Total
6500 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-5291 | 1 Gd Rating System Project | 1 Gd Rating System | 2024-08-05 | N/A |
| The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-tools page. | ||||
| CVE-2018-5290 | 1 Gd Rating System Project | 1 Gd Rating System | 2024-08-05 | N/A |
| The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-transfer page. | ||||
| CVE-2018-5289 | 1 Gd Rating System Project | 1 Gd Rating System | 2024-08-05 | N/A |
| The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-information page. | ||||
| CVE-2018-5283 | 1 Photos In Wifi Project | 1 Photos In Wifi | 2024-08-05 | N/A |
| The Photos in Wifi application 1.0.1 for iOS has directory traversal via the ext parameter to assets-library://asset/asset.php. | ||||
| CVE-2018-5337 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-08-05 | N/A |
| An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: directory traversal in the SCRIPT_NAME field when modifying existing scripts. | ||||
| CVE-2018-5287 | 1 Gd Rating System Project | 1 Gd Rating System | 2024-08-05 | N/A |
| The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-about page. | ||||
| CVE-2018-5182 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2024-08-05 | N/A |
| If a text string that happens to be a filename in the operating system's native format is dragged and dropped onto the addressbar the specified local file will be opened. This is contrary to policy and is what would happen if the string were the equivalent "file:" URL. This vulnerability affects Firefox < 60. | ||||
| CVE-2018-5181 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2024-08-05 | N/A |
| If a URL using the "file:" protocol is dragged and dropped onto an open tab that is running in a different child process the tab will open a local file corresponding to the dropped URL, contrary to policy. One way to make the target tab open more reliably in a separate process is to open it with the "noopener" keyword. This vulnerability affects Firefox < 60. | ||||
| CVE-2018-3822 | 1 Elastic | 1 X-pack | 2024-08-05 | 9.8 Critical |
| X-Pack Security versions 6.2.0, 6.2.1, and 6.2.2 are vulnerable to a user impersonation attack via incorrect XML canonicalization and DOM traversal. An attacker might have been able to impersonate a legitimate user if the SAML Identity Provider allows for self registration with arbitrary identifiers and the attacker can register an account which an identifier that shares a suffix with a legitimate account. Both of those conditions must be true in order to exploit this flaw. | ||||
| CVE-2018-3766 | 1 Buttle Project | 1 Buttle | 2024-08-05 | 7.5 High |
| Path traversal in buttle module versions <= 0.2.0 allows to read any file in the server. | ||||
| CVE-2018-3710 | 2 Debian, Gitlab | 2 Debian Linux, Gitlab | 2024-08-05 | 7.8 High |
| Gitlab Community and Enterprise Editions version 10.3.3 is vulnerable to an Insecure Temporary File in the project import component resulting remote code execution. | ||||
| CVE-2018-2380 | 1 Sap | 1 Customer Relationship Management | 2024-08-05 | N/A |
| SAP CRM, 7.01, 7.02,7.30, 7.31, 7.33, 7.54, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs. | ||||
| CVE-2018-2367 | 1 Sap | 1 Business Application Software Integrated Solution | 2024-08-05 | N/A |
| ABAP File Interface in, SAP BASIS, from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs. | ||||
| CVE-2018-2366 | 1 Redwood | 1 Sap Business Process Automation | 2024-08-05 | N/A |
| SAP Business Process Automation (BPA) By Redwood, 9.0, 9.1, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing 'traverse to parent directory' are passed through to the file APIs. | ||||
| CVE-2018-1102 | 1 Redhat | 2 Openshift, Rhel Software Collections | 2024-08-05 | N/A |
| A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation. | ||||
| CVE-2018-1162 | 1 Quest | 1 Netvault Backup | 2024-08-05 | N/A |
| This vulnerability allows remote attackers to create a denial-of-service condition on vulnerable installations of Quest NetVault Backup 11.2.0.13. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be easily bypassed. The specific flaw exists within the handling of Export requests. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to arbitrarily overwrite files resulting in a denial-of-service condition. Was ZDI-CAN-4222. | ||||
| CVE-2018-1079 | 2 Clusterlabs, Redhat | 2 Pacemaker Command Line Interface, Enterprise Linux | 2024-08-05 | N/A |
| pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escalation via authorized user malicious REST call. The REST interface of the pcsd service did not properly sanitize the file name from the /remote/put_file query. If the /etc/booth directory exists, an authenticated attacker with write permissions could create or overwrite arbitrary files with arbitrary data outside of the /etc/booth directory, in the context of the pcsd process. | ||||
| CVE-2018-1103 | 1 Redhat | 1 Source-to-image | 2024-08-05 | N/A |
| Openshift Enterprise source-to-image before version 1.1.10 is vulnerable to an improper validation of user input. An attacker who could trick a user into using the command to copy files locally, from a pod, could override files outside of the target directory of the command. | ||||
| CVE-2018-1047 | 1 Redhat | 4 Enterprise Linux Server, Jboss Enterprise Application Platform, Jboss Wildfly Application Server and 1 more | 2024-08-05 | N/A |
| A flaw was found in Wildfly 9.x. A path traversal vulnerability through the org.wildfly.extension.undertow.deployment.ServletResourceManager.getResource method could lead to information disclosure of arbitrary local files. | ||||
| CVE-2018-1048 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2024-08-05 | 7.5 High |
| It was found that the AJP connector in undertow, as shipped in Jboss EAP 7.1.0.GA, does not use the ALLOW_ENCODED_SLASH option and thus allow the the slash / anti-slash characters encoded in the url which may lead to path traversal and result in the information disclosure of arbitrary local files. | ||||