Total
6512 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-12309 | 1 Dotcms | 1 Dotcms | 2024-08-04 | N/A |
| dotCMS before 5.1.0 has a path traversal vulnerability exploitable by an administrator to create files. The vulnerability is caused by the insecure extraction of a ZIP archive. | ||||
| CVE-2019-12276 | 1 Grandnode | 1 Grandnode | 2024-08-04 | N/A |
| A Path Traversal vulnerability in Controllers/LetsEncryptController.cs in LetsEncryptController in GrandNode 4.40 allows remote, unauthenticated attackers to retrieve arbitrary files on the web server via specially crafted LetsEncrypt/Index?fileName= HTTP requests. A patch for this issue was made on 2019-05-30 in GrandNode 4.40. | ||||
| CVE-2019-11879 | 1 Ruby-lang | 1 Webrick | 2024-08-04 | N/A |
| The WEBrick gem 1.4.2 for Ruby allows directory traversal if the attacker once had local access to create a symlink to a location outside of the web root directory. NOTE: The vendor states that this is analogous to Options FollowSymlinks in the Apache HTTP Server, and therefore it is "not a problem. | ||||
| CVE-2019-12173 | 1 Macdown Project | 1 Macdown | 2024-08-04 | N/A |
| MacDown 0.7.1 (870) allows remote code execution via a file:\\\ URI, with a .app pathname, in the HREF attribute of an A element. This is different from CVE-2019-12138. | ||||
| CVE-2019-12172 | 4 Apple, Linux, Microsoft and 1 more | 4 Mac Os X, Linux Kernel, Windows and 1 more | 2024-08-04 | N/A |
| Typora 0.9.9.21.1 (1913) allows arbitrary code execution via a modified file: URL syntax in the HREF attribute of an AREA element, as demonstrated by file:\\\ on macOS or Linux, or file://C| on Windows. This is different from CVE-2019-12137. | ||||
| CVE-2019-12169 | 1 Atutor | 1 Atutor | 2024-08-04 | 8.8 High |
| ATutor 2.2.4 allows Arbitrary File Upload and Directory Traversal, resulting in remote code execution via a ".." pathname in a ZIP archive to the mods/_core/languages/language_import.php (aka Import New Language) or mods/_standard/patcher/index_admin.php (aka Patcher) component. | ||||
| CVE-2019-12182 | 1 Safescan | 14 Ta-8010, Ta-8010 Firmware, Ta-8015 and 11 more | 2024-08-04 | 9.8 Critical |
| Directory Traversal in Safescan Timemoto and TA-8000 series version 1.0 allows unauthenticated remote attackers to execute code via the administrative API. | ||||
| CVE-2019-12143 | 1 Progress | 1 Ws Ftp Server | 2024-08-04 | N/A |
| A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. An attacker can supply a string using special patterns via the SCP protocol to disclose WS_FTP usernames as well as filenames. | ||||
| CVE-2019-12144 | 1 Ipswitch | 1 Ws Ftp Server | 2024-08-04 | N/A |
| An issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. Attackers have the ability to abuse a path traversal vulnerability using the SCP protocol. Attackers who leverage this flaw could also obtain remote code execution by crafting a payload that abuses the SITE command feature. | ||||
| CVE-2019-12146 | 1 Ipswitch | 1 Ws Ftp Server | 2024-08-04 | N/A |
| A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. Attackers have the ability to abuse a flaw in the SCP listener by crafting strings using specific patterns to write files and create directories outside of their authorized directory. | ||||
| CVE-2019-12138 | 1 Macdown Project | 1 Macdown | 2024-08-04 | N/A |
| MacDown 0.7.1 allows directory traversal, for execution of arbitrary programs, via a file:/// or ../ substring in a shared note. | ||||
| CVE-2019-12145 | 1 Ipswitch | 1 Ws Ftp Server | 2024-08-04 | N/A |
| A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. An attacker can supply a string using special patterns via the SCP protocol to disclose path names on the host operating system. | ||||
| CVE-2019-12137 | 2 Apple, Typora | 2 Mac Os X, Typora | 2024-08-04 | N/A |
| Typora 0.9.9.24.6 on macOS allows directory traversal, for execution of arbitrary programs, via a file:/// or ../ substring in a shared note. | ||||
| CVE-2019-11994 | 1 Hp | 16 Simplivity 2600 Gen10, Simplivity 2600 Gen10 Firmware, Simplivity 380 Gen10 and 13 more | 2024-08-04 | 9.8 Critical |
| A security vulnerability has been identified in HPE SimpliVity 380 Gen 9, HPE SimpliVity 380 Gen 10, HPE SimpliVity 380 Gen 10 G, HPE SimpliVity 2600 Gen 10, SimpliVity OmniCube, SimpliVity OmniStack for Cisco, SimpliVity OmniStack for Lenovo and SimpliVity OmniStack for Dell nodes. An API is used to execute a command manifest file during upgrade does not correctly prevent directory traversal and so can be used to execute manifest files in arbitrary locations on the node. The API does not require user authentication and is accessible over the management network, resulting in the potential for unauthenticated remote execution of manifest files. For all customers running HPE OmniStack version 3.7.9 and earlier. HPE recommends upgrading the OmniStack software to version 3.7.10 or later, which contains a permanent resolution. Customers and partners who can upgrade to 3.7.10 should upgrade at the earliest convenience. For all customers and partners unable to upgrade their environments to the recommended version 3.7.10, HPE has created a Temporary Workaround https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=mmr_sf-EN_US000061901&withFrame for you to implement. All customer should upgrade to the recommended 3.7.10 or later version at the earliest convenience. | ||||
| CVE-2019-11831 | 5 Debian, Drupal, Fedoraproject and 2 more | 5 Debian Linux, Drupal, Fedora and 2 more | 2024-08-04 | 9.8 Critical |
| The PharStreamWrapper (aka phar-stream-wrapper) package 2.x before 2.1.1 and 3.x before 3.1.1 for TYPO3 does not prevent directory traversal, which allows attackers to bypass a deserialization protection mechanism, as demonstrated by a phar:///path/bad.phar/../good.phar URL. | ||||
| CVE-2019-11654 | 1 Microfocus | 1 Verastream Host Integrator | 2024-08-04 | 7.5 High |
| Path traversal vulnerability in Micro Focus Verastream Host Integrator (VHI), versions 7.7 SP2 and earlier, The vulnerability allows remote unauthenticated attackers to read arbitrary files. | ||||
| CVE-2019-11608 | 1 Doorgets | 1 Doorgets Cms | 2024-08-04 | N/A |
| doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/renamefile.php. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information or make the server unserviceable. | ||||
| CVE-2019-11607 | 1 Doorgets | 1 Doorgets Cms | 2024-08-04 | N/A |
| doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/copydir.php. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information. | ||||
| CVE-2019-11609 | 1 Doorgets | 1 Doorgets Cms | 2024-08-04 | N/A |
| doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/movefile.php. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information or make the server unserviceable. | ||||
| CVE-2019-11610 | 1 Doorgets | 1 Doorgets Cms | 2024-08-04 | N/A |
| doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/downloaddir.php. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information. | ||||