Total
6500 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2018-25046 | 1 Cloudfoundry | 1 Archiver | 2024-08-05 | 9.1 Critical |
Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory. | ||||
CVE-2018-20437 | 1 Mrbird | 1 Febs-shiro | 2024-08-05 | 7.5 High |
An issue was discovered in the fileDownload function in the CommonController class in FEBS-Shiro before 2018-11-05. An attacker can download a file via a request of the form /common/download?filename=1.jsp&delete=false. NOTE: the software maintainer disputes the significance of this report because the product uses a JAR archive for deployment, and this contains application.yml with configuration data | ||||
CVE-2018-18586 | 1 Kyzer | 1 Libmspack | 2024-08-05 | N/A |
chmextract.c in the chmextract sample program, as distributed with libmspack before 0.8alpha, does not protect against absolute/relative pathnames in CHM files, leading to Directory Traversal. NOTE: the vendor disputes that this is a libmspack vulnerability, because chmextract.c was only intended as a source-code example, not a supported application | ||||
CVE-2018-20794 | 1 Tecrail | 1 Responsive Filemanager | 2024-08-05 | N/A |
tecrail Responsive FileManager 9.13.4 allows remote attackers to write to an arbitrary image file (jpg/jpeg/png) via path traversal with the path parameter, through the save_img action in ajax_calls.php. | ||||
CVE-2018-20793 | 1 Tecrail | 1 Responsive Filemanager | 2024-08-05 | N/A |
tecrail Responsive FileManager 9.13.4 allows remote attackers to write to an arbitrary file as a consequence of a paths[0] path traversal mitigation bypass, through the create_file action in execute.php. | ||||
CVE-2018-20789 | 1 Tecrail | 1 Responsive Filemanager | 2024-08-05 | N/A |
tecrail Responsive FileManager 9.13.4 allows remote attackers to delete an arbitrary directory as a consequence of a paths[0] path traversal mitigation bypass through the delete_folder action in execute.php. | ||||
CVE-2018-20792 | 1 Tecrail | 1 Responsive Filemanager | 2024-08-05 | N/A |
tecrail Responsive FileManager 9.13.4 allows remote attackers to read arbitrary file via path traversal with the path parameter, through the get_file action in ajax_calls.php. | ||||
CVE-2018-20795 | 1 Tecrail | 1 Responsive Filemanager | 2024-08-05 | N/A |
tecrail Responsive FileManager 9.13.4 allows remote attackers to read arbitrary files via path traversal with the path parameter, through the copy_cut action in ajax_calls.php and the paste_clipboard action in execute.php. | ||||
CVE-2018-20790 | 1 Tecrail | 1 Responsive Filemanager | 2024-08-05 | N/A |
tecrail Responsive FileManager 9.13.4 allows remote attackers to delete an arbitrary file as a consequence of a paths[0] path traversal mitigation bypass through the delete_file action in execute.php. | ||||
CVE-2018-20646 | 1 Basic B2b Script Project | 1 Basic B2b Script | 2024-08-05 | N/A |
PHP Scripts Mall Basic B2B Script 2.0.9 has has directory traversal via a direct request for a listing of an image directory such as an uploads/ directory. | ||||
CVE-2018-20714 | 1 Woocommerce | 1 Woocommerce | 2024-08-05 | N/A |
The logging system of the Automattic WooCommerce plugin before 3.4.6 for WordPress is vulnerable to a File Deletion vulnerability. This allows deletion of woocommerce.php, which leads to certain privilege checks not being in place, and therefore a shop manager can escalate privileges to admin. | ||||
CVE-2018-20630 | 1 Advance Crowdfunding Script Project | 1 Advance Crowdfunding Script | 2024-08-05 | N/A |
PHP Scripts Mall Advance Crowdfunding Script 2.0.3 has directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2018/12 directory. | ||||
CVE-2018-20629 | 1 Charity Donation Script Project | 1 Charity Donation Script | 2024-08-05 | N/A |
PHP Scripts Mall Charity Donation Script readymadeb2bscript has directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2018/12 directory. | ||||
CVE-2018-20647 | 1 Car Rental Script Project | 1 Car Rental Script | 2024-08-05 | N/A |
PHP Scripts Mall Car Rental Script 2.0.8 has directory traversal via a direct request for a listing of an image directory such as an images/ directory. | ||||
CVE-2018-20626 | 1 Consumer Reviews Script Project | 1 Consumer Reviews Script | 2024-08-05 | N/A |
PHP Scripts Mall Consumer Reviews Script 4.0.3 has directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2018/12 directory. | ||||
CVE-2018-20631 | 1 Website Seller Script Project | 1 Website Seller Script | 2024-08-05 | N/A |
PHP Scripts Mall Website Seller Script 2.0.5 allows full Path Disclosure via a request for an arbitrary image URL such as a .png file. | ||||
CVE-2018-20643 | 1 Entrepreneur Job Portal Script Project | 1 Entrepreneur Job Portal Script | 2024-08-05 | N/A |
PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has directory traversal via a direct request for a listing of an image directory such as an assets/ directory. | ||||
CVE-2018-20638 | 1 Chartered Accountant \ | 1 Auditor Website Project | 2024-08-05 | N/A |
PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has directory traversal via a direct request for a listing of an image directory such as an assets/ directory. | ||||
CVE-2018-20628 | 1 Charity Foundation Script Project | 1 Charity Foundation Script | 2024-08-05 | N/A |
PHP Scripts Mall Charity Foundation Script 1 through 3 allows directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2018/12 directory. | ||||
CVE-2018-20635 | 1 Advance B2b Script Project | 1 Advance B2b Script | 2024-08-05 | N/A |
PHP Scripts Mall Advance B2B Script 2.1.4 has directory traversal via a direct request for a listing of an image directory such as an assets/ directory. |