Total
6512 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-10869 | 1 Ninjaforms | 1 Ninja Forms File Uploads | 2024-08-04 | 8.1 High |
| Path Traversal and Unrestricted File Upload exists in the Ninja Forms plugin before 3.0.23 for WordPress (when the Uploads add-on is activated). This allows an attacker to traverse the file system to access files and execute code via the includes/fields/upload.php (aka upload/submit page) name and tmp_name parameters. | ||||
| CVE-2019-10765 | 1 Iobroker | 1 Iobroker.admin | 2024-08-04 | 9.8 Critical |
| iobroker.admin before 3.6.12 allows attacker to include file contents from outside the `/log/file1/` directory. | ||||
| CVE-2019-10767 | 1 Iobroker | 1 Iobroker.js-controller | 2024-08-04 | 7.5 High |
| An attacker can include file contents from outside the `/adapter/xxx/` directory, where `xxx` is the name of an existent adapter like "admin". It is exploited using the administrative web panel with a request for an adapter file. **Note:** The attacker has to be logged in if the authentication is enabled (by default isn't enabled). | ||||
| CVE-2019-10743 | 1 Archiver Project | 1 Archiver | 2024-08-04 | 5.5 Medium |
| All versions of archiver allow attacker to perform a Zip Slip attack via the "unarchive" functions. It is exploited using a specially crafted zip archive, that holds path traversal filenames. When exploited, a filename in a malicious archive is concatenated to the target extraction directory, which results in the final path ending up outside of the target folder. For instance, a zip may hold a file with a "../../file.exe" location and thus break out of the target folder. If an executable or a configuration file is overwritten with a file containing malicious code, the problem can turn into an arbitrary code execution issue quite easily. | ||||
| CVE-2019-10720 | 1 Blogengine | 1 Blogengine.net | 2024-08-04 | 8.8 High |
| BlogEngine.NET 3.3.7.0 and earlier allows Directory Traversal and Remote Code Execution via the theme cookie to the File Manager. NOTE: this issue exists because of an incomplete fix for CVE-2019-6714. | ||||
| CVE-2019-10719 | 1 Dotnetblogengine | 1 Blogengine.net | 2024-08-04 | N/A |
| BlogEngine.NET 3.3.7.0 and earlier allows Directory Traversal and Remote Code Execution because file creation is mishandled, related to /api/upload and BlogEngine.NET/AppCode/Api/UploadController.cs. NOTE: this issue exists because of an incomplete fix for CVE-2019-6714. | ||||
| CVE-2019-10717 | 1 Dotnetblogengine | 1 Blogengine.net | 2024-08-04 | N/A |
| BlogEngine.NET 3.3.7.0 allows /api/filemanager Directory Traversal via the path parameter. | ||||
| CVE-2019-10632 | 1 Zyxel | 2 Nas326, Nas326 Firmware | 2024-08-04 | N/A |
| A directory traversal vulnerability in the file browser component on the Zyxel NAS 326 version 5.21 and below allows a lower privileged user to change the location of any other user's files. | ||||
| CVE-2019-10352 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-08-04 | N/A |
| A path traversal vulnerability in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier in core/src/main/java/hudson/model/FileParameterValue.java allowed attackers with Job/Configure permission to define a file parameter with a file name outside the intended directory, resulting in an arbitrary file write on the Jenkins master when scheduling a build. | ||||
| CVE-2019-10242 | 1 Eclipse | 1 Kura | 2024-08-04 | N/A |
| In Eclipse Kura versions up to 4.0.0, the SkinServlet did not checked the path passed during servlet call, potentially allowing path traversal in get requests for a limited number of file types. | ||||
| CVE-2019-10265 | 1 Ahsay | 1 Cloud Backup Suite | 2024-08-04 | N/A |
| An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. On the /cbs/system/ShowAdvanced.do "File Explorer" screen, it is possible to change the directory in the JavaScript code. If changed to (for example) "C:" then one can browse the whole server. | ||||
| CVE-2019-10220 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-08-04 | 8.8 High |
| Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a relative paths injection in directory entry lists. | ||||
| CVE-2019-10257 | 1 Zucchetti | 1 Hr Portal | 2024-08-04 | N/A |
| Zucchetti HR Portal through 2019-03-15 allows Directory Traversal. Unauthenticated users can escape outside of the restricted location (dot-dot-slash notation) to access files or directories that are elsewhere on the system. Through this vulnerability it is possible to read the application's java sources from /WEB-INF/classes/*.class | ||||
| CVE-2019-10218 | 3 Fedoraproject, Redhat, Samba | 4 Fedora, Enterprise Linux, Storage and 1 more | 2024-08-04 | 6.5 Medium |
| A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client with separators. This could allow the client to access files and folders outside of the SMB network pathnames. An attacker could use this vulnerability to create files outside of the current working directory using the privileges of the client user. | ||||
| CVE-2019-10197 | 4 Canonical, Debian, Redhat and 1 more | 5 Ubuntu Linux, Debian Linux, Enterprise Linux and 2 more | 2024-08-04 | N/A |
| A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to 4.10.8 and samba 4.11.x up to 4.11.0rc3, when certain parameters were set in the samba configuration file. An unauthenticated attacker could use this flaw to escape the shared directory and access the contents of directories outside the share. | ||||
| CVE-2019-10185 | 4 Debian, Icedtea-web Project, Opensuse and 1 more | 4 Debian Linux, Icedtea-web, Leap and 1 more | 2024-08-04 | 8.6 High |
| It was found that icedtea-web up to and including 1.7.2 and 1.8.2 was vulnerable to a zip-slip attack during auto-extraction of a JAR file. An attacker could use this flaw to write files to arbitrary locations. This could also be used to replace the main running application and, possibly, break out of the sandbox. | ||||
| CVE-2019-10168 | 1 Redhat | 10 Advanced Virtualization, Enterprise Linux, Enterprise Linux Desktop and 7 more | 2024-08-04 | 7.8 High |
| The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an "emulator" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges. | ||||
| CVE-2019-10161 | 2 Canonical, Redhat | 6 Ubuntu Linux, Advanced Virtualization, Enterprise Linux and 3 more | 2024-08-04 | 7.8 High |
| It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use this to probe the existence of arbitrary files, cause denial of service or cause libvirtd to execute arbitrary programs. | ||||
| CVE-2019-10137 | 1 Redhat | 3 Network Proxy, Satellite, Spacewalk | 2024-08-04 | N/A |
| A path traversal flaw was found in spacewalk-proxy, all versions through 2.9, in the way the proxy processes cached client tokens. A remote, unauthenticated attacker could use this flaw to test the existence of arbitrary files, if they have access to the proxy's filesystem, or can execute arbitrary code in the context of the httpd process. | ||||
| CVE-2019-10182 | 2 Icedtea-web Project, Redhat | 7 Icedtea-web, Enterprise Linux, Enterprise Linux Desktop and 4 more | 2024-08-04 | N/A |
| It was found that icedtea-web though 1.7.2 and 1.8.2 did not properly sanitize paths from <jar/> elements in JNLP files. An attacker could trick a victim into running a specially crafted application and use this flaw to upload arbitrary files to arbitrary locations in the context of the user. | ||||