Total
6512 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-7213 | 1 Smartertools | 1 Smartermail | 2024-08-04 | N/A |
| SmarterTools SmarterMail 16.x before build 6985 allows directory traversal. An authenticated user could delete arbitrary files or could create files in new folders in arbitrary locations on the mail server. This could lead to command execution on the server for instance by putting files inside the web directories. | ||||
| CVE-2019-7195 | 1 Qnap | 2 Photo Station, Qts | 2024-08-04 | 9.8 Critical |
| This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP recommend updating Photo Station to their latest versions. | ||||
| CVE-2019-7160 | 1 Idreamsoft | 1 Icms | 2024-08-04 | N/A |
| idreamsoft iCMS 7.0.13 allows admincp.php?app=files ../ Directory Traversal via the udir parameter to files.admincp.php, resulting in execution of arbitrary PHP code from a ZIP file via the admincp.php?app=apps zipfile parameter to apps.admincp.php. | ||||
| CVE-2019-7194 | 1 Qnap | 2 Photo Station, Qts | 2024-08-04 | 9.8 Critical |
| This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP recommend updating Photo Station to their latest versions. | ||||
| CVE-2019-7106 | 2 Adobe, Apple | 2 Xd, Mac Os X | 2024-08-04 | N/A |
| Adobe XD versions 16.0 and earlier have a path traversal vulnerability. Successful exploitation could lead to arbitrary code execution. | ||||
| CVE-2019-7105 | 2 Adobe, Apple | 2 Xd, Mac Os X | 2024-08-04 | N/A |
| Adobe XD versions 16.0 and earlier have a path traversal vulnerability. Successful exploitation could lead to arbitrary code execution. | ||||
| CVE-2019-6754 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2024-08-04 | 7.8 High |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.3.10826. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the localFileStorage method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7407. | ||||
| CVE-2019-6726 | 1 Wpfastestcache | 1 Wp Fastest Cache | 2024-08-04 | N/A |
| The WP Fastest Cache plugin through 0.8.9.0 for WordPress allows remote attackers to delete arbitrary files because wp_postratings_clear_fastest_cache and rm_folder_recursively in wpFastestCache.php mishandle ../ in an HTTP Referer header. | ||||
| CVE-2019-6783 | 1 Gitlab | 1 Gitlab | 2024-08-04 | 8.8 High |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. GitLab Pages contains a directory traversal vulnerability that could lead to remote command execution. | ||||
| CVE-2019-6714 | 1 Blogengine | 1 Blogengine.net | 2024-08-04 | N/A |
| An issue was discovered in BlogEngine.NET through 3.3.6.0. A path traversal and Local File Inclusion vulnerability in PostList.ascx.cs can cause unauthenticated users to load a PostView.ascx component from a potentially untrusted location on the local filesystem. This is especially dangerous if an authenticated user uploads a PostView.ascx file using the file manager utility, which is currently allowed. This results in remote code execution for an authenticated user. | ||||
| CVE-2019-6500 | 1 Axway | 1 File Tranfer Direct | 2024-08-04 | N/A |
| In Axway File Transfer Direct 2.7.1, an unauthenticated Directory Traversal vulnerability can be exploited by issuing a specially crafted HTTP GET request with %2e instead of '.' characters, as demonstrated by an initial /h2hdocumentation//%2e%2e/ substring. | ||||
| CVE-2019-6274 | 1 Gl-inet | 2 Gl-ar300m-lite, Gl-ar300m-lite Firmware | 2024-08-04 | N/A |
| Directory traversal vulnerability in storage_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to have unspecified impact via directory traversal sequences. | ||||
| CVE-2019-6273 | 1 Gl-inet | 2 Gl-ar300m-lite, Gl-ar300m-lite Firmware | 2024-08-04 | N/A |
| download_file in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to download arbitrary files. | ||||
| CVE-2019-6240 | 1 Gitlab | 1 Gitlab | 2024-08-04 | N/A |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.4. It allows Directory Traversal. | ||||
| CVE-2019-6113 | 1 Onkyo | 2 Tx-nr686, Tx-nr686 Firmware | 2024-08-04 | N/A |
| Directory traversal vulnerability on ONKYO TX-NR686 1030-5000-1040-0010 A/V Receiver devices allows remote attackers to read arbitrary files via a .. (dot dot) and %2f to the default URI. | ||||
| CVE-2019-6022 | 1 Cybozu | 1 Office | 2024-08-04 | 6.5 Medium |
| Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.3 allows remote authenticated attackers to alter arbitrary files via the 'Customapp' function. | ||||
| CVE-2019-6111 | 10 Apache, Canonical, Debian and 7 more | 27 Mina Sshd, Ubuntu Linux, Debian Linux and 24 more | 2024-08-04 | 5.9 Medium |
| An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file). | ||||
| CVE-2019-5956 | 1 Wondercms | 1 Wondercms | 2024-08-04 | 6.5 Medium |
| Directory traversal vulnerability in WonderCMS 2.6.0 and earlier allows remote attackers to delete arbitrary files via unspecified vectors. | ||||
| CVE-2019-5889 | 1 Overit | 1 Geocall | 2024-08-04 | 7.5 High |
| An log-management directory traversal issue was discovered in OverIT Geocall 6.3 before build 2:346977. | ||||
| CVE-2019-5887 | 1 Shopxo | 1 Shopxo | 2024-08-04 | N/A |
| An issue was discovered in ShopXO 1.2.0. In the UnlinkDir method of the FileUtil.php file, the input parameters are not checked, resulting in input mishandling by the rmdir method. Attackers can delete arbitrary files by using "../" directory traversal. | ||||