Total
6500 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-16283 | 1 Wechat Brodcast Project | 1 Wechat Brodcast | 2024-08-05 | N/A |
| The Wechat Broadcast plugin 1.2.0 and earlier for WordPress allows Directory Traversal via the Image.php url parameter. | ||||
| CVE-2018-16170 | 2 Cybozu, Microsoft | 2 Remote Service Manager, Windows | 2024-08-05 | N/A |
| Directory traversal vulnerability in Cybozu Remote Service 3.0.0 to 3.1.8 for Windows allows remote authenticated attackers to read arbitrary files via unspecified vectors. | ||||
| CVE-2018-16202 | 1 Ionicframework | 1 Ionic Web View | 2024-08-05 | 8.6 High |
| Directory traversal vulnerability in cordova-plugin-ionic-webview versions prior to 2.2.0 (not including 2.0.0-beta.0, 2.0.0-beta.1, 2.0.0-beta.2, and 2.1.0-0) allows remote attackers to access arbitrary files via unspecified vectors. | ||||
| CVE-2018-16171 | 2 Cybozu, Microsoft | 2 Remote Service Manager, Windows | 2024-08-05 | N/A |
| Directory traversal vulnerability in Cybozu Remote Service 3.0.0 to 3.1.8 allows remote attackers to execute Java code file on the server via unspecified vectors. | ||||
| CVE-2018-16133 | 1 Cybrotech | 1 Cybrohttpserver | 2024-08-05 | N/A |
| Cybrotech CyBroHttpServer 1.0.3 allows Directory Traversal via a ../ in the URI. | ||||
| CVE-2018-16141 | 1 Thinkcmf | 1 Thinkcmfx | 2024-08-05 | N/A |
| ThinkCMF X2.2.3 has an arbitrary file deletion vulnerability in do_avatar in \application\User\Controller\ProfileController.class.php via an imgurl parameter with a ..\ sequence. A member user can delete any file on a Windows server. | ||||
| CVE-2018-16059 | 1 Endress | 2 Wirelesshart Fieldgate Swg70, Wirelesshart Fieldgate Swg70 Firmware | 2024-08-05 | N/A |
| Endress+Hauser WirelessHART Fieldgate SWG70 3.x devices allow Directory Traversal via the fcgi-bin/wgsetcgi filename parameter. | ||||
| CVE-2018-15810 | 1 Visiology | 1 Flipbox | 2024-08-05 | N/A |
| Visiology Flipbox Software Suite before 2.7.0 allows directory traversal via %5c%2e%2e%2f because it does not sanitize filename parameters. | ||||
| CVE-2018-15750 | 1 Saltstack | 1 Salt | 2024-08-05 | N/A |
| Directory Traversal vulnerability in salt-api in SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allows remote attackers to determine which files exist on the server. | ||||
| CVE-2018-15745 | 1 Argussurveillance | 1 Dvr | 2024-08-05 | N/A |
| Argus Surveillance DVR 4.0.0.0 devices allow Unauthenticated Directory Traversal, leading to File Disclosure via a ..%2F in the WEBACCOUNT.CGI RESULTPAGE parameter. | ||||
| CVE-2018-15664 | 2 Docker, Redhat | 2 Docker, Rhel Extras Other | 2024-08-05 | N/A |
| In Docker through 18.06.1-ce-rc2, the API endpoints behind the 'docker cp' command are vulnerable to a symlink-exchange attack with Directory Traversal, giving attackers arbitrary read-write access to the host filesystem with root privileges, because daemon/archive.go does not do archive operations on a frozen filesystem (or from within a chroot). | ||||
| CVE-2018-15610 | 1 Avaya | 1 Ip Office | 2024-08-05 | N/A |
| A vulnerability in the one-X Portal component of Avaya IP Office allows an authenticated attacker to read and delete arbitrary files on the system. Affected versions of Avaya IP Office include 9.1 through 9.1 SP12, 10.0 through 10.0 SP7, and 10.1 through 10.1 SP2. | ||||
| CVE-2018-15490 | 2 Expressvpn, Microsoft | 2 Expressvpn, Windows | 2024-08-05 | N/A |
| An issue was discovered in ExpressVPN on Windows. The Xvpnd.exe process (which runs as a service with SYSTEM privileges) listens on TCP port 2015, which is used as an RPC interface for communication with the client side of the ExpressVPN application. A JSON-RPC protocol over HTTP is used for communication. The JSON-RPC XVPN.GetPreference and XVPN.SetPreference methods are vulnerable to path traversal, and allow reading and writing files on the file system on behalf of the service. | ||||
| CVE-2018-15536 | 1 Tecrail | 1 Responsive Filemanager | 2024-08-05 | N/A |
| /filemanager/ajax_calls.php in tecrail Responsive FileManager before 9.13.4 does not properly validate file paths in archives, allowing for the extraction of crafted archives to overwrite arbitrary files via an extract action, aka Directory Traversal. | ||||
| CVE-2018-15540 | 1 Agentejo | 1 Cockpit | 2024-08-05 | N/A |
| Agentejo Cockpit performs actions on files without appropriate validation and therefore allows an attacker to traverse the file system to unintended locations and/or access arbitrary files, aka /media/api Directory Traversal. | ||||
| CVE-2018-15495 | 1 Tecrail | 1 Responsive Filemanager | 2024-08-05 | N/A |
| /filemanager/upload.php in Responsive FileManager before 9.13.3 allows Directory Traversal and SSRF because the url parameter is used directly in a curl_exec call, as demonstrated by a file:///etc/passwd value. | ||||
| CVE-2018-15535 | 1 Tecrail | 1 Responsive Filemanager | 2024-08-05 | N/A |
| /filemanager/ajax_calls.php in tecrail Responsive FileManager before 9.13.4 uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize get_file sequences such as ".." that can resolve to a location that is outside of that directory, aka Directory Traversal. | ||||
| CVE-2018-15141 | 1 Open-emr | 1 Openemr | 2024-08-05 | N/A |
| Directory traversal in portal/import_template.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker authenticated in the patient portal to delete arbitrary files via the "docid" parameter when the mode is set to delete. | ||||
| CVE-2018-15142 | 1 Open-emr | 1 Openemr | 2024-08-05 | N/A |
| Directory traversal in portal/import_template.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker authenticated in the patient portal to execute arbitrary PHP code by writing a file with a PHP extension via the "docid" and "content" parameters and accessing it in the traversed directory. | ||||
| CVE-2018-15140 | 1 Open-emr | 1 Openemr | 2024-08-05 | N/A |
| Directory traversal in portal/import_template.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker authenticated in the patient portal to read arbitrary files via the "docid" parameter when the mode is set to get. | ||||