdc-n4090w Firmware 2019-08-13 5.0
An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. An attacker can trigger read operations on an arbitrary file via Path Traversal in the TZ parameter, but cannot retrieve the data that is read. This causes...
CVE-2019-14700 1 Microdigital 3 Mdc-n2190v Firmware, Mdc-n4090 Firmware, Mdc-n4090w Firmware 2019-08-13 5.0
An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. There is disclosure of the existence of arbitrary files via Path Traversal in HTTPD. This occurs because the filename specified in the TZ parameter is...
CVE-2019-14521 1 Emca 1 Energy Logserver 2019-08-13 5.0
The api/admin/logoupload Logo File upload feature in EMCA Energy Logserver 6.1.2 allows attackers to send any kind of file to any location on the server via path traversal in the filename parameter.
CVE-2019-13635 1 Wpfastestcache 1 Wp Fastest Cache 2019-08-13 6.4
The WP Fastest Cache plugin through 0.8.9.5 for WordPress allows wpFastestCache.php and inc/cache.php Directory Traversal.