Total
6506 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-18212 | 3 Eclipse, Theia Xml Extension Project, Xml Language Server Project | 3 Wild Web Developer, Theia Xml Extension, Xml Server Project | 2024-08-05 | 6.5 Medium |
| XMLLanguageService.java in XML Language Server (aka lsp4xml) before 0.9.1, as used in Red Hat XML Language Support (aka vscode-xml) before 0.9.1 for Visual Studio and other products, allows a remote attacker to write to arbitrary files via Directory Traversal. | ||||
| CVE-2019-18189 | 1 Trendmicro | 3 Apex One, Officescan, Worry-free Business Security | 2024-08-05 | 9.8 Critical |
| A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (11.0, XG) and Worry-Free Business Security (9.5, 10.0) may allow an attacker to bypass authentication and log on to an affected product's management console as a root user. The vulnerability does not require authentication. | ||||
| CVE-2019-17640 | 1 Eclipse | 1 Vert.x | 2024-08-05 | 9.8 Critical |
| In Eclipse Vert.x 3.4.x up to 3.9.4, 4.0.0.milestone1, 4.0.0.milestone2, 4.0.0.milestone3, 4.0.0.milestone4, 4.0.0.milestone5, 4.0.0.Beta1, 4.0.0.Beta2, and 4.0.0.Beta3, StaticHandler doesn't correctly processes back slashes on Windows Operating systems, allowing, escape the webroot folder to the current working directory. | ||||
| CVE-2019-18187 | 2 Microsoft, Trendmicro | 2 Windows, Officescan | 2024-08-05 | 7.5 High |
| Trend Micro OfficeScan versions 11.0 and XG (12.0) could be exploited by an attacker utilizing a directory traversal vulnerability to extract files from an arbitrary zip file to a specific folder on the OfficeScan server, which could potentially lead to remote code execution (RCE). The remote process execution is bound to a web service account, which depending on the web platform used may have restricted permissions. An attempted attack requires user authentication. | ||||
| CVE-2019-17662 | 1 Cybelsoft | 1 Thinvnc | 2024-08-05 | 9.8 Critical |
| ThinVNC 1.0b1 is vulnerable to arbitrary file read, which leads to a compromise of the VNC server. The vulnerability exists even when authentication is turned on during the deployment of the VNC server. The password for authentication is stored in cleartext in a file that can be read via a ../../ThinVnc.ini directory traversal attack vector. | ||||
| CVE-2019-17537 | 1 Jnoj | 1 Jiangnan Online Judge | 2024-08-05 | 7.5 High |
| Jiangnan Online Judge (aka jnoj) 0.8.0 has Directory Traversal for file deletion via the web/polygon/problem/deletefile?id=1&name=../ substring. | ||||
| CVE-2019-17538 | 1 Jnoj | 1 Jiangnan Online Judge | 2024-08-05 | 7.5 High |
| Jiangnan Online Judge (aka jnoj) 0.8.0 has Directory Traversal for file reading via the web/polygon/problem/viewfile?id=1&name=../ substring. | ||||
| CVE-2019-17572 | 1 Apache | 1 Rocketmq | 2024-08-05 | 5.3 Medium |
| In Apache RocketMQ 4.2.0 to 4.6.0, when the automatic topic creation in the broker is turned on by default, an evil topic like “../../../../topic2020” is sent from rocketmq-client to the broker, a topic folder will be created in the parent directory in brokers, which leads to a directory traversal vulnerability. Users of the affected versions should apply one of the following: Upgrade to Apache RocketMQ 4.6.1 or later. | ||||
| CVE-2019-17404 | 1 Nokia | 1 Impact | 2024-08-05 | 4.3 Medium |
| Nokia IMPACT < 18A: allows full path disclosure | ||||
| CVE-2019-17406 | 1 Nokia | 1 Impact | 2024-08-05 | 5.3 Medium |
| Nokia IMPACT < 18A has path traversal that may lead to RCE if chained with CVE-2019-1743 | ||||
| CVE-2019-17399 | 1 Joomlashack | 1 Shack Forms Pro | 2024-08-05 | 9.8 Critical |
| The Shack Forms Pro extension before 4.0.32 for Joomla! allows path traversal via a file attachment. | ||||
| CVE-2019-17322 | 1 Clipsoft | 1 Rexpert | 2024-08-05 | 6.5 Medium |
| ClipSoft REXPERT 1.0.0.527 and earlier version allows arbitrary file creation via a POST request with the parameter set to the file path to be written. This can be an executable file that is written to in the arbitrary directory. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. | ||||
| CVE-2019-17327 | 1 Tmaxsoft | 1 Jeus | 2024-08-05 | 7.2 High |
| JEUS 7 Fix#0~5 and JEUS 8Fix#0~1 versions contains a directory traversal vulnerability caused by improper input parameter check when uploading installation file in administration web page. That leads remote attacker to execute arbitrary code via uploaded file. | ||||
| CVE-2019-17324 | 1 Clipsoft | 1 Rexpert | 2024-08-05 | 6.5 Medium |
| ClipSoft REXPERT 1.0.0.527 and earlier version allows directory traversal by issuing a special HTTP POST request with ../ characters. This could lead to create malicious HTML file, because they can inject a content with crafted template. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. | ||||
| CVE-2019-17313 | 1 Sugarcrm | 1 Sugarcrm | 2024-08-05 | 8.8 High |
| SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the Studio module by a Developer user. | ||||
| CVE-2019-17314 | 1 Sugarcrm | 1 Sugarcrm | 2024-08-05 | 7.2 High |
| SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the Configurator module by an Admin user. | ||||
| CVE-2019-17311 | 1 Sugarcrm | 1 Sugarcrm | 2024-08-05 | 8.8 High |
| SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the attachment function by a Regular user. | ||||
| CVE-2019-17312 | 1 Sugarcrm | 1 Sugarcrm | 2024-08-05 | 8.8 High |
| SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the file function by a Regular user. | ||||
| CVE-2019-17109 | 1 Koji Project | 1 Koji | 2024-08-05 | 6.5 Medium |
| Koji through 1.18.0 allows remote Directory Traversal, with resultant Privilege Escalation. | ||||
| CVE-2019-17187 | 1 Fiberhome | 2 Hg2201t, Hg2201t Firmware | 2024-08-05 | 7.5 High |
| /var/WEB-GUI/cgi-bin/downloadfile.cgi on FiberHome HG2201T 1.00.M5007_JS_201804 devices allows pre-authentication Directory Traversal for reading arbitrary files. | ||||