Total
5764 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-36629 | 1 Httpster Project | 1 Httpster | 2024-04-11 | N/A | 7.5 HIGH |
| A vulnerability classified as critical was found in SimbCo httpster. This vulnerability affects the function fs.realpathSync of the file src/server.coffee. The manipulation leads to path traversal. The exploit has been disclosed to the public and may be used. The name of the patch is d3055b3e30b40b65d30c5a06d6e053dffa7f35d0. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216748. | |||||
| CVE-2020-36628 | 1 Android Processing Development Environment Project | 1 Android Processing Development Environment | 2024-04-11 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in Calsign APDE. This affects the function handleExtract of the file APDE/src/main/java/com/calsignlabs/apde/build/dag/CopyBuildTask.java of the component ZIP File Handler. The manipulation leads to path traversal. Upgrading to version 0.5.2-pre2-alpha is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216747. | |||||
| CVE-2019-25099 | 1 Afkmods | 1 Qsf-portal | 2024-04-11 | 5.2 MEDIUM | 5.3 MEDIUM |
| A vulnerability classified as critical was found in Arthmoor QSF-Portal. This vulnerability affects unknown code of the file index.php. The manipulation of the argument a leads to path traversal. The patch is identified as ea4f61e23ecb83247d174bc2e2cbab521c751a7d. It is recommended to apply a patch to fix this issue. VDB-217558 is the identifier assigned to this vulnerability. | |||||
| CVE-2019-25098 | 1 Extplorer | 1 Extplorer | 2024-04-11 | 5.2 MEDIUM | 9.8 CRITICAL |
| A vulnerability was found in soerennb eXtplorer up to 2.1.12. It has been classified as critical. This affects an unknown part of the file include/archive.php of the component Archive Handler. The manipulation leads to path traversal. Upgrading to version 2.1.13 is able to address this issue. The identifier of the patch is b8fcb888f4ff5e171c16797a4b075c6c6f50bf46. It is recommended to upgrade the affected component. The identifier VDB-217437 was assigned to this vulnerability. | |||||
| CVE-2019-25097 | 1 Extplorer | 1 Extplorer | 2024-04-11 | 5.2 MEDIUM | 9.8 CRITICAL |
| A vulnerability was found in soerennb eXtplorer up to 2.1.12 and classified as critical. Affected by this issue is some unknown functionality of the component Directory Content Handler. The manipulation leads to path traversal. Upgrading to version 2.1.13 is able to address this issue. The name of the patch is b8fcb888f4ff5e171c16797a4b075c6c6f50bf46. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217436. | |||||
| CVE-2019-25087 | 1 Httpserver Project | 1 Httpserver | 2024-04-11 | N/A | 7.5 HIGH |
| A vulnerability was found in RamseyK httpserver. It has been rated as critical. This issue affects the function ResourceHost::getResource of the file src/ResourceHost.cpp of the component URI Handler. The manipulation of the argument uri leads to path traversal: '../filedir'. The attack may be initiated remotely. The name of the patch is 1a0de56e4dafff9c2f9c8f6b130a764f7a50df52. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216863. | |||||
| CVE-2019-19372 | 1 Rconfig | 1 Rconfig | 2024-04-11 | 5.0 MEDIUM | 7.5 HIGH |
| A downloadFile.php download_file path traversal vulnerability in rConfig through 3.9.3 allows attackers to list files in arbitrary folders and potentially download files. NOTE: the discoverer later reported that there was not a "fully working exploit. | |||||
| CVE-2019-11879 | 1 Ruby-lang | 1 Webrick | 2024-04-11 | 2.1 LOW | 5.5 MEDIUM |
| The WEBrick gem 1.4.2 for Ruby allows directory traversal if the attacker once had local access to create a symlink to a location outside of the web root directory. NOTE: The vendor states that this is analogous to Options FollowSymlinks in the Apache HTTP Server, and therefore it is "not a problem. | |||||
| CVE-2018-7482 | 1 Joomlaworks | 1 K2 | 2024-04-11 | 5.0 MEDIUM | 7.5 HIGH |
| The K2 component 2.8.0 for Joomla! has Incorrect Access Control with directory traversal, allowing an attacker to download arbitrary files, as demonstrated by a view=media&task=connector&cmd=file&target=l1_../configuration.php&download=1 request. The specific pathname ../configuration.php should be base64 encoded for a valid attack. NOTE: the vendor disputes this issue because only files under the media-manager path can be downloaded, and the documentation indicates that sensitive information does not belong there. Nonetheless, 2.8.1 has additional blocking of .php downloads | |||||
| CVE-2018-25094 | 1 Kotchasan | 1 Online Accounting System | 2024-04-11 | 2.7 LOW | 7.5 HIGH |
| A vulnerability was found in ระบบบัญชีออนไลน์ Online Accounting System up to 1.4.0 and classified as problematic. This issue affects some unknown processing of the file ckeditor/filemanager/browser/default/image.php. The manipulation of the argument fid with the input ../../../etc/passwd leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. Upgrading to version 2.0.0 is able to address this issue. The identifier of the patch is 9d9618422b980335bb30be612ea90f4f56cb992c. It is recommended to upgrade the affected component. The identifier VDB-246641 was assigned to this vulnerability. | |||||
| CVE-2018-25059 | 1 Pastebinit Project | 1 Pastebinit | 2024-04-11 | 2.7 LOW | 5.3 MEDIUM |
| A vulnerability was found in pastebinit up to 0.2.2 and classified as problematic. Affected by this issue is the function pasteHandler of the file server.go. The manipulation of the argument r.URL.Path leads to path traversal. Upgrading to version 0.2.3 is able to address this issue. The name of the patch is 1af2facb6d95976c532b7f8f82747d454a092272. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217040. | |||||
| CVE-2018-20437 | 1 Mrbird | 1 Febs-shiro | 2024-04-11 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the fileDownload function in the CommonController class in FEBS-Shiro before 2018-11-05. An attacker can download a file via a request of the form /common/download?filename=1.jsp&delete=false. NOTE: the software maintainer disputes the significance of this report because the product uses a JAR archive for deployment, and this contains application.yml with configuration data | |||||
| CVE-2018-18586 | 1 Kyzer | 1 Libmspack | 2024-04-11 | 5.0 MEDIUM | 5.3 MEDIUM |
| chmextract.c in the chmextract sample program, as distributed with libmspack before 0.8alpha, does not protect against absolute/relative pathnames in CHM files, leading to Directory Traversal. NOTE: the vendor disputes that this is a libmspack vulnerability, because chmextract.c was only intended as a source-code example, not a supported application | |||||
| CVE-2018-12909 | 1 Webgrind Project | 1 Webgrind | 2024-04-11 | 7.8 HIGH | 7.5 HIGH |
| Webgrind 1.5 relies on user input to display a file, which lets anyone view files from the local filesystem (that the webserver user has access to) via an index.php?op=fileviewer&file= URI. NOTE: the vendor indicates that the product is not intended for a "publicly accessible environment. | |||||
| CVE-2017-9833 | 1 Boa | 1 Boa | 2024-04-11 | 7.8 HIGH | 7.5 HIGH |
| /cgi-bin/wapopen in Boa 0.94.14rc21 allows the injection of "../.." using the FILECAMERA variable (sent by GET) to read files with root privileges. NOTE: multiple third parties report that this is a system-integrator issue (e.g., a vulnerability on one type of camera) because Boa does not include any wapopen program or any code to read a FILECAMERA variable. | |||||
| CVE-2017-20181 | 1 Vocable Trainer Project | 1 Vocable Trainer | 2024-04-11 | 4.3 MEDIUM | 5.5 MEDIUM |
| A vulnerability classified as critical was found in hgzojer Vocable Trainer up to 1.3.0 on Android. This vulnerability affects unknown code of the file src/at/hgz/vocabletrainer/VocableTrainerProvider.java. The manipulation leads to path traversal. Attacking locally is a requirement. Upgrading to version 1.3.1 is able to address this issue. The name of the patch is accf6838078f8eb105cfc7865aba5c705fb68426. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-222328. | |||||
| CVE-2017-20152 | 1 Imageserve Project | 1 Imageserve | 2024-04-11 | 2.1 LOW | 7.5 HIGH |
| A vulnerability, which was classified as problematic, was found in aerouk imageserve. Affected is an unknown function of the file public/viewer.php of the component File Handler. The manipulation of the argument filelocation leads to path traversal. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is bd23c784f0e5cb12f66d15c100248449f87d72e2. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217056. | |||||
| CVE-2017-17058 | 1 Automattic | 1 Woocommerce | 2024-04-11 | 5.0 MEDIUM | 7.5 HIGH |
| The WooCommerce plugin through 3.x for WordPress has a Directory Traversal Vulnerability via a /wp-content/plugins/woocommerce/templates/emails/plain/ URI, which accesses a parent directory. NOTE: a software maintainer indicates that Directory Traversal is not possible because all of the template files have "if (!defined('ABSPATH')) {exit;}" code | |||||
| CVE-2016-15038 | 2024-04-11 | 6.4 MEDIUM | 6.5 MEDIUM | ||
| A vulnerability, which was classified as critical, was found in NUUO NVRmini 2 up to 3.0.8. Affected is an unknown function of the file /deletefile.php. The manipulation of the argument filename leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258780. | |||||
| CVE-2016-15023 | 1 Sitefusion | 1 Application Server | 2024-04-11 | 2.7 LOW | 5.3 MEDIUM |
| A vulnerability, which was classified as problematic, was found in SiteFusion Application Server up to 6.6.6. This affects an unknown part of the file getextension.php of the component Extension Handler. The manipulation leads to path traversal. Upgrading to version 6.6.7 is able to address this issue. The identifier of the patch is 49fff155c303d6cd06ce8f97bba56c9084bf08ac. It is recommended to upgrade the affected component. The identifier VDB-219765 was assigned to this vulnerability. | |||||