Total
6500 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-15138 | 1 Ericssonlg | 1 Ipecs Nms | 2024-08-05 | N/A |
| Ericsson-LG iPECS NMS 30M allows directory traversal via ipecs-cm/download?filename=../ URIs. | ||||
| CVE-2018-14912 | 2 Cgit Project, Debian | 2 Cgit, Debian Linux | 2024-08-05 | N/A |
| cgit_clone_objects in CGit before 1.2.1 has a directory traversal vulnerability when `enable-http-clone=1` is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request. | ||||
| CVE-2018-14918 | 1 Loytec | 2 Lgate-902, Lgate-902 Firmware | 2024-08-05 | N/A |
| LOYTEC LGATE-902 6.3.2 devices allow Directory Traversal. | ||||
| CVE-2018-14957 | 1 Isweb | 1 Isweb | 2024-08-05 | N/A |
| CMS ISWEB 3.5.3 is vulnerable to directory traversal and local file download, as demonstrated by moduli/downloadFile.php?file=oggetto_documenti/../.././inc/config.php (one can take the control of the application because credentials are present in that config.php file). | ||||
| CVE-2018-14942 | 1 Harmonicinc | 2 Nsg 9000, Nsg 9000 Firmware | 2024-08-05 | N/A |
| Harmonic NSG 9000 devices allow remote authenticated users to conduct directory traversal attacks, as demonstrated by "POST /PY/EMULATION_GET_FILE" or "POST /PY/EMULATION_EXPORT" with FileName=../../../passwd in the POST data. | ||||
| CVE-2018-14927 | 1 Matera | 1 Banco | 2024-08-05 | N/A |
| Matera Banco 1.0.0 is vulnerable to path traversal (allowing access to system files outside the default application folder) via the /contingency/servlet/ServletFileDownload file parameter, related to /contingency/web/receiptQuery/receiptDisplay.jsp. | ||||
| CVE-2018-14847 | 1 Mikrotik | 1 Routeros | 2024-08-05 | N/A |
| MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface. | ||||
| CVE-2018-14672 | 1 Yandex | 1 Clickhouse | 2024-08-05 | N/A |
| In ClickHouse before 18.12.13, functions for loading CatBoost models allowed path traversal and reading arbitrary files through error messages. | ||||
| CVE-2018-14707 | 1 Drobo | 2 5n2, 5n2 Firmware | 2024-08-05 | N/A |
| Directory traversal in the Drobo Pix web application on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to upload files to arbitrary locations. | ||||
| CVE-2018-14654 | 2 Debian, Redhat | 8 Debian Linux, Enterprise Linux, Enterprise Linux Server and 5 more | 2024-08-05 | 6.5 Medium |
| The Gluster file system through version 4.1.4 is vulnerable to abuse of the 'features/index' translator. A remote attacker with access to mount volumes could exploit this via the 'GF_XATTROP_ENTRY_IN_KEY' xattrop to create arbitrary, empty files on the target server. | ||||
| CVE-2018-14371 | 2 Eclipse, Redhat | 4 Mojarra, Jboss Enterprise Application Platform, Jboss Enterprise Application Platform Cd and 1 more | 2024-08-05 | N/A |
| The getLocalePrefix function in ResourceManager.java in Eclipse Mojarra before 2.3.7 is affected by Directory Traversal via the loc parameter. A remote attacker can download configuration files or Java bytecodes from applications. | ||||
| CVE-2018-14429 | 1 Man-cgi Project | 1 Man-cgi | 2024-08-05 | N/A |
| man-cgi before 1.16 allows Local File Inclusion via absolute path traversal, as demonstrated by a cgi-bin/man-cgi?/etc/passwd URI. | ||||
| CVE-2018-14362 | 5 Canonical, Debian, Mutt and 2 more | 11 Ubuntu Linux, Debian Linux, Mutt and 8 more | 2024-08-05 | 9.8 Critical |
| An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c does not forbid characters that may have unsafe interaction with message-cache pathnames, as demonstrated by a '/' character. | ||||
| CVE-2018-14355 | 5 Canonical, Debian, Mutt and 2 more | 5 Ubuntu Linux, Debian Linux, Mutt and 2 more | 2024-08-05 | 5.3 Medium |
| An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/util.c mishandles ".." directory traversal in a mailbox name. | ||||
| CVE-2018-14364 | 1 Gitlab | 1 Gitlab | 2024-08-05 | N/A |
| GitLab Community and Enterprise Edition before 10.7.7, 10.8.x before 10.8.6, and 11.x before 11.0.4 allows Directory Traversal with write access and resultant remote code execution via the GitLab projects import component. | ||||
| CVE-2018-14363 | 2 Debian, Neomutt | 2 Debian Linux, Neomutt | 2024-08-05 | 7.5 High |
| An issue was discovered in NeoMutt before 2018-07-16. newsrc.c does not properly restrict '/' characters that may have unsafe interaction with cache pathnames. | ||||
| CVE-2018-14064 | 1 Velotismart Project | 2 Velotismart Wifi, Velotismart Wifi Firmware | 2024-08-05 | N/A |
| The uc-http service 1.0.0 on VelotiSmart WiFi B-380 camera devices allows Directory Traversal, as demonstrated by /../../etc/passwd on TCP port 80. | ||||
| CVE-2018-14056 | 2 Debian, Znc | 2 Debian Linux, Znc | 2024-08-05 | N/A |
| ZNC before 1.7.1-rc1 is prone to a path traversal flaw via ../ in a web skin name to access files outside of the intended skins directories. | ||||
| CVE-2018-13980 | 1 Zeta-producer | 1 Zeta Producer | 2024-08-05 | 5.5 Medium |
| The websites that were built from Zeta Producer Desktop CMS before 14.2.1 are vulnerable to unauthenticated file disclosure if the plugin "filebrowser" is installed, because of assets/php/filebrowser/filebrowser.main.php?file=../ directory traversal. | ||||
| CVE-2018-14007 | 1 Citrix | 1 Xenserver | 2024-08-05 | N/A |
| Citrix XenServer 7.1 and newer allows Directory Traversal. | ||||