Total
6507 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-15648 | 1 Elearningfreak | 1 Insert Or Embed Articulate Content | 2024-08-05 | N/A |
| The insert-or-embed-articulate-content-into-wordpress plugin before 4.29991 for WordPress has insufficient restrictions on deleting or renaming by a Subscriber. | ||||
| CVE-2019-15600 | 1 Http Server Project | 1 Http Server | 2024-08-05 | 7.5 High |
| A Path traversal exists in http_server which allows an attacker to read arbitrary system files. | ||||
| CVE-2019-15519 | 1 Power-response Project | 1 Power-response | 2024-08-05 | N/A |
| Power-Response before 2019-02-02 allows directory traversal (up to the application's main directory) via a plugin. | ||||
| CVE-2019-15596 | 1 Statics-server Project | 1 Statics-server | 2024-08-05 | 7.5 High |
| A path traversal in statics-server exists in all version that allows an attacker to perform a path traversal when a symlink is used within the working directory. | ||||
| CVE-2019-15517 | 1 Jc21 | 1 Nginx Proxy Manager | 2024-08-05 | N/A |
| jc21 Nginx Proxy Manager before 2.0.13 allows %2e%2e%2f directory traversal. | ||||
| CVE-2019-15516 | 1 Cuberite | 1 Cuberite | 2024-08-05 | N/A |
| Cuberite before 2019-06-11 allows webadmin directory traversal via ....// because the protection mechanism simply removes one ../ substring. | ||||
| CVE-2019-15518 | 1 Swoole | 1 Swoole | 2024-08-05 | N/A |
| Swoole before 4.2.13 allows directory traversal in swPort_http_static_handler. | ||||
| CVE-2019-15520 | 1 Comelz | 1 Quark | 2024-08-05 | N/A |
| comelz Quark before 2019-03-26 allows directory traversal to locations outside of the project directory. | ||||
| CVE-2019-15326 | 1 Codection | 1 Import Users From Csv With Meta | 2024-08-05 | N/A |
| The import-users-from-csv-with-meta plugin before 1.14.2.1 for WordPress has directory traversal. | ||||
| CVE-2019-15323 | 1 Ad Inserter Project | 1 Ad Inserter | 2024-08-05 | 7.5 High |
| The ad-inserter plugin before 2.4.20 for WordPress has path traversal. | ||||
| CVE-2019-15055 | 1 Mikrotik | 1 Routeros | 2024-08-05 | N/A |
| MikroTik RouterOS through 6.44.5 and 6.45.x through 6.45.3 improperly handles the disk name, which allows authenticated users to delete arbitrary files. Attackers can exploit this vulnerability to reset credential storage, which allows them access to the management interface as an administrator without authentication. | ||||
| CVE-2019-15039 | 1 Jetbrains | 1 Teamcity | 2024-08-05 | 9.8 Critical |
| An issue was discovered in JetBrains TeamCity 2018.2.4. It had a possible remote code execution issue. This was fixed in TeamCity 2019.1. | ||||
| CVE-2019-14914 | 1 Prise | 1 Adas | 2024-08-05 | 9.1 Critical |
| An issue was discovered in PRiSE adAS 1.7.0. The path is not properly escaped in the medatadata_del method, leading to an arbitrary file read and deletion via Directory Traversal. | ||||
| CVE-2019-14798 | 1 10web | 1 Photo Gallery | 2024-08-05 | N/A |
| The 10Web Photo Gallery plugin before 1.5.25 for WordPress has Authenticated Local File Inclusion via directory traversal in the wp-admin/admin-ajax.php?action=shortcode_bwg tagtext parameter. | ||||
| CVE-2019-14768 | 1 Dimo-crm | 1 Yellowbox Crm | 2024-08-05 | 8.8 High |
| An Arbitrary File Upload issue in the file browser of DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to deploy a new WebApp WAR file to the Tomcat server via Path Traversal, allowing remote code execution with SYSTEM privileges. | ||||
| CVE-2019-14788 | 1 Tribulant | 1 Newsletters | 2024-08-05 | 8.8 High |
| wp-admin/admin-ajax.php?action=newsletters_exportmultiple in the Tribulant Newsletters plugin before 4.6.19 for WordPress allows directory traversal with resultant remote PHP code execution via the subscribers[1][1] parameter in conjunction with an exportfile=../ value. | ||||
| CVE-2019-14767 | 1 Dimo-crm | 1 Yellowbox Crm | 2024-08-05 | 7.5 High |
| In DIMO YellowBox CRM before 6.3.4, Path Traversal in images/Apparence (dossier=../) and servletrecuperefichier (document=../) allows an unauthenticated user to download arbitrary files from the server. | ||||
| CVE-2019-14766 | 1 Dimo-crm | 1 Yellowbox Crm | 2024-08-05 | 6.5 Medium |
| Path Traversal in the file browser of DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to browse the server filesystem. | ||||
| CVE-2019-14751 | 1 Nltk | 1 Nltk | 2024-08-05 | N/A |
| NLTK Downloader before 3.4.5 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in an NLTK package (ZIP archive) that is mishandled during extraction. | ||||
| CVE-2019-14701 | 1 Microdigital | 6 Mdc-n2190v, Mdc-n2190v Firmware, Mdc-n4090 and 3 more | 2024-08-05 | N/A |
| An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. An attacker can trigger read operations on an arbitrary file via Path Traversal in the TZ parameter, but cannot retrieve the data that is read. This causes a denial of service if the filename is, for example, /dev/random. | ||||