Total
7453 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-5337 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-11-21 | N/A |
| An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: directory traversal in the SCRIPT_NAME field when modifying existing scripts. | ||||
| CVE-2018-5310 | 1 Media From Ftp Project | 1 Media From Ftp | 2024-11-21 | N/A |
| In the "Media from FTP" plugin before 9.85 for WordPress, Directory Traversal exists via the searchdir parameter to the wp-admin/admin.php?page=mediafromftp-search-register URI. | ||||
| CVE-2018-5291 | 1 Gd Rating System Project | 1 Gd Rating System | 2024-11-21 | N/A |
| The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-tools page. | ||||
| CVE-2018-5290 | 1 Gd Rating System Project | 1 Gd Rating System | 2024-11-21 | N/A |
| The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-transfer page. | ||||
| CVE-2018-5289 | 1 Gd Rating System Project | 1 Gd Rating System | 2024-11-21 | N/A |
| The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-information page. | ||||
| CVE-2018-5287 | 1 Gd Rating System Project | 1 Gd Rating System | 2024-11-21 | N/A |
| The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-about page. | ||||
| CVE-2018-5283 | 1 Photos In Wifi Project | 1 Photos In Wifi | 2024-11-21 | N/A |
| The Photos in Wifi application 1.0.1 for iOS has directory traversal via the ext parameter to assets-library://asset/asset.php. | ||||
| CVE-2018-5182 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2024-11-21 | N/A |
| If a text string that happens to be a filename in the operating system's native format is dragged and dropped onto the addressbar the specified local file will be opened. This is contrary to policy and is what would happen if the string were the equivalent "file:" URL. This vulnerability affects Firefox < 60. | ||||
| CVE-2018-5181 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2024-11-21 | N/A |
| If a URL using the "file:" protocol is dragged and dropped onto an open tab that is running in a different child process the tab will open a local file corresponding to the dropped URL, contrary to policy. One way to make the target tab open more reliably in a separate process is to open it with the "noopener" keyword. This vulnerability affects Firefox < 60. | ||||
| CVE-2018-4861 | 1 Siemens | 2 Scalance M875, Scalance M875 Firmware | 2024-11-21 | N/A |
| A vulnerability has been identified in SCALANCE M875 (All versions). An authenticated remote attacker with access to the web interface (443/tcp), could potentially read and download arbitrary files from the device's file system. Successful exploitation requires that the attacker has network access to the web interface. The attacker must be authenticated as administrative user to exploit the security vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | ||||
| CVE-2018-3949 | 1 Tp-link | 2 Tl-r600vpn, Tl-r600vpn Firmware | 2024-11-21 | 7.5 High |
| An exploitable information disclosure vulnerability exists in the HTTP server functionality of the TP-Link TL-R600VPN. A specially crafted URL can cause a directory traversal, resulting in the disclosure of sensitive system files. An attacker can send either an unauthenticated or an authenticated web request to trigger this vulnerability. | ||||
| CVE-2018-3822 | 1 Elastic | 1 X-pack | 2024-11-21 | 9.8 Critical |
| X-Pack Security versions 6.2.0, 6.2.1, and 6.2.2 are vulnerable to a user impersonation attack via incorrect XML canonicalization and DOM traversal. An attacker might have been able to impersonate a legitimate user if the SAML Identity Provider allows for self registration with arbitrary identifiers and the attacker can register an account which an identifier that shares a suffix with a legitimate account. Both of those conditions must be true in order to exploit this flaw. | ||||
| CVE-2018-3787 | 1 Simplehttpserver Project | 1 Simplehttpserver | 2024-11-21 | 7.5 High |
| Path traversal in simplehttpserver <v0.2.1 allows listing any file on the server. | ||||
| CVE-2018-3770 | 1 Markdown-pdf Project | 1 Markdown-pdf | 2024-11-21 | 5.5 Medium |
| A path traversal exists in markdown-pdf version <9.0.0 that allows a user to insert a malicious html code that can result in reading the local files. | ||||
| CVE-2018-3766 | 1 Buttle Project | 1 Buttle | 2024-11-21 | 7.5 High |
| Path traversal in buttle module versions <= 0.2.0 allows to read any file in the server. | ||||
| CVE-2018-3760 | 3 Debian, Redhat, Sprockets Project | 6 Debian Linux, Cloudforms, Cloudforms Managementengine and 3 more | 2024-11-21 | N/A |
| There is an information leak vulnerability in Sprockets. Versions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower. Specially crafted requests can be used to access files that exists on the filesystem that is outside an application's root directory, when the Sprockets server is used in production. All users running an affected release should either upgrade or use one of the work arounds immediately. | ||||
| CVE-2018-3758 | 1 Express-cart Project | 1 Express-cart | 2024-11-21 | 8.8 High |
| Unrestricted file upload (RCE) in express-cart module before 1.1.7 allows a privileged user to gain access in the hosting machine. | ||||
| CVE-2018-3744 | 1 Html-pages Project | 1 Html-pages | 2024-11-21 | 9.8 Critical |
| The html-pages node module contains a path traversal vulnerabilities that allows an attacker to read any file from the server with cURL. | ||||
| CVE-2018-3734 | 1 Stattic Project | 1 Stattic | 2024-11-21 | 7.5 High |
| stattic node module suffers from a Path Traversal vulnerability due to lack of validation of path, which allows a malicious user to read content of any file with known path. | ||||
| CVE-2018-3733 | 1 Crud-file-server Project | 1 Crud-file-server | 2024-11-21 | 7.5 High |
| crud-file-server node module before 0.9.0 suffers from a Path Traversal vulnerability due to incorrect validation of url, which allows a malicious user to read content of any file with known path. | ||||