Total
7581 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-18257 | 1 Bagesoft | 1 Bagecms | 2024-11-21 | N/A |
| An issue was discovered in BageCMS 3.1.3. An attacker can delete any files and folders on the web server via an index.php?r=admini/template/batch&command=deleteFile&fileName= or index.php?r=admini/template/batch&command=deleteFolder&folderName=../ directory traversal URI. | ||||
| CVE-2018-17934 | 1 Nuuo | 1 Nuuo Cms | 2024-11-21 | N/A |
| NUUO CMS All versions 3.3 and prior the application allows external input to construct a pathname that is able to be resolved outside the intended directory. This could allow an attacker to impersonate a legitimate user, obtain restricted information, or execute arbitrary code. | ||||
| CVE-2018-17899 | 1 Lcds | 1 Laquis Scada | 2024-11-21 | N/A |
| LAquis SCADA Versions 4.1.0.3870 and prior has a path traversal vulnerability, which may allow remote code execution. | ||||
| CVE-2018-17838 | 1 Jtbc | 1 Jtbc Php | 2024-11-21 | N/A |
| An issue was discovered in JTBC(PHP) 3.0.1.6. Arbitrary file read operations are possible via a /console/#/console/file/manage.php?type=list&path=c:/ substring. | ||||
| CVE-2018-17837 | 1 Jtbc | 1 Jtbc Php | 2024-11-21 | N/A |
| An issue was discovered in JTBC(PHP) 3.0.1.6. Arbitrary file deletion is possible via a /console/file/manage.php?type=action&action=delete&path=c%3A%2F substring. | ||||
| CVE-2018-17836 | 1 Jtbc | 1 Jtbc Php | 2024-11-21 | N/A |
| An issue was discovered in JTBC(PHP) 3.0.1.6. It allows remote attackers to execute arbitrary PHP code by using a /console/file/manage.php?type=action&action=addfile&path=..%2F substring to upload, in conjunction with a multipart/form-data PHP payload. | ||||
| CVE-2018-17798 | 1 Zzcms | 1 Zzcms | 2024-11-21 | N/A |
| An issue was discovered in zzcms 8.3. user/ztconfig.php allows remote attackers to delete arbitrary files via an absolute pathname in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock. | ||||
| CVE-2018-17797 | 1 Zzcms | 1 Zzcms | 2024-11-21 | N/A |
| An issue was discovered in zzcms 8.3. user/zssave.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock. | ||||
| CVE-2018-17785 | 1 Blynk | 1 Blynk-server | 2024-11-21 | N/A |
| In blynk-server in Blynk before 0.39.7, Directory Traversal exists via a ../ in a URI that has /static or /static/js at the beginning, as demonstrated by reading the /etc/passwd file. | ||||
| CVE-2018-17605 | 1 Asset Pipeline Project | 1 Asset-pipeline | 2024-11-21 | N/A |
| An issue was discovered in the Asset Pipeline plugin before 3.0.4 for Grails. An attacker can perform directory traversal via a crafted request when a servlet-based application is executed in Jetty, because there is a classloader vulnerability that can allow a reverse file traversal route in AssetPipelineFilter.groovy or AssetPipelineFilterCore.groovy. | ||||
| CVE-2018-17553 | 1 Naviwebs | 1 Navigate Cms | 2024-11-21 | N/A |
| An "Unrestricted Upload of File with Dangerous Type" issue with directory traversal in navigate_upload.php in Naviwebs Navigate CMS 2.8 allows authenticated attackers to achieve remote code execution via a POST request with engine=picnik and id=../../../navigate_info.php. | ||||
| CVE-2018-17444 | 1 Citrix | 2 Netscaler Sd-wan, Sd-wan | 2024-11-21 | N/A |
| A Directory Traversal issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. | ||||
| CVE-2018-17365 | 1 Seacms | 1 Seacms | 2024-11-21 | 7.5 High |
| SeaCMS 6.64 and 7.2 allows remote attackers to delete arbitrary files via the filedir parameter. | ||||
| CVE-2018-17297 | 1 Hutool | 1 Hutool | 2024-11-21 | N/A |
| The unzip function in ZipUtil.java in Hutool before 4.1.12 allows remote attackers to overwrite arbitrary files via directory traversal sequences in a filename within a ZIP archive. | ||||
| CVE-2018-17180 | 1 Open-emr | 1 Openemr | 2024-11-21 | N/A |
| An issue was discovered in OpenEMR before 5.0.1 Patch 7. Directory Traversal exists via docid=../ to /portal/lib/download_template.php. | ||||
| CVE-2018-17125 | 1 Chshcms | 1 Cscms | 2024-11-21 | N/A |
| CScms 4.1 allows arbitrary directory deletion via a dir=..\\ substring to plugins\sys\admin\Plugins.php. | ||||
| CVE-2018-16968 | 1 Citrix | 1 Sharefile Storagezones Controller | 2024-11-21 | N/A |
| Citrix ShareFile StorageZones Controller before 5.4.2 allows Directory Traversal. | ||||
| CVE-2018-16961 | 1 Buffalo | 1 Open Xdmod | 2024-11-21 | N/A |
| An issue was discovered in Open XDMoD through 7.5.0. html/gui/general/dl_publication.php allows Path traversal via the file parameter, allowing remote attackers to read PDF files in arbitrary directories. | ||||
| CVE-2018-16874 | 4 Debian, Golang, Opensuse and 1 more | 5 Debian Linux, Go, Backports Sle and 2 more | 2024-11-21 | 8.1 High |
| In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both '{' and '}' characters). Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). The attacker can cause an arbitrary filesystem write, which can lead to code execution. | ||||
| CVE-2018-16858 | 2 Libreoffice, Redhat | 2 Libreoffice, Enterprise Linux | 2024-11-21 | N/A |
| It was found that libreoffice before versions 6.0.7 and 6.1.3 was vulnerable to a directory traversal attack which could be used to execute arbitrary macros bundled with a document. An attacker could craft a document, which when opened by LibreOffice, would execute a Python method from a script in any arbitrary file system location, specified relative to the LibreOffice install location. | ||||