Total
6506 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-25087 | 1 Httpserver Project | 1 Httpserver | 2024-08-05 | 5.3 Medium |
| A vulnerability was found in RamseyK httpserver. It has been rated as critical. This issue affects the function ResourceHost::getResource of the file src/ResourceHost.cpp of the component URI Handler. The manipulation of the argument uri leads to path traversal: '../filedir'. The attack may be initiated remotely. The name of the patch is 1a0de56e4dafff9c2f9c8f6b130a764f7a50df52. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216863. | ||||
| CVE-2019-25053 | 1 Sage | 1 Sage Frp 1000 | 2024-08-05 | 7.5 High |
| A path traversal vulnerability exists in Sage FRP 1000 before November 2019. This allows remote unauthenticated attackers to access files outside of the web tree via a crafted URL. | ||||
| CVE-2019-25073 | 1 Goa.design | 1 Goa | 2024-08-05 | 7.5 High |
| Improper path sanitization in github.com/goadesign/goa before v3.0.9, v2.0.10, or v1.4.3 allow remote attackers to read files outside of the intended directory. | ||||
| CVE-2019-20916 | 5 Debian, Opensuse, Oracle and 2 more | 7 Debian Linux, Leap, Communications Cloud Native Core Network Function Cloud Native Environment and 4 more | 2024-08-05 | 7.5 High |
| The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py. | ||||
| CVE-2019-20851 | 1 Mattermost | 1 Mattermost | 2024-08-05 | 9.1 Critical |
| An issue was discovered in Mattermost Mobile Apps before 1.26.0. An attacker can use directory traversal with the Video Preview feature to overwrite arbitrary files on a device. | ||||
| CVE-2019-20354 | 1 Pisignage | 1 Pisignage | 2024-08-05 | 4.3 Medium |
| The web application component of piSignage before 2.6.4 allows a remote attacker (authenticated as a low-privilege user) to download arbitrary files from the Raspberry Pi via api/settings/log?file=../ path traversal. In other words, this issue is in the player API for log download. | ||||
| CVE-2019-20085 | 1 Tvt | 2 Nvms-1000, Nvms-1000 Firmware | 2024-08-05 | 7.5 High |
| TVT NVMS-1000 devices allow GET /.. Directory Traversal | ||||
| CVE-2019-19893 | 1 Ixpdata | 1 Easyinstall | 2024-08-05 | 7.5 High |
| In IXP EasyInstall 6.2.13723, there is Directory Traversal on TCP port 8000 via the Engine Service by an unauthenticated attacker, who can access the server's filesystem with the access rights of NT AUTHORITY\SYSTEM. | ||||
| CVE-2019-19877 | 1 Br-automation | 1 Industrial Automation Aprol | 2024-08-05 | 5.3 Medium |
| An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An attacker can get access to sensitive information outside the working directory via Directory Traversal attacks against AprolSqlServer, a different vulnerability than CVE-2019-16357. | ||||
| CVE-2019-19848 | 1 Typo3 | 1 Typo3 | 2024-08-05 | 7.2 High |
| An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. It has been discovered that the extraction of manually uploaded ZIP archives in Extension Manager is vulnerable to directory traversal. Admin privileges are required in order to exploit this vulnerability. (In v9 LTS and later, System Maintainer privileges are also required.) | ||||
| CVE-2019-19845 | 1 Joomla | 1 Joomla\! | 2024-08-05 | 5.3 Medium |
| In Joomla! before 3.9.14, a missing access check in framework files could lead to a path disclosure. | ||||
| CVE-2019-19790 | 1 Telerik | 2 Radchart, Ui For Asp.net Ajax | 2024-08-05 | 9.8 Critical |
| Path traversal in RadChart in Telerik UI for ASP.NET AJAX allows a remote attacker to read and delete an image with extension .BMP, .EXIF, .GIF, .ICON, .JPEG, .PNG, .TIFF, or .WMF on the server through a specially crafted request. NOTE: RadChart was discontinued in 2014 in favor of RadHtmlChart. All RadChart versions were affected. To avoid this vulnerability, you must remove RadChart's HTTP handler from a web.config (its type is Telerik.Web.UI.ChartHttpHandler). | ||||
| CVE-2019-19834 | 1 Ruckuswireless | 17 C110, E510, H320 and 14 more | 2024-08-05 | 7.2 High |
| Directory Traversal in ruckus_cli2 in Ruckus Wireless Unleashed through 200.7.10.102.64 allows a remote attacker to jailbreak the CLI via enable->debug->script->exec with ../../../bin/sh as the parameter. | ||||
| CVE-2019-19781 | 1 Citrix | 6 Application Delivery Controller, Application Delivery Controller Firmware, Gateway and 3 more | 2024-08-05 | 9.8 Critical |
| An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal. | ||||
| CVE-2019-19731 | 1 Roxyfileman | 1 Roxy Fileman | 2024-08-05 | 7.5 High |
| Roxy Fileman 1.4.5 for .NET is vulnerable to path traversal. A remote attacker can write uploaded files to arbitrary locations via the RENAMEFILE action. This can be leveraged for code execution by uploading a specially crafted Windows shortcut file and writing the file to the Startup folder (because an incomplete blacklist of file extensions allows Windows shortcut files to be uploaded). | ||||
| CVE-2019-19683 | 1 Nopcommerce | 1 Nopcommerce | 2024-08-05 | 9.1 Critical |
| RoxyFileman, as shipped with nopCommerce v4.2.0, is vulnerable to ../ path traversal via d or f to Admin/RoxyFileman/ProcessRequest because of Libraries/Nop.Services/Media/RoxyFileman/FileRoxyFilemanService.cs. | ||||
| CVE-2019-19628 | 1 Gitlab | 1 Gitlab | 2024-08-05 | 9.8 Critical |
| In GitLab EE 11.3 through 12.5.3, 12.4.5, and 12.3.8, insufficient parameter sanitization for the Maven package registry could lead to privilege escalation and remote code execution vulnerabilities under certain conditions. | ||||
| CVE-2019-19486 | 1 Centreon | 1 Centreon | 2024-08-05 | 6.5 Medium |
| Local File Inclusion in minPlayCommand.php in Centreon (19.04.4 and below) allows an attacker to traverse paths via a plugin test. | ||||
| CVE-2019-19458 | 1 Saltosystem | 1 Proaccess Space | 2024-08-05 | 8.6 High |
| SALTO ProAccess SPACE 5.4.3.0 allows Directory Traversal in the Data Export feature. | ||||
| CVE-2019-19459 | 1 Saltosystem | 1 Proaccess Space | 2024-08-05 | 9.8 Critical |
| An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. An attacker can write arbitrary content to arbitrary files, as demonstrated by CVE-2019-19458 files under the web root, or .bat files that will be used with auto start. This allows an attacker to execute arbitrary commands on the server. | ||||