Total
6512 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-10182 | 2 Icedtea-web Project, Redhat | 7 Icedtea-web, Enterprise Linux, Enterprise Linux Desktop and 4 more | 2024-08-04 | N/A |
| It was found that icedtea-web though 1.7.2 and 1.8.2 did not properly sanitize paths from <jar/> elements in JNLP files. An attacker could trick a victim into running a specially crafted application and use this flaw to upload arbitrary files to arbitrary locations in the context of the user. | ||||
| CVE-2019-10152 | 3 Libpod Project, Opensuse, Redhat | 3 Libpod, Leap, Rhel Extras Other | 2024-08-04 | 7.2 High |
| A path traversal vulnerability has been discovered in podman before version 1.4.0 in the way it handles symlinks inside containers. An attacker who has compromised an existing container can cause arbitrary files on the host filesystem to be read/written when an administrator tries to copy a file from/to the container. | ||||
| CVE-2019-10167 | 1 Redhat | 10 Advanced Virtualization, Enterprise Linux, Enterprise Linux Desktop and 7 more | 2024-08-04 | 7.8 High |
| The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges. | ||||
| CVE-2019-10038 | 1 Evernote | 1 Evernote | 2024-08-04 | N/A |
| Evernote 7.9 on macOS allows attackers to execute arbitrary programs by embedding a reference to a local executable file such as the /Applications/Calculator.app/Contents/MacOS/Calculator file. | ||||
| CVE-2019-10009 | 1 Southrivertech | 1 Titan Ftp Server | 2024-08-04 | N/A |
| A Directory Traversal issue was discovered in the Web GUI in Titan FTP Server 2019 Build 3505. When an authenticated user attempts to preview an uploaded file (through PreviewHandler.ashx) by using a \..\..\ technique, arbitrary files can be loaded in the server response outside the root directory. | ||||
| CVE-2019-9960 | 1 Limesurvey | 1 Limesurvey | 2024-08-04 | N/A |
| The downloadZip function in application/controllers/admin/export.php in LimeSurvey through 3.16.1+190225 allows a relative path. | ||||
| CVE-2019-9948 | 6 Canonical, Debian, Fedoraproject and 3 more | 18 Ubuntu Linux, Debian Linux, Fedora and 15 more | 2024-08-04 | 9.1 Critical |
| urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call. | ||||
| CVE-2019-9922 | 1 Harmistechnology | 1 Je Messenger | 2024-08-04 | 7.5 High |
| An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. Directory Traversal allows read access to arbitrary files. | ||||
| CVE-2019-9858 | 2 Debian, Horde | 2 Debian Linux, Groupware | 2024-08-04 | 8.8 High |
| Remote code execution was discovered in Horde Groupware Webmail 5.2.22 and 5.2.17. Horde/Form/Type.php contains a vulnerable class that handles image upload in forms. When the Horde_Form_Type_image method onSubmit() is called on uploads, it invokes the functions getImage() and _getUpload(), which uses unsanitized user input as a path to save the image. The unsanitized POST parameter object[photo][img][file] is saved in the $upload[img][file] PHP variable, allowing an attacker to manipulate the $tmp_file passed to move_uploaded_file() to save the uploaded file. By setting the parameter to (for example) ../usr/share/horde/static/bd.php, one can write a PHP backdoor inside the web root. The static/ destination folder is a good candidate to drop the backdoor because it is always writable in Horde installations. (The unsanitized POST parameter went probably unnoticed because it's never submitted by the forms, which default to securely using a random path.) | ||||
| CVE-2019-9889 | 1 Vanillaforums | 1 Vanilla | 2024-08-04 | N/A |
| In Vanilla before 2.6.4, a flaw exists within the getSingleIndex function of the AddonManager class. The issue results in a require call using a crafted type value, leading to Directory Traversal with File Inclusion. An attacker can leverage this vulnerability to execute code under the context of the web server. | ||||
| CVE-2019-9723 | 1 Logicaldoc | 1 Logicaldoc | 2024-08-04 | N/A |
| LogicalDOC Community Edition 8.x before 8.2.1 has a path traversal vulnerability that allows reading arbitrary files and the creation of directories, in the class PluginRegistry. | ||||
| CVE-2019-9726 | 1 Eq-3 | 2 Ccu3, Ccu3 Firmware | 2024-08-04 | N/A |
| Directory Traversal / Arbitrary File Read in eQ-3 AG Homematic CCU3 3.43.15 and earlier allows remote attackers to read arbitrary files of the device's filesystem. This vulnerability can be exploited by unauthenticated attackers with access to the web interface. | ||||
| CVE-2019-9686 | 1 Pacman Project | 1 Pacman | 2024-08-04 | 8.8 High |
| pacman before 5.1.3 allows directory traversal when installing a remote package via a specified URL "pacman -U <url>" due to an unsanitized file name received from a Content-Disposition header. pacman renames the downloaded package file to match the name given in this header. However, pacman did not sanitize this name, which may contain slashes, before calling rename(). A malicious server (or a network MitM if downloading over HTTP) can send a Content-Disposition header to make pacman place the file anywhere in the filesystem, potentially leading to arbitrary root code execution. Notably, this bypasses pacman's package signature checking. This occurs in curl_download_internal in lib/libalpm/dload.c. | ||||
| CVE-2019-9649 | 1 Coreftp | 1 Core Ftp | 2024-08-04 | N/A |
| An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. Using the MDTM FTP command, a remote attacker can use a directory traversal technique (..\..\) to browse outside the root directory to determine the existence of a file on the operating system, and its last modified date. | ||||
| CVE-2019-9662 | 1 Jtbc | 1 Jtbc Php | 2024-08-04 | N/A |
| An issue was discovered in JTBC(PHP) 3.0.1.8. Its cache management module is flawed. An arbitrary file ending in "inc.php" can be deleted via a console/cache/manage.php?type=action&action=batch&batch=delete&ids=../ substring. | ||||
| CVE-2019-9648 | 1 Coreftp | 1 Core Ftp | 2024-08-04 | N/A |
| An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. A directory traversal vulnerability exists using the SIZE command along with a \..\..\ substring, allowing an attacker to enumerate file existence based on the returned information. | ||||
| CVE-2019-9642 | 1 Pydio | 1 Pydio | 2024-08-04 | N/A |
| An issue was discovered in proxy.php in pydio-core in Pydio through 8.2.2. Through an unauthenticated request, it possible to evaluate malicious PHP code by placing it on the fourth line of a .php file, as demonstrated by a PoC.php created by the guest account, with execution via a proxy.php?hash=../../../../../var/lib/pydio/data/personal/guest/PoC.php request. This is related to plugins/action.share/src/Store/ShareStore.php. | ||||
| CVE-2019-9622 | 1 Ebrigade | 1 Ebrigade | 2024-08-04 | N/A |
| eBrigade through 4.5 allows Arbitrary File Download via ../ directory traversal in the showfile.php file parameter, as demonstrated by reading the user-data/save/backup.sql file. | ||||
| CVE-2019-9618 | 1 Gracemedia Media Player Project | 1 Gracemedia Media Player | 2024-08-04 | N/A |
| The GraceMedia Media Player plugin 1.0 for WordPress allows Local File Inclusion via the "cfg" parameter. | ||||
| CVE-2019-9607 | 1 Medical Store Script Project | 1 Medical Store Script | 2024-08-04 | N/A |
| PHP Scripts Mall Medical Store Script 3.0.3 allows Path Traversal by navigating to the parent directory of a jpg or png file. | ||||