Total
6500 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2018-17837 | 1 Jtbc | 1 Jtbc Php | 2024-08-05 | N/A |
An issue was discovered in JTBC(PHP) 3.0.1.6. Arbitrary file deletion is possible via a /console/file/manage.php?type=action&action=delete&path=c%3A%2F substring. | ||||
CVE-2018-17828 | 2 Redhat, Zziplib Project | 2 Enterprise Linux, Zziplib | 2024-08-05 | N/A |
Directory traversal vulnerability in ZZIPlib 0.13.69 allows attackers to overwrite arbitrary files via a .. (dot dot) in a zip file, because of the function unzzip_cat in the bins/unzzipcat-mem.c file. | ||||
CVE-2018-17838 | 1 Jtbc | 1 Jtbc Php | 2024-08-05 | N/A |
An issue was discovered in JTBC(PHP) 3.0.1.6. Arbitrary file read operations are possible via a /console/#/console/file/manage.php?type=list&path=c:/ substring. | ||||
CVE-2018-17798 | 1 Zzcms | 1 Zzcms | 2024-08-05 | N/A |
An issue was discovered in zzcms 8.3. user/ztconfig.php allows remote attackers to delete arbitrary files via an absolute pathname in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock. | ||||
CVE-2018-17836 | 1 Jtbc | 1 Jtbc Php | 2024-08-05 | N/A |
An issue was discovered in JTBC(PHP) 3.0.1.6. It allows remote attackers to execute arbitrary PHP code by using a /console/file/manage.php?type=action&action=addfile&path=..%2F substring to upload, in conjunction with a multipart/form-data PHP payload. | ||||
CVE-2018-17797 | 1 Zzcms | 1 Zzcms | 2024-08-05 | N/A |
An issue was discovered in zzcms 8.3. user/zssave.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock. | ||||
CVE-2018-17605 | 1 Asset Pipeline Project | 1 Asset-pipeline | 2024-08-05 | N/A |
An issue was discovered in the Asset Pipeline plugin before 3.0.4 for Grails. An attacker can perform directory traversal via a crafted request when a servlet-based application is executed in Jetty, because there is a classloader vulnerability that can allow a reverse file traversal route in AssetPipelineFilter.groovy or AssetPipelineFilterCore.groovy. | ||||
CVE-2018-17553 | 1 Naviwebs | 1 Navigate Cms | 2024-08-05 | N/A |
An "Unrestricted Upload of File with Dangerous Type" issue with directory traversal in navigate_upload.php in Naviwebs Navigate CMS 2.8 allows authenticated attackers to achieve remote code execution via a POST request with engine=picnik and id=../../../navigate_info.php. | ||||
CVE-2018-17444 | 1 Citrix | 2 Netscaler Sd-wan, Sd-wan | 2024-08-05 | N/A |
A Directory Traversal issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. | ||||
CVE-2018-17365 | 1 Seacms | 1 Seacms | 2024-08-05 | 7.5 High |
SeaCMS 6.64 and 7.2 allows remote attackers to delete arbitrary files via the filedir parameter. | ||||
CVE-2018-17297 | 1 Hutool | 1 Hutool | 2024-08-05 | N/A |
The unzip function in ZipUtil.java in Hutool before 4.1.12 allows remote attackers to overwrite arbitrary files via directory traversal sequences in a filename within a ZIP archive. | ||||
CVE-2018-17180 | 1 Open-emr | 1 Openemr | 2024-08-05 | N/A |
An issue was discovered in OpenEMR before 5.0.1 Patch 7. Directory Traversal exists via docid=../ to /portal/lib/download_template.php. | ||||
CVE-2018-17125 | 1 Chshcms | 1 Cscms | 2024-08-05 | N/A |
CScms 4.1 allows arbitrary directory deletion via a dir=..\\ substring to plugins\sys\admin\Plugins.php. | ||||
CVE-2018-16968 | 1 Citrix | 1 Sharefile Storagezones Controller | 2024-08-05 | N/A |
Citrix ShareFile StorageZones Controller before 5.4.2 allows Directory Traversal. | ||||
CVE-2018-16961 | 1 Buffalo | 1 Open Xdmod | 2024-08-05 | N/A |
An issue was discovered in Open XDMoD through 7.5.0. html/gui/general/dl_publication.php allows Path traversal via the file parameter, allowing remote attackers to read PDF files in arbitrary directories. | ||||
CVE-2018-16874 | 4 Debian, Golang, Opensuse and 1 more | 5 Debian Linux, Go, Backports Sle and 2 more | 2024-08-05 | 8.1 High |
In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both '{' and '}' characters). Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). The attacker can cause an arbitrary filesystem write, which can lead to code execution. | ||||
CVE-2018-16858 | 2 Libreoffice, Redhat | 2 Libreoffice, Enterprise Linux | 2024-08-05 | N/A |
It was found that libreoffice before versions 6.0.7 and 6.1.3 was vulnerable to a directory traversal attack which could be used to execute arbitrary macros bundled with a document. An attacker could craft a document, which when opened by LibreOffice, would execute a Python method from a script in any arbitrary file system location, specified relative to the LibreOffice install location. | ||||
CVE-2018-16836 | 1 Rubedo Project | 1 Rubedo | 2024-08-05 | 9.8 Critical |
Rubedo through 3.4.0 contains a Directory Traversal vulnerability in the theme component, allowing unauthenticated attackers to read and execute arbitrary files outside of the service root path, as demonstrated by a /theme/default/img/%2e%2e/..//etc/passwd URI. | ||||
CVE-2018-16774 | 1 Hongcms Project | 1 Hongcms | 2024-08-05 | N/A |
HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/language/ajax?action=delete. | ||||
CVE-2018-16819 | 1 Monstra | 1 Monstra | 2024-08-05 | N/A |
admin/index.php in Monstra CMS 3.0.4 allows arbitrary file deletion via id=filesmanager&path=uploads/.......//./.......//./&delete_file= requests. |