Total
6500 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-19124 | 2 Microsoft, Prestashop | 2 Windows, Prestashop | 2024-08-05 | N/A |
| PrestaShop 1.6.x before 1.6.1.23 and 1.7.x before 1.7.4.4 on Windows allows remote attackers to write to arbitrary image files. | ||||
| CVE-2018-19043 | 1 Media File Manager Project | 1 Media File Manager | 2024-08-05 | N/A |
| The Media File Manager plugin 1.4.2 for WordPress allows arbitrary file renaming (specifying a "from" and "to" filename) via a ../ directory traversal in the dir parameter of an mrelocator_rename action to the wp-admin/admin-ajax.php URI. | ||||
| CVE-2018-19042 | 1 Media File Manager Project | 1 Media File Manager | 2024-08-05 | N/A |
| The Media File Manager plugin 1.4.2 for WordPress allows arbitrary file movement via a ../ directory traversal in the dir_from and dir_to parameters of an mrelocator_move action to the wp-admin/admin-ajax.php URI. | ||||
| CVE-2018-19040 | 1 Media File Manager Project | 1 Media File Manager | 2024-08-05 | N/A |
| The Media File Manager plugin 1.4.2 for WordPress allows directory listing via a ../ directory traversal in the dir parameter of an mrelocator_getdir action to the wp-admin/admin-ajax.php URI. | ||||
| CVE-2018-18863 | 1 Ngahr | 1 Resourcelink | 2024-08-05 | N/A |
| NGA ResourceLink 20.0.2.1 allows local file inclusion. | ||||
| CVE-2018-19003 | 1 Ge | 6 Ex2100e, Ex2100e Firmware, Ls2100e and 3 more | 2024-08-05 | N/A |
| GE Mark VIe, EX2100e, EX2100e_Reg, and LS2100e Versions 03.03.28C to 05.02.04C, EX2100e All versions prior to v04.09.00C, EX2100e_Reg All versions prior to v04.09.00C, and LS2100e All versions prior to v04.09.00C The affected versions of the application have a path traversal vulnerability that fails to restrict the ability of an attacker to gain access to restricted information. | ||||
| CVE-2018-18894 | 1 Lexmark | 98 6500e, 6500e Firmware, C748 and 95 more | 2024-08-05 | 7.5 High |
| Certain older Lexmark devices (C, M, X, and 6500e before 2018-12-18) contain a directory traversal vulnerability in the embedded web server. | ||||
| CVE-2018-18876 | 1 Columbiaweather | 2 Weather Microserver, Weather Microserver Firmware | 2024-08-05 | N/A |
| In firmware version MS_2.6.9900 of Columbia Weather MicroServer, a readouts_rd.php directory traversal issue makes it possible to read any file present on the underlying operating system. | ||||
| CVE-2018-18936 | 1 Popojicms | 1 Popojicms | 2024-08-05 | N/A |
| An issue was discovered in PopojiCMS v2.0.1. admin_library.php allows remote attackers to delete arbitrary files via directory traversal in the po-admin/route.php?mod=library&act=delete id parameter. | ||||
| CVE-2018-18831 | 1 Mingsoft | 1 Mcms | 2024-08-05 | N/A |
| An issue was discovered in com\mingsoft\cms\action\GeneraterAction.java in MCMS 4.6.5. An attacker can write a .jsp file (in the position parameter) to an arbitrary directory via a ../ Directory Traversal in the url parameter. | ||||
| CVE-2018-18713 | 1 Phpyun | 1 Phpyun | 2024-08-05 | N/A |
| The function down_sql_action() in /admin/model/database.class.php in PHPYun 4.6 allows remote attackers to read arbitrary files via directory traversal in an m=database&c=down_sql&name=../ URI. | ||||
| CVE-2018-18703 | 1 Phptpoint | 1 Mailing Server Using File Handling | 2024-08-05 | N/A |
| PhpTpoint Mailing Server Using File Handling 1.0 suffers from multiple Arbitrary File Read vulnerabilities in different sections that allow an attacker to read sensitive files on the system via directory traversal, bypassing the login page, as demonstrated by the Mailserver_filesystem/home.php coninb, consent, contrsh, condrft, or conspam parameter. | ||||
| CVE-2018-18777 | 1 Microstrategy | 1 Microstrategy Web | 2024-08-05 | N/A |
| Directory traversal vulnerability in Microstrategy Web, version 7, in "/WebMstr7/servlet/mstrWeb" (in the parameter subpage) allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application. NOTE: this is a deprecated product. | ||||
| CVE-2018-18552 | 1 Serverscheck | 1 Monitoring Software | 2024-08-05 | N/A |
| ServersCheck Monitoring Software through 14.3.3 allows local users to cause a denial of service (menu functionality loss) by creating an LNK file that points to a second LNK file, if this second LNK file is associated with a Start menu. Ultimately, this behavior comes from a Directory Traversal bug (via the sensor_details.html id parameter) that allows creating empty files in arbitrary directories. | ||||
| CVE-2018-18576 | 1 Incsub | 1 Hustle | 2024-08-05 | 5.3 Medium |
| The Hustle (aka wordpress-popup) plugin through 6.0.5 for WordPress allows Directory Traversal to obtain a directory listing via the views/admin/dashboard/ URI. | ||||
| CVE-2018-18434 | 1 Litemall Project | 1 Litemall | 2024-08-05 | N/A |
| An issue was discovered in litemall 0.9.0. Arbitrary file download is possible via ../ directory traversal in linlinjava/litemall/wx/web/WxStorageController.java in the litemall-wx-api component. | ||||
| CVE-2018-18312 | 5 Canonical, Debian, Netapp and 2 more | 9 Ubuntu Linux, Debian Linux, E-series Santricity Os Controller and 6 more | 2024-08-05 | N/A |
| Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. | ||||
| CVE-2018-18323 | 1 Control-webpanel | 1 Webpanel | 2024-08-05 | N/A |
| CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has Local File Inclusion via directory traversal with an admin/index.php?module=file_editor&file=/../ URI. | ||||
| CVE-2018-18257 | 1 Bagesoft | 1 Bagecms | 2024-08-05 | N/A |
| An issue was discovered in BageCMS 3.1.3. An attacker can delete any files and folders on the web server via an index.php?r=admini/template/batch&command=deleteFile&fileName= or index.php?r=admini/template/batch&command=deleteFolder&folderName=../ directory traversal URI. | ||||
| CVE-2018-17934 | 1 Nuuo | 1 Nuuo Cms | 2024-08-05 | N/A |
| NUUO CMS All versions 3.3 and prior the application allows external input to construct a pathname that is able to be resolved outside the intended directory. This could allow an attacker to impersonate a legitimate user, obtain restricted information, or execute arbitrary code. | ||||