Total
7648 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-9726 | 1 Eq-3 | 2 Ccu3, Ccu3 Firmware | 2024-11-21 | N/A |
| Directory Traversal / Arbitrary File Read in eQ-3 AG Homematic CCU3 3.43.15 and earlier allows remote attackers to read arbitrary files of the device's filesystem. This vulnerability can be exploited by unauthenticated attackers with access to the web interface. | ||||
| CVE-2019-9723 | 1 Logicaldoc | 1 Logicaldoc | 2024-11-21 | N/A |
| LogicalDOC Community Edition 8.x before 8.2.1 has a path traversal vulnerability that allows reading arbitrary files and the creation of directories, in the class PluginRegistry. | ||||
| CVE-2019-9686 | 1 Pacman Project | 1 Pacman | 2024-11-21 | 8.8 High |
| pacman before 5.1.3 allows directory traversal when installing a remote package via a specified URL "pacman -U <url>" due to an unsanitized file name received from a Content-Disposition header. pacman renames the downloaded package file to match the name given in this header. However, pacman did not sanitize this name, which may contain slashes, before calling rename(). A malicious server (or a network MitM if downloading over HTTP) can send a Content-Disposition header to make pacman place the file anywhere in the filesystem, potentially leading to arbitrary root code execution. Notably, this bypasses pacman's package signature checking. This occurs in curl_download_internal in lib/libalpm/dload.c. | ||||
| CVE-2019-9662 | 1 Jtbc | 1 Jtbc Php | 2024-11-21 | N/A |
| An issue was discovered in JTBC(PHP) 3.0.1.8. Its cache management module is flawed. An arbitrary file ending in "inc.php" can be deleted via a console/cache/manage.php?type=action&action=batch&batch=delete&ids=../ substring. | ||||
| CVE-2019-9649 | 1 Coreftp | 1 Core Ftp | 2024-11-21 | N/A |
| An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. Using the MDTM FTP command, a remote attacker can use a directory traversal technique (..\..\) to browse outside the root directory to determine the existence of a file on the operating system, and its last modified date. | ||||
| CVE-2019-9648 | 1 Coreftp | 1 Core Ftp | 2024-11-21 | N/A |
| An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. A directory traversal vulnerability exists using the SIZE command along with a \..\..\ substring, allowing an attacker to enumerate file existence based on the returned information. | ||||
| CVE-2019-9642 | 1 Pydio | 1 Pydio | 2024-11-21 | N/A |
| An issue was discovered in proxy.php in pydio-core in Pydio through 8.2.2. Through an unauthenticated request, it possible to evaluate malicious PHP code by placing it on the fourth line of a .php file, as demonstrated by a PoC.php created by the guest account, with execution via a proxy.php?hash=../../../../../var/lib/pydio/data/personal/guest/PoC.php request. This is related to plugins/action.share/src/Store/ShareStore.php. | ||||
| CVE-2019-9622 | 1 Ebrigade | 1 Ebrigade | 2024-11-21 | N/A |
| eBrigade through 4.5 allows Arbitrary File Download via ../ directory traversal in the showfile.php file parameter, as demonstrated by reading the user-data/save/backup.sql file. | ||||
| CVE-2019-9618 | 1 Gracemedia Media Player Project | 1 Gracemedia Media Player | 2024-11-21 | N/A |
| The GraceMedia Media Player plugin 1.0 for WordPress allows Local File Inclusion via the "cfg" parameter. | ||||
| CVE-2019-9611 | 1 Ofcms Project | 1 Ofcms | 2024-11-21 | N/A |
| An issue was discovered in OFCMS before 1.1.3. It allows admin/cms/template/getTemplates.html?res_path=res directory traversal, with ../ in the dir parameter, to write arbitrary content (in the file_content parameter) into an arbitrary file (specified by the file_name parameter). This is related to the save function in TemplateController.java. | ||||
| CVE-2019-9610 | 1 Ofcms Project | 1 Ofcms | 2024-11-21 | N/A |
| An issue was discovered in OFCMS before 1.1.3. It has admin/cms/template/getTemplates.html?res_path=res&up_dir=../ directory traversal, related to the getTemplates function in TemplateController.java. | ||||
| CVE-2019-9607 | 1 Medical Store Script Project | 1 Medical Store Script | 2024-11-21 | N/A |
| PHP Scripts Mall Medical Store Script 3.0.3 allows Path Traversal by navigating to the parent directory of a jpg or png file. | ||||
| CVE-2019-9489 | 2 Microsoft, Trendmicro | 6 Windows, Apex One, Apex One As A Service and 3 more | 2024-11-21 | N/A |
| A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (versions XG and 11.0), and Worry-Free Business Security (versions 10.0, 9.5 and 9.0) could allow an attacker to modify arbitrary files on the affected product's management console. | ||||
| CVE-2019-9281 | 1 Google | 1 Android | 2024-11-21 | 7.5 High |
| In GoogleContactsSyncAdapter, there is a possible path traversal due to improper input sanitization. This could lead to a bypass of user interaction requirements with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-32748076 | ||||
| CVE-2019-9222 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Insecure Permissions. | ||||
| CVE-2019-9195 | 1 Grin | 1 Grin | 2024-11-21 | 9.8 Critical |
| util/src/zip.rs in Grin before 1.0.2 mishandles suspicious files. An attacker can execute arbitrary code via directory traversal in a ZIP archive. | ||||
| CVE-2019-9157 | 1 Gemalto | 1 Ezio Ds3 Server | 2024-11-21 | N/A |
| Gemalto DS3 Authentication Server 2.6.1-SP01 allows Local File Disclosure. | ||||
| CVE-2019-9106 | 1 Saet | 3 Tebe Small, Tebe Small Firmware, Webapp | 2024-11-21 | N/A |
| The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Small 05.01 build 1137 devices allows remote attackers to execute or include local .php files, as demonstrated by menu=php://filter/convert.base64-encode/resource=index.php to read index.php. | ||||
| CVE-2019-9064 | 1 Cab Booking Script Project | 1 Cab Booking Script | 2024-11-21 | N/A |
| PHP Scripts Mall Cab Booking Script 1.0.3 allows Directory Traversal into the parent directory of a jpg or png file. | ||||
| CVE-2019-9060 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | 7.5 High |
| An issue was discovered in CMS Made Simple 2.2.8. It is possible to achieve unauthenticated path traversal in the CGExtensions module (in the file action.setdefaulttemplate.php) with the m1_filename parameter; and through the action.showmessage.php file, it is possible to read arbitrary file content (by using that path traversal with m1_prefname set to cg_errormsg and m1_resettodefault=1). | ||||