Total
6500 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2018-16831 | 1 Smarty | 1 Smarty | 2024-08-05 | N/A |
Smarty before 3.1.33-dev-4 allows attackers to bypass the trusted_dir protection mechanism via a file:./../ substring in an include statement. | ||||
CVE-2018-16820 | 1 Monstra | 1 Monstra | 2024-08-05 | N/A |
admin/index.php in Monstra CMS 3.0.4 allows arbitrary directory listing via id=filesmanager&path=uploads/.......//./.......//./ requests. | ||||
CVE-2018-16716 | 1 Nih | 1 Ncbi Toolbox | 2024-08-05 | N/A |
A path traversal vulnerability exists in viewcgi.c in the 2.0.7 through 2.2.26 legacy versions of the NCBI ToolBox, which may result in reading of arbitrary files (i.e., significant information disclosure) or file deletion via the nph-viewgif.cgi query string. | ||||
CVE-2018-16493 | 1 Static-resource-server Project | 1 Static-resource-server | 2024-08-05 | N/A |
A path traversal vulnerability was found in module static-resource-server 1.7.2 that allows unauthorized read access to any file on the server by appending slashes in the URL. | ||||
CVE-2018-16478 | 1 Simplehttpserver Project | 1 Simplehttpserver | 2024-08-05 | N/A |
A Path Traversal in simplehttpserver versions <=0.2.1 allows to list any file in another folder of web root. | ||||
CVE-2018-16594 | 1 Sony | 105 Kd-43xe7000, Kd-43xe7002, Kd-43xe7003 and 102 more | 2024-08-05 | N/A |
The Photo Sharing Plus component on Sony Bravia TV through 8.587 devices allows Directory Traversal. | ||||
CVE-2018-16446 | 1 Seamcms | 1 Seacms | 2024-08-05 | N/A |
An issue was discovered in SeaCMS through 6.61. adm1n/admin_database.php allows remote attackers to delete arbitrary files via directory traversal sequences in the bakfiles parameter. This can allow the product to be reinstalled by deleting install_lock.txt. | ||||
CVE-2018-16479 | 1 Http-live-simulator Project | 1 Http-live-simulator | 2024-08-05 | N/A |
Path traversal vulnerability in http-live-simulator <1.0.7 causes unauthorized access to arbitrary files on disk by appending extra slashes after the URL. | ||||
CVE-2018-16473 | 1 Takeapeek Project | 1 Takeapeek | 2024-08-05 | N/A |
A path traversal in takeapeek module versions <=0.2.2 allows an attacker to list directory and files. | ||||
CVE-2018-16485 | 1 M-server Project | 1 M-server | 2024-08-05 | N/A |
Path Traversal vulnerability in module m-server <1.4.1 allows malicious user to access unauthorized content of any file in the directory tree e.g. /etc/passwd by appending slashes to the URL request. | ||||
CVE-2018-16457 | 1 Open Source Real-estate Script Project | 1 Open Source Real-estate Script | 2024-08-05 | N/A |
PHP Scripts Mall Open Source Real-estate Script 3.6.2 allows remote attackers to list the wp-content/themes/template_dp_dec2015/img directory. | ||||
CVE-2018-16475 | 1 Knight Project | 1 Knight | 2024-08-05 | N/A |
A Path Traversal in Knightjs versions <= 0.0.1 allows an attacker to read content of arbitrary files on a remote server. | ||||
CVE-2018-16437 | 1 Gxlcms | 1 Gxlcms | 2024-08-05 | N/A |
Gxlcms 2.0 before bug fix 20180915 has Directory Traversal exploitable by an administrator. | ||||
CVE-2018-16482 | 1 Mcstatic Project | 1 Mcstatic | 2024-08-05 | 7.5 High |
A server directory traversal vulnerability was found on node module mcstatic <=0.0.20 that would allow an attack to access sensitive information in the file system by appending slashes in the URL path. | ||||
CVE-2018-16367 | 1 Qduoj | 1 Onlinejudge | 2024-08-05 | N/A |
In OnlineJudge 2.0, the sandbox has an incorrect access control vulnerability that can write a file anywhere. A user can write a directory listing to /tmp, and can leak file data with a #include. | ||||
CVE-2018-16344 | 1 Zzcms | 1 Zzcms | 2024-08-05 | N/A |
An issue was discovered in zzcms 8.3. It allows remote attackers to delete arbitrary files via directory traversal sequences in the flv parameter. This can be leveraged for database access by deleting install.lock. | ||||
CVE-2018-16320 | 1 Idreamsoft | 1 Icms | 2024-08-05 | N/A |
idreamsoft iCMS 7.0.11 allows admincp.php?app=config Directory Traversal, resulting in execution of arbitrary PHP code from a ZIP file. | ||||
CVE-2018-16237 | 1 Damicms | 1 Damicms | 2024-08-05 | N/A |
An issue was discovered in damiCMS V6.0.1. There is Directory Traversal via '|' characters in the s parameter to admin.php, as demonstrated by an admin.php?s=Tpl/Add/id/c:|windows|win.ini URI. | ||||
CVE-2018-16221 | 1 Yealink | 2 Ultra-elegant Ip Phone Sip-t41p, Ultra-elegant Ip Phone Sip-t41p Firmware | 2024-08-05 | N/A |
The diagnostics web interface in the Yeahlink Ultra-elegant IP Phone SIP-T41P (firmware 66.83.0.35) does not validate (escape) the path information (path traversal), which allows an authenticated remote attacker to get access to privileged information (e.g., /etc/passwd) via path traversal (relative path information in the file parameter of the corresponding POST request). | ||||
CVE-2018-16299 | 1 Localize My Post Project | 1 Localize My Post | 2024-08-05 | N/A |
The Localize My Post plugin 1.0 for WordPress allows Directory Traversal via the ajax/include.php file parameter. |