Total
6500 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-20525 | 1 Roxyfileman | 1 Roxy Fileman | 2024-08-05 | 9.1 Critical |
| Roxy Fileman 1.4.5 allows Directory Traversal in copydir.php, copyfile.php, and fileslist.php. | ||||
| CVE-2018-20470 | 1 Sahipro | 1 Sahi Pro | 2024-08-05 | 7.5 High |
| An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A directory traversal (arbitrary file access) vulnerability exists in the web reports module. This allows an outside attacker to view contents of sensitive files. | ||||
| CVE-2018-20463 | 1 Jsmol2wp Project | 1 Jsmol2wp | 2024-08-05 | N/A |
| An issue was discovered in the JSmol2WP plugin 1.07 for WordPress. There is an arbitrary file read vulnerability via ../ directory traversal in query=php://filter/resource= in the jsmol.php query string. This can also be used for SSRF. | ||||
| CVE-2018-20303 | 1 Gogs | 1 Gogs | 2024-08-05 | N/A |
| In pkg/tool/path.go in Gogs before 0.11.82.1218, a directory traversal in the file-upload functionality can allow an attacker to create a file under data/sessions on the server, a similar issue to CVE-2018-18925. | ||||
| CVE-2018-20332 | 1 Openwebif Project | 1 Openwebif | 2024-08-05 | N/A |
| An issue has been discovered in the OpenWebif plugin through 1.2.4 for Enigma2 based devices. Reading of arbitrary files is possible with /file?action=download&file= followed by a full pathname, and listing of arbitrary directories is possible with /file?action=download&dir= followed by a full pathname. This is related to plugin/controllers/file.py in the e2openplugin-OpenWebif project. | ||||
| CVE-2018-20229 | 1 Gitlab | 1 Gitlab | 2024-08-05 | N/A |
| GitLab Community and Enterprise Edition before 11.3.14, 11.4.x before 11.4.12, and 11.5.x before 11.5.5 allows Directory Traversal. | ||||
| CVE-2018-20144 | 1 Gitlab | 1 Gitlab | 2024-08-05 | N/A |
| GitLab Community and Enterprise Edition 11.x before 11.3.13, 11.4.x before 11.4.11, and 11.5.x before 11.5.4 has Incorrect Access Control. | ||||
| CVE-2018-20128 | 1 Usualtool | 1 Usualtoolcms | 2024-08-05 | N/A |
| An issue was discovered in UsualToolCMS v8.0. cmsadmin\a_sqlback.php allows remote attackers to delete arbitrary files via a backname[] directory-traversal pathname followed by a crafted substring. | ||||
| CVE-2018-20064 | 1 Doorgets | 1 Doorgets | 2024-08-05 | N/A |
| doorGets 7.0 allows remote attackers to write to arbitrary files via directory traversal, as demonstrated by a dg-user/?controller=theme&action=edit&name=doorgets&file=../../1.txt%00 URI with content in the theme_content_nofi parameter. | ||||
| CVE-2018-20092 | 1 Ptc | 1 Thingworx Platform | 2024-08-05 | N/A |
| PTC ThingWorx Platform through 8.3.0 is vulnerable to a directory traversal attack on ZIP files via a POST request. | ||||
| CVE-2018-20058 | 1 Evernote | 1 Evernote | 2024-08-05 | N/A |
| In Evernote before 7.6 on macOS, there is a local file path traversal issue in attachment previewing, aka MACOSNOTE-28634. | ||||
| CVE-2018-19856 | 1 Gitlab | 1 Gitlab | 2024-08-05 | N/A |
| GitLab CE/EE before 11.3.12, 11.4.x before 11.4.10, and 11.5.x before 11.5.3 allows Directory Traversal in Templates API. | ||||
| CVE-2018-19859 | 1 Openrefine | 1 Openrefine | 2024-08-05 | N/A |
| OpenRefine before 3.2 beta allows directory traversal via a relative pathname in a ZIP archive. | ||||
| CVE-2018-19753 | 1 Oracle | 1 Tarantella Enterprise | 2024-08-05 | N/A |
| Tarantella Enterprise before 3.11 allows Directory Traversal. | ||||
| CVE-2018-19586 | 1 Silverpeas | 1 Silverpeas | 2024-08-05 | N/A |
| Silverpeas 5.15 through 6.0.2 is affected by an authenticated Directory Traversal vulnerability that can be triggered during file uploads because core/webapi/upload/FileUploadData.java mishandles a StringUtil.java call. This vulnerability enables regular users to write arbitrary files on the underlying system with privileges of the user running the application. Especially, an attacker may leverage the vulnerability to write an executable JSP file in an exposed web directory to execute commands on the underlying system. | ||||
| CVE-2018-19512 | 1 Ens | 1 Webgalamb | 2024-08-05 | N/A |
| In Webgalamb through 7.0, a system/ajax.php "wgmfile restore" directory traversal vulnerability could lead to arbitrary code execution by authenticated administrator users, because PHP files are restored under the document root directory. | ||||
| CVE-2018-19365 | 1 Wowza | 1 Streaming Engine | 2024-08-05 | 9.1 Critical |
| The REST API in Wowza Streaming Engine 4.7.4.01 allows traversal of the directory structure and retrieval of a file via a remote, specifically crafted HTTP request. | ||||
| CVE-2018-19328 | 1 Laobancms | 1 Laobancms | 2024-08-05 | N/A |
| LAOBANCMS 2.0 allows install/mysql_hy.php?riqi=../ Directory Traversal. | ||||
| CVE-2018-19329 | 1 Greencms | 1 Greencms | 2024-08-05 | N/A |
| GreenCMS v2.3.0603 allows remote authenticated administrators to delete arbitrary files by modifying a base64-encoded pathname in an m=admin&c=media&a=delfilehandle&id= call, related to the m=admin&c=media&a=restorefile delete button. | ||||
| CVE-2018-19052 | 4 Debian, Lighttpd, Opensuse and 1 more | 5 Debian Linux, Lighttpd, Backports Sle and 2 more | 2024-08-05 | 7.5 High |
| An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias configuration where the matched alias lacks a trailing '/' character, but the alias target filesystem path does have a trailing '/' character. | ||||