Total
7590 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-6810 | 1 Citrix | 4 Netscaler Application Delivery Controller, Netscaler Application Delivery Controller Firmware, Netscaler Gateway and 1 more | 2024-11-21 | N/A |
| Directory traversal vulnerability in NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allows remote attackers to traverse the directory on the target system via a crafted request. | ||||
| CVE-2018-6677 | 1 Mcafee | 1 Mcafee Web Gateway | 2024-11-21 | 9.1 Critical |
| Directory Traversal vulnerability in the administrative user interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to gain elevated privileges via unspecified vectors. | ||||
| CVE-2018-6660 | 1 Mcafee | 1 Epolicy Orchestrator | 2024-11-21 | N/A |
| Directory Traversal vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 and 5.9.0 allows administrators to use Windows alternate data streams, which could be used to bypass the file extensions, via not properly validating the path when exporting a particular XML file. | ||||
| CVE-2018-6500 | 1 Hp | 1 Arcsight Management Center | 2024-11-21 | N/A |
| A potential Directory Traversal Security vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be remotely exploited to allow Directory Traversal. | ||||
| CVE-2018-6409 | 1 Machform | 1 Machform | 2024-11-21 | N/A |
| An issue was discovered in Appnitro MachForm before 4.2.3. The module in charge of serving stored files gets the path from the database. Modifying the name of the file to serve on the corresponding ap_form table leads to a path traversal vulnerability via the download.php q parameter. | ||||
| CVE-2018-6397 | 1 Joomlacalendars | 1 Picture Calendar | 2024-11-21 | N/A |
| Directory Traversal exists in the Picture Calendar 3.1.4 component for Joomla! via the list.php folder parameter. | ||||
| CVE-2018-6356 | 2 Jenkins, Oracle | 2 Jenkins, Communications Cloud Native Core Automated Test Suite | 2024-11-21 | 6.5 Medium |
| Jenkins before 2.107 and Jenkins LTS before 2.89.4 did not properly prevent specifying relative paths that escape a base directory for URLs accessing plugin resource files. This allowed users with Overall/Read permission to download files from the Jenkins master they should not have access to. On Windows, any file accessible to the Jenkins master process could be downloaded. On other operating systems, any file within the Jenkins home directory accessible to the Jenkins master process could be downloaded. | ||||
| CVE-2018-6184 | 1 Zeit | 1 Next.js | 2024-11-21 | N/A |
| ZEIT Next.js 4 before 4.2.3 has Directory Traversal under the /_next request namespace. | ||||
| CVE-2018-6022 | 1 5none | 1 Nonecms | 2024-11-21 | N/A |
| Directory traversal vulnerability in application/admin/controller/Main.php in NoneCms through 1.3.0 allows remote authenticated users to delete arbitrary files by leveraging back-office access to provide a ..\ in the param.path parameter. | ||||
| CVE-2018-5997 | 1 Ravpower | 1 Filehub Firmware | 2024-11-21 | N/A |
| An issue was discovered in the HTTP Server in RAVPower Filehub 2.000.056. Due to an unrestricted upload feature and a path traversal vulnerability, it is possible to upload a file on a filesystem with root privileges: this will lead to remote code execution as root. | ||||
| CVE-2018-5755 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | N/A |
| Absolute path traversal vulnerability in the readerengine component in Open-Xchange OX App Suite before 7.6.3-rev3, 7.8.x before 7.8.2-rev4, 7.8.3 before 7.8.3-rev5, and 7.8.4 before 7.8.4-rev4 allows remote attackers to read arbitrary files via a full pathname in a formula in a spreadsheet. | ||||
| CVE-2018-5700 | 1 Magicwinmail | 1 Winmail Server | 2024-11-21 | N/A |
| Winmail Server through 6.2 allows remote code execution by authenticated users who leverage directory traversal in a netdisk.php copy_folder_file call (in inc/class.ftpfolder.php) to move a .php file from the FTP folder into a web folder. | ||||
| CVE-2018-5445 | 1 Advantech | 1 Webaccess\/scada | 2024-11-21 | N/A |
| A Path Traversal issue was discovered in Advantech WebAccess/SCADA versions prior to V8.2_20170817. An attacker has read access to files within the directory structure of the target device. | ||||
| CVE-2018-5337 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-11-21 | N/A |
| An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: directory traversal in the SCRIPT_NAME field when modifying existing scripts. | ||||
| CVE-2018-5310 | 1 Media From Ftp Project | 1 Media From Ftp | 2024-11-21 | N/A |
| In the "Media from FTP" plugin before 9.85 for WordPress, Directory Traversal exists via the searchdir parameter to the wp-admin/admin.php?page=mediafromftp-search-register URI. | ||||
| CVE-2018-5291 | 1 Gd Rating System Project | 1 Gd Rating System | 2024-11-21 | N/A |
| The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-tools page. | ||||
| CVE-2018-5290 | 1 Gd Rating System Project | 1 Gd Rating System | 2024-11-21 | N/A |
| The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-transfer page. | ||||
| CVE-2018-5289 | 1 Gd Rating System Project | 1 Gd Rating System | 2024-11-21 | N/A |
| The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-information page. | ||||
| CVE-2018-5287 | 1 Gd Rating System Project | 1 Gd Rating System | 2024-11-21 | N/A |
| The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-about page. | ||||
| CVE-2018-5283 | 1 Photos In Wifi Project | 1 Photos In Wifi | 2024-11-21 | N/A |
| The Photos in Wifi application 1.0.1 for iOS has directory traversal via the ext parameter to assets-library://asset/asset.php. | ||||