Total
6500 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-0660 | 1 Hibara | 1 Attachecase | 2024-08-05 | N/A |
| Directory traversal vulnerability in ver.2.8.4.0 and earlier and ver.3.3.0.0 and earlier allows an attacker to create arbitrary files via specially crafted ATC file. | ||||
| CVE-2018-0702 | 1 Cybozu | 1 Mailwise | 2024-08-05 | N/A |
| Directory traversal vulnerability in Cybozu Mailwise 5.0.0 to 5.4.5 allows remote attackers to delete arbitrary files via unspecified vectors. | ||||
| CVE-2018-0704 | 1 Cybozu | 1 Office | 2024-08-05 | N/A |
| Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 allows remote attackers to delete arbitrary files via Keitai Screen. | ||||
| CVE-2018-0693 | 1 Soliton | 1 Filezen | 2024-08-05 | N/A |
| Directory traversal vulnerability in FileZen V3.0.0 to V4.2.1 allows remote attackers to upload an arbitrary file in the specific directory in FileZen via unspecified vectors. | ||||
| CVE-2018-0659 | 1 Hibara | 1 Attachecase | 2024-08-05 | N/A |
| Directory traversal vulnerability in ver.2.8.4.0 and earlier and ver.3.3.0.0 and earlier allows an attacker to create or overwrite existing files via specially crafted ATC file. | ||||
| CVE-2018-0703 | 1 Cybozu | 1 Office | 2024-08-05 | N/A |
| Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 allows remote attackers to delete arbitrary files via HTTP requests. | ||||
| CVE-2018-0705 | 1 Cybozu | 1 Dezie | 2024-08-05 | N/A |
| Directory traversal vulnerability in Cybozu Dezie 8.0.2 to 8.1.2 allows remote attackers to read arbitrary files via HTTP requests. | ||||
| CVE-2018-0673 | 1 Cybozu | 1 Garoon | 2024-08-05 | N/A |
| Directory traversal vulnerability in Cybozu Garoon 3.5.0 to 4.6.3 allows authenticated attackers to read arbitrary files via unspecified vectors. | ||||
| CVE-2018-0646 | 1 Ponsoftware | 1 Explzh | 2024-08-05 | N/A |
| Directory traversal vulnerability in Explzh v.7.58 and earlier allows an attacker to read arbitrary files via unspecified vectors. | ||||
| CVE-2018-0617 | 1 Chama | 1 Memocgi | 2024-08-05 | N/A |
| Directory traversal vulnerability in ChamaNet MemoCGI v2.1800 to v2.2200 allows remote attackers to read arbitrary files via unspecified vectors. | ||||
| CVE-2018-0586 | 1 Ultimatemember | 1 User Profile \& Membership | 2024-08-05 | N/A |
| Directory traversal vulnerability in the shortcodes function of Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to read arbitrary files via unspecified vectors. | ||||
| CVE-2018-0588 | 1 Ultimatemember | 1 User Profile \& Membership | 2024-08-05 | N/A |
| Directory traversal vulnerability in the AJAX function of Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote attackers to read arbitrary files via unspecified vectors. | ||||
| CVE-2018-0525 | 1 Jubat | 1 Jubatus | 2024-08-05 | N/A |
| Directory traversal vulnerability in Jubatus 1.0.2 and earlier allows remote attackers to read arbitrary files via unspecified vectors. | ||||
| CVE-2018-0542 | 1 Webproxy Project | 1 Webproxy | 2024-08-05 | N/A |
| Directory traversal vulnerability in WebProxy version 1.7.8 allows an attacker to read arbitrary files via unspecified vectors. | ||||
| CVE-2018-0496 | 2 Debian, Dinknetwork | 3 Debian Linux, Dfarc, Dfarc2 | 2024-08-05 | N/A |
| Directory traversal issues in the D-Mod extractor in DFArc and DFArc2 (as well as in RTsoft's Dink Smallwood HD / ProtonSDK version) before 3.14 allow an attacker to overwrite arbitrary files on the user's system. | ||||
| CVE-2018-0300 | 1 Cisco | 6 Firepower 4110, Firepower 4120, Firepower 4140 and 3 more | 2024-08-05 | N/A |
| A vulnerability in the process of uploading new application images to Cisco FXOS on the Cisco Firepower 4100 Series Next-Generation Firewall (NGFW) and Firepower 9300 Security Appliance could allow an authenticated, remote attacker using path traversal techniques to create or overwrite arbitrary files on an affected device. The vulnerability is due to insufficient validation during the application image upload process. An attacker could exploit this vulnerability by creating an application image containing malicious code and installing the image on the affected device using the CLI or web-based user interface (web UI). These actions occur prior to signature verification and could allow the attacker to create and execute arbitrary code with root privileges. Note: A missing or invalid signature in the application image will cause the upload process to fail, but does not prevent the exploit. Cisco Bug IDs: CSCvc21901. | ||||
| CVE-2018-0258 | 1 Cisco | 2 Prime Data Center Network Manager, Prime Infrastructure | 2024-08-05 | N/A |
| A vulnerability in the Cisco Prime File Upload servlet affecting multiple Cisco products could allow a remote attacker to upload arbitrary files to any directory of a vulnerable device (aka Path Traversal) and execute those files. This vulnerability affects the following products: Cisco Prime Data Center Network Manager (DCNM) Version 10.0 and later, and Cisco Prime Infrastructure (PI) All versions. Cisco Bug IDs: CSCvf32411, CSCvf81727. | ||||
| CVE-2018-0323 | 1 Cisco | 1 Network Functions Virtualization Infrastructure | 2024-08-05 | N/A |
| A vulnerability in the web management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to conduct a path traversal attack on a targeted system. The vulnerability is due to insufficient validation of web request parameters. An attacker who has access to the web management interface of the affected application could exploit this vulnerability by sending a malicious web request to the affected device. A successful exploit could allow the attacker to access sensitive information on the affected system. Cisco Bug IDs: CSCvh99631. | ||||
| CVE-2018-0296 | 1 Cisco | 2 Adaptive Security Appliance Software, Firepower Threat Defense | 2024-08-05 | 7.5 High |
| A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. It is also possible on certain software releases that the ASA will not reload, but an attacker could view sensitive system information without authentication by using directory traversal techniques. The vulnerability is due to lack of proper input validation of the HTTP URL. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. An exploit could allow the attacker to cause a DoS condition or unauthenticated disclosure of information. This vulnerability applies to IPv4 and IPv6 HTTP traffic. This vulnerability affects Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software that is running on the following Cisco products: 3000 Series Industrial Security Appliance (ISA), ASA 1000V Cloud Firewall, ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Adaptive Security Virtual Appliance (ASAv), Firepower 2100 Series Security Appliance, Firepower 4100 Series Security Appliance, Firepower 9300 ASA Security Module, FTD Virtual (FTDv). Cisco Bug IDs: CSCvi16029. | ||||
| CVE-2019-19372 | 1 Rconfig | 1 Rconfig | 2024-08-05 | 7.5 High |
| A downloadFile.php download_file path traversal vulnerability in rConfig through 3.9.3 allows attackers to list files in arbitrary folders and potentially download files. NOTE: the discoverer later reported that there was not a "fully working exploit. | ||||