Total
6507 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2019-16679 | 1 Gilacms | 1 Gila Cms | 2024-08-05 | 4.9 Medium |
Gila CMS before 1.11.1 allows admin/fm/?f=../ directory traversal, leading to Local File Inclusion. | ||||
CVE-2019-16511 | 1 Firegiant | 1 Wix Toolset | 2024-08-05 | 5.5 Medium |
An issue was discovered in DTF in FireGiant WiX Toolset before 3.11.2. Microsoft.Deployment.Compression.Cab.dll and Microsoft.Deployment.Compression.Zip.dll allow directory traversal during CAB or ZIP archive extraction, because the full name of an archive file (even with a ../ sequence) is concatenated with the destination path. | ||||
CVE-2019-16540 | 1 Jenkins | 1 Support Core | 2024-08-05 | 6.5 Medium |
A path traversal vulnerability in Jenkins Support Core Plugin 2.63 and earlier allows attackers with Overall/Read permission to delete arbitrary files on the Jenkins master. | ||||
CVE-2019-16384 | 1 Cybelesoft | 1 Thinfinity Virtualui | 2024-08-05 | 6.5 Medium |
Cybele Thinfinity VirtualUI 2.5.17.2 allows ../ path traversal that can be used for data exfiltration. This enables files outside of the web directory to be retrieved if the exact location is known and the user has permissions. | ||||
CVE-2019-16278 | 1 Nazgul | 1 Nostromo Nhttpd | 2024-08-05 | 9.8 Critical |
Directory Traversal in the function http_verify in nostromo nhttpd through 1.9.6 allows an attacker to achieve remote code execution via a crafted HTTP request. | ||||
CVE-2019-16279 | 1 Nazgul | 1 Nostromo Nhttpd | 2024-08-05 | 7.5 High |
A memory error in the function SSL_accept in nostromo nhttpd through 1.9.6 allows an attacker to trigger a denial of service via a crafted HTTP request. | ||||
CVE-2019-16246 | 1 Intesync | 1 Solismed | 2024-08-05 | 9.8 Critical |
Intesync Solismed 3.3sp1 allows Local File Inclusion (LFI), a different vulnerability than CVE-2019-15931. This leads to unauthenticated code execution. | ||||
CVE-2019-16198 | 1 Kslabs | 1 Ksweb | 2024-08-05 | 6.5 Medium |
KSLabs KSWEB 3.93 allows ../ directory traversal, as demonstrated by the hostFile parameter. | ||||
CVE-2019-16123 | 1 Kartatopia | 1 Piluscart | 2024-08-05 | 7.5 High |
In Kartatopia PilusCart 1.4.1, the parameter filename in the file catalog.php is mishandled, leading to ../ Local File Disclosure. | ||||
CVE-2019-16132 | 1 Phpok | 1 Oklite | 2024-08-05 | 6.5 Medium |
An issue was discovered in OKLite v1.2.25. framework/admin/tpl_control.php allows remote attackers to delete arbitrary files via a title directory-traversal pathname followed by a crafted substring. | ||||
CVE-2019-16113 | 1 Bludit | 1 Bludit | 2024-08-05 | 8.8 High |
Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .jpg file name, and then this PHP code can write other PHP code to a ../ pathname. | ||||
CVE-2019-16105 | 1 Silver-peak | 2 Unity Edgeconnect Sd-wan, Unity Edgeconnect Sd-wan Firmware | 2024-08-05 | N/A |
Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows ..%2f directory traversal via a rest/json/configdb/download/ URI. | ||||
CVE-2019-16064 | 1 Netsas | 1 Enigma Network Management Solution | 2024-08-05 | 9.6 Critical |
NETSAS Enigma NMS 65.0.0 and prior suffers from a directory traversal vulnerability that can allow an authenticated user to access files and directories stored outside of the web root folder. By exploiting this vulnerability, it is possible for an attacker to list operating-system directory contents on the server, create directories and upload files in permissible locations, and modify filenames and delete files that are accessible by the user running the web server instance. | ||||
CVE-2019-15931 | 1 Intesync | 1 Solismed | 2024-08-05 | 9.8 Critical |
Intesync Solismed 3.3sp allows Directory Traversal, a different vulnerability than CVE-2019-16246. | ||||
CVE-2019-15952 | 1 Totaljs | 1 Total.js Cms | 2024-08-05 | N/A |
An issue was discovered in Total.js CMS 12.0.0. An authenticated user with the Pages privilege can conduct a path traversal attack (../) to include .html files that are outside the permitted directory. Also, if a page contains a template directive, then the directive will be server side processed. Thus, if a user can control the content of a .html file, then they can inject a payload with a malicious template directive to gain Remote Command Execution. The exploit will work only with the .html extension. | ||||
CVE-2019-15855 | 1 Maarch | 1 Maarch Rm | 2024-08-05 | 9.1 Critical |
An issue was discovered in Maarch RM before 2.5. A path traversal vulnerability allows an unauthenticated remote attacker to overwrite any files with a crafted POST request if the default installation procedure was followed. This results in a permanent Denial of Service. | ||||
CVE-2019-15822 | 1 Wpserveur | 1 Wps Child Theme Generator | 2024-08-05 | N/A |
The wps-child-theme-generator plugin before 1.2 for WordPress has classes/helpers.php directory traversal. | ||||
CVE-2019-15839 | 1 Shaosina | 1 Sina Extension For Elementor | 2024-08-05 | N/A |
The sina-extension-for-elementor plugin before 2.2.1 for WordPress has local file inclusion. | ||||
CVE-2019-15714 | 1 Entropic Project | 1 Entropic | 2024-08-05 | N/A |
cli/lib/main.js in Entropic before 2019-06-13 does not reject / and \ in command names, which might allow a directory traversal attack in unusual situations. | ||||
CVE-2019-15630 | 1 Mulesoft | 2 Api Gateway, Mule Runtime | 2024-08-05 | N/A |
Directory Traversal in APIkit, HTTP connector, and OAuth2 Provider components in MuleSoft Mule Runtime 3.2.0 and higher released before August 1 2019, MuleSoft Mule Runtime 4.1.0 and higher released before August 1 2019, and all versions of MuleSoft API Gateway released before August 1 2019 allow remote attackers to read files accessible to the Mule process. |