Total
8402 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-11822 | 1 Synology | 1 Photo Station | 2024-11-21 | 4.3 Medium |
| Relative path traversal vulnerability in SYNO.PhotoStation.File in Synology Photo Station before 6.8.11-3489 and before 6.3-2977 allows remote attackers to upload arbitrary files via the uploadphoto parameter. | ||||
| CVE-2019-11654 | 1 Microfocus | 1 Verastream Host Integrator | 2024-11-21 | 7.5 High |
| Path traversal vulnerability in Micro Focus Verastream Host Integrator (VHI), versions 7.7 SP2 and earlier, The vulnerability allows remote unauthenticated attackers to read arbitrary files. | ||||
| CVE-2019-11624 | 1 Doorgets | 1 Doorgets Cms | 2024-11-21 | N/A |
| doorGets 7.0 has an arbitrary file deletion vulnerability in /doorgets/app/requests/user/configurationRequest.php. A remote background administrator privilege user can exploit this vulnerability to delete arbitrary files. | ||||
| CVE-2019-11612 | 1 Doorgets | 1 Doorgets Cms | 2024-11-21 | N/A |
| doorGets 7.0 has an arbitrary file deletion vulnerability in /fileman/php/deletefile.php. A remote unauthenticated attacker can exploit this vulnerability to delete arbitrary files. | ||||
| CVE-2019-11611 | 1 Doorgets | 1 Doorgets Cms | 2024-11-21 | N/A |
| doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/download.php. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information. | ||||
| CVE-2019-11610 | 1 Doorgets | 1 Doorgets Cms | 2024-11-21 | N/A |
| doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/downloaddir.php. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information. | ||||
| CVE-2019-11609 | 1 Doorgets | 1 Doorgets Cms | 2024-11-21 | N/A |
| doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/movefile.php. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information or make the server unserviceable. | ||||
| CVE-2019-11608 | 1 Doorgets | 1 Doorgets Cms | 2024-11-21 | N/A |
| doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/renamefile.php. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information or make the server unserviceable. | ||||
| CVE-2019-11607 | 1 Doorgets | 1 Doorgets Cms | 2024-11-21 | N/A |
| doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/copydir.php. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information. | ||||
| CVE-2019-11606 | 1 Doorgets | 1 Doorgets Cms | 2024-11-21 | N/A |
| doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/copyfile.php. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information. | ||||
| CVE-2019-11603 | 1 Bosch | 2 Iot Gateway Software, Prosyst Mbs Sdk | 2024-11-21 | N/A |
| A HTTP Traversal Attack in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.0.2 allows remote attackers to read files outside the http root. | ||||
| CVE-2019-11601 | 1 Bosch | 2 Iot Gateway Software, Prosyst Mbs Sdk | 2024-11-21 | 7.5 High |
| A directory traversal vulnerability in remote access to backup & restore in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.2.0 allows remote attackers to write or delete files at any location. | ||||
| CVE-2019-11591 | 1 Web-dorado | 1 Contact Form | 2024-11-21 | 8.8 High |
| The WebDorado Contact Form plugin before 1.13.5 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because there can be a discrepancy between the $_POST['action'] value and the $_GET['action'] value, and the latter is unsanitized. | ||||
| CVE-2019-11590 | 1 10web | 1 Form Maker | 2024-11-21 | N/A |
| The 10Web Form Maker plugin before 1.13.5 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because there can be a discrepancy between the $_POST['action'] value and the $_GET['action'] value, and the latter is unsanitized. | ||||
| CVE-2019-11557 | 1 Web-dorado | 1 Wp Form Builder | 2024-11-21 | 8.8 High |
| The WebDorado Contact Form Builder plugin before 1.0.69 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because there can be a discrepancy between the $_POST['action'] value and the $_GET['action'] value, and the latter is unsanitized. | ||||
| CVE-2019-11515 | 1 Gilacms | 1 Gila Cms | 2024-11-21 | N/A |
| core/classes/db_backup.php in Gila CMS 1.10.1 allows admin/db_backup?download= absolute path traversal to read arbitrary files. | ||||
| CVE-2019-11508 | 2 Ivanti, Pulsesecure | 2 Connect Secure, Pulse Connect Secure | 2024-11-21 | 7.2 High |
| In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an authenticated attacker (via the admin web interface) can exploit Directory Traversal to execute arbitrary code on the appliance. | ||||
| CVE-2019-11397 | 2 Microsoft, Rapidflows | 2 .net Framework, Rapid4 | 2024-11-21 | N/A |
| GetFile.aspx in Rapid4 RapidFlows Enterprise Application Builder 4.5M.23 (when used with .NET Framework 4.5) allows Local File Inclusion via the FileDesc parameter. | ||||
| CVE-2019-11378 | 1 Projectsend | 1 Projectsend | 2024-11-21 | N/A |
| An issue was discovered in ProjectSend r1053. upload-process-form.php allows finished_files[]=../ directory traversal. It is possible for users to read arbitrary files and (potentially) access the supporting database, delete arbitrary files, access user passwords, or run arbitrary code. | ||||
| CVE-2019-11327 | 1 Topcon | 2 Net-g5, Net-g5 Firmware | 2024-11-21 | 4.9 Medium |
| An issue was discovered on Topcon Positioning Net-G5 GNSS Receiver devices with firmware 5.2.2. The web interface of the product has a local file inclusion vulnerability. An attacker with administrative privileges can craft a special URL to read arbitrary files from the device's files system. | ||||