Total
6512 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-9489 | 2 Microsoft, Trendmicro | 6 Windows, Apex One, Apex One As A Service and 3 more | 2024-08-04 | N/A |
| A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (versions XG and 11.0), and Worry-Free Business Security (versions 10.0, 9.5 and 9.0) could allow an attacker to modify arbitrary files on the affected product's management console. | ||||
| CVE-2019-9281 | 1 Google | 1 Android | 2024-08-04 | 7.5 High |
| In GoogleContactsSyncAdapter, there is a possible path traversal due to improper input sanitization. This could lead to a bypass of user interaction requirements with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-32748076 | ||||
| CVE-2019-9222 | 1 Gitlab | 1 Gitlab | 2024-08-04 | N/A |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Insecure Permissions. | ||||
| CVE-2019-9157 | 1 Gemalto | 1 Ezio Ds3 Server | 2024-08-04 | N/A |
| Gemalto DS3 Authentication Server 2.6.1-SP01 allows Local File Disclosure. | ||||
| CVE-2019-9195 | 1 Grin | 1 Grin | 2024-08-04 | 9.8 Critical |
| util/src/zip.rs in Grin before 1.0.2 mishandles suspicious files. An attacker can execute arbitrary code via directory traversal in a ZIP archive. | ||||
| CVE-2019-9064 | 1 Cab Booking Script Project | 1 Cab Booking Script | 2024-08-04 | N/A |
| PHP Scripts Mall Cab Booking Script 1.0.3 allows Directory Traversal into the parent directory of a jpg or png file. | ||||
| CVE-2019-9106 | 1 Saet | 3 Tebe Small, Tebe Small Firmware, Webapp | 2024-08-04 | N/A |
| The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Small 05.01 build 1137 devices allows remote attackers to execute or include local .php files, as demonstrated by menu=php://filter/convert.base64-encode/resource=index.php to read index.php. | ||||
| CVE-2019-9060 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-08-04 | 7.5 High |
| An issue was discovered in CMS Made Simple 2.2.8. It is possible to achieve unauthenticated path traversal in the CGExtensions module (in the file action.setdefaulttemplate.php) with the m1_filename parameter; and through the action.showmessage.php file, it is possible to read arbitrary file content (by using that path traversal with m1_prefname set to cg_errormsg and m1_resettodefault=1). | ||||
| CVE-2019-8952 | 1 Bosch | 6 Divar Ip 2000, Divar Ip 2000 Firmware, Divar Ip 5000 and 3 more | 2024-08-04 | N/A |
| A Path Traversal vulnerability located in the webserver affects several Bosch hardware and software products. The vulnerability potentially allows a remote authorized user to access arbitrary files on the system via the network interface. Affected hardware products: Bosch DIVAR IP 2000 (vulnerable versions: 3.10; 3.20; 3.21; 3.50; 3.51; 3.55; 3.60; 3.61; 3.62; fixed versions: 3.62.0019 and newer), Bosch DIVAR IP 5000 (vulnerable versions: 3.10; 3.20; 3.21; 3.50; 3.51; 3.55; 3.60; 3.61; 3.62; fixed versions: 3.80.0033 and newer). Affected software products: Video Recording Manager (VRM) (vulnerable versions: 3.10; 3.20; 3.21; 3.50; 3.51; 3.55; 3.60; 3.61; 3.62; 3.70; 3.71 before 3.71.0032 ; fixed versions: 3.71.0032; 3.81.0032 and newer), Bosch Video Management System (BVMS) (vulnerable versions: 3.50.00XX; 3.55.00XX; 3.60.00XX; 3.70.0056; fixed versions: 7.5; 3.71.0032). | ||||
| CVE-2019-9005 | 1 Cprime | 1 Power Scripts | 2024-08-04 | N/A |
| The Cprime Power Scripts app before 4.0.14 for Atlassian Jira allows Directory Traversal. | ||||
| CVE-2019-9015 | 1 Mopcms | 1 Mopcms | 2024-08-04 | N/A |
| A Path Traversal vulnerability was discovered in MOPCMS through 2018-11-30, leading to deletion of unexpected critical files. The exploitation point is in the "column management" function. The path added to the column is not verified. When a column is deleted by an attacker, the corresponding directory is deleted, as demonstrated by ./ to delete the entire web site. | ||||
| CVE-2019-8925 | 1 Zohocorp | 1 Manageengine Netflow Analyzer | 2024-08-04 | N/A |
| An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. An Absolute Path Traversal vulnerability in the Administration zone, in /netflow/servlet/CReportPDFServlet (via the parameter schFilePath), allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via any file name, such as a schFilePath=C:\boot.ini value. | ||||
| CVE-2019-8943 | 1 Wordpress | 1 Wordpress | 2024-08-04 | 6.5 Medium |
| WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An attacker (who has privileges to crop an image) can write the output image to an arbitrary directory via a filename containing two image extensions and ../ sequences, such as a filename ending with the .jpg?/../../file.jpg substring. | ||||
| CVE-2019-8903 | 1 Totaljs | 1 Total.js | 2024-08-04 | N/A |
| index.js in Total.js Platform before 3.2.3 allows path traversal. | ||||
| CVE-2019-8412 | 1 Feifeicms | 1 Feifeicms | 2024-08-04 | N/A |
| FeiFeiCms 4.0.181010 on Windows allows remote attackers to read or delete arbitrary files via index.php?s=Admin-Data-Down-id-..\ or index.php?s=Admin-Data-Del-id-..\ directory traversal. | ||||
| CVE-2019-8389 | 1 Musicloud Project | 1 Musicloud | 2024-08-04 | 8.1 High |
| A file-read vulnerability was identified in the Wi-Fi transfer feature of Musicloud 1.6. By default, the application runs a transfer service on port 8080, accessible by everyone on the same Wi-Fi network. An attacker can send the POST parameters downfiles and cur-folder (with a crafted ../ payload) to the download.script endpoint. This will create a MusicPlayerArchive.zip archive that is publicly accessible and includes the content of any requested file (such as the /etc/passwd file). | ||||
| CVE-2019-8407 | 1 Hongcms Project | 1 Hongcms | 2024-08-04 | N/A |
| HongCMS 3.0.0 allows arbitrary file read and write operations via a ../ in the filename parameter to the admin/index.php/language/edit URI. | ||||
| CVE-2019-8291 | 1 Online Store System Project | 1 Online Store System | 2024-08-04 | 7.5 High |
| Online Store System v1.0 delete_file.php doesn't check to see if a user has administrative rights nor does it check for path traversal. | ||||
| CVE-2019-8385 | 1 Thomsonreuters | 2 Concourse Matter Room, Firm Central Desktop | 2024-08-04 | N/A |
| An issue was discovered in Thomson Reuters Desktop Extensions 1.9.0.358. An unauthenticated directory traversal and local file inclusion vulnerability in the ThomsonReuters.Desktop.Service.exe and ThomsonReuters.Desktop.exe allows a remote attacker to list or enumerate sensitive contents of files via a \.. to port 6677. Additionally, this could allow for privilege escalation by dumping the affected machine's SAM and SYSTEM database files, as well as remote code execution. | ||||
| CVE-2019-8411 | 1 Zzcms | 1 Zzcms | 2024-08-04 | N/A |
| admin/dl_data.php in zzcms 2018 (2018-10-19) allows remote attackers to delete arbitrary files via action=del&filename=../ directory traversal. | ||||