CWE:
 

Topic
Date
Author
Med.
IPConfigure Orchid VMS 2.0.5 Directory Traversal Information Disclosure
20.06.2018
Sanjiv Kawa
Med.
Redatam Web Server Directory Traversal
18.06.2018
Berk Dusunur
High
WordPress Redirection 2.7.3 Remote File Inclusion
13.06.2018
Glyn Wintle
Med.
TAC Xenta 511/911 Directory Traversal
31.05.2018
Marek Cybul
High
Cisco SA520W Security Appliance Path Traversal
19.05.2018
Nassim Asrir
High
ProjectPier 0.8.8 SQL Injection / Authentication Bypass / RFI
15.05.2018
Imre Rad
Med.
IceWarp Mail Server < 11.1.1 Directory Traversal
04.05.2018
Piotr Karolak
Med.
Sitecore.NET 8.1 Directory Traversal
27.04.2018
Chris Moberly
Med.
Ncomputing vSpace Pro v10 and v11 Directory Traversal PoC
24.04.2018
Javier Bernardo
Med.
Seagate Media Server Path Traversal
20.04.2018
Yorick Koster
Med.
TwonkyMedia Server 7.0.11-8.5 Directory Traversal
29.03.2018
Sven Fassbender
Med.
Acrolinx Server Directory Traversal
27.03.2018
Berk Dusunur
Med.
Bomgar Remote Support Portal (RSP) Path Traversal
24.03.2018
Filip Palian
Med.
Advantech WebAccess < 8.3 Directory Traversal / Remote Code Execution
13.03.2018
Chris Lyne
Med.
Parallels Remote Application Server 15.5 Path Traversal
04.03.2018
Nicolas Markitanis
Med.
uWSGI < 2.0.17 Directory Traversal
03.03.2018
Marios Nicolaides
Med.
Sophos XG Firewall 16.05.4 MR-4 Path Traversal
16.02.2018
SecuriTeam
Med.
Oracle Hospitality Simphony (MICROS) 2.9 Directory Traversal
05.02.2018
Dmitry Chastuhin
Med.
Joomla! Picture Calendar For Joomla 3.1.4 Directory Traversal
31.01.2018
Ihsan Sencan
Med.
PACSOne Server 6.6.2 DICOM Web Viewer Directory Traversal
29.01.2018
Carlos Avila
Med.
Yawcam 0.6.0 Directory Traversal
09.01.2018
David Panter
Med.
WordPress WooCommerce 2.0 / 3.0 Directory Traversal
01.12.2017
Fu2x200
Med.
Android Gmail < 7.11.5.176568039 Directory Traversal in Attachment Download
28.11.2017
Google
Med.
Ulterius Server < 1.9.5.0 Directory Traversal
15.11.2017
Rick Osgood
Med.
3CX Phone System 15.5.3554.1 Directory Traversal
18.10.2017
Jens Regel
Med.
WordPress Smush Image 2.7.4.1 Directory Traversal
05.10.2017
Ricardo Sanchez
Med.
Cloudview NMS 2.00b Writable Directory Traversal Execution
17.09.2017
james fitts
Med.
Carlo Gavazzi Powersoft 2.1.1.1 Directory Traversal
15.09.2017
james fitts
Med.
Indusoft Web Studio - Directory Traversal Information Disclosure
14.09.2017
james fitts
Med.
Huawei HG255s Directory Traversal
08.09.2017
Ahmet Mersin
High
Automated Logic WebCTRL 6.1 Path Traversal Arbitrary File Write
23.08.2017
Gjoko 'LiquidWorm' Krs...
Low
Cisco DDR2200 / 2201v1 Insecure Direct Object Reference / Path Traversal
17.07.2017
Matheus Bernardes
Med.
Schneider Electric Pelco VideoXpert Core Admin Portal Directory Traversal
11.07.2017
Gjoko 'LiquidWorm' Krs...
Med.
Kaspersky Anti-Virus File Server 8.0.3.297 - Multiple Vulnerabilities
29.06.2017
CORE
Med.
WordPress Photo Gallery 1.3.34 / 1.3.42 Path Traversal
21.06.2017
Tom Adams
Med.
Home FTP Server 1.14.0 Build 176 Directory Traversal
31.05.2017
Sultan Albalawi
Med.
Trend Micro Threat Discovery Appliance 2.6.1062r1 logoff.cgi Directory Traversal
20.04.2017
Steven Seeley
Med.
XiongMai uc-http 1.0.0 Local File Inclusion / Directory Traversal
13.04.2017
keksec
Med.
MyBB <1.8.11 Directory Traversal
12.04.2017
Zhiyang Zeng
Med.
Miele Professional PG 8528 Directory Traversal
25.03.2017
Jens Regel
Med.
OpenSSH On Cygwin SFTP Client Directory Traversal
22.03.2017
jannh
Med.
HttpServer 1.0 Directory Traversal
20.03.2017
malwrforensics
High
dnaLIMS Code Execution / XSS / Traversal / Session Hijacking
11.03.2017
Nicholas von Pechmann
Med.
Joomla Akeeba Backup 5.2.5 Directory Traversal
08.03.2017
Persian Hack Team
High
Ettercap 0.8.2 Etterfilter Out-Of-Bounds Read
06.03.2017
AromalUllas
Med.
Simplessus Files 3.7.7 Path Traversal
19.02.2017
Dr. Adrian Vollmer
High
Trendmicro InterScan 6.5-SP2_Build_Linux_1548 Remote Root
18.02.2017
Matt Bergin (@thatguyl...
Med.
Trendmicro InterScan 6.5-SP2_Build_Linux_1548 Arbitrary File Write
18.02.2017
Matt Bergin
Med.
Coppermine Gallery 1.5.44 Directory Traversal
16.02.2017
Hacker Fantastic
Med.
Horos 2.1.0 Web Portal Remote Information Disclosure / Directory Traversal
18.12.2016
Gjoko 'LiquidWorm' Krs...
Med.
Shuttle Tech ADSL Wireless 920 WM XSS / Directory Traversal
06.12.2016
Persian Hack Team
High
Apache ActiveMQ 5.11.1 / 5.13.2 Directory Traversal / Command Execution
04.12.2016
David Jorm
Low
Biesta Billing 4.0 Beta Cross Site Request Forgery / Traversal
29.11.2016
TaurusOmar
High
Crestron AM-100 1.2.1 Path Traversal / Hard-Coded Credentials
23.11.2016
Zach Lanier
Low
Atlassian Confluence AppFusions Doxygen 1.3.0 Path Traversal
22.11.2016
RCE
Med.
SAP NetWeaver AS ABAP 7.4 Directory Traversal
19.11.2016
Daria Prosochkina
Med.
Oracle Netbeans IDE 8.1 Directory Traversal
21.10.2016
hyp3rlinx
Low
SPIP 3.1.2 File Enumeration / Path Traversal
20.10.2016
Nicolas CHATELAIN
Med.
Kajona 4.7 Cross Site Scripting / Directory Traversal
17.09.2016
Tim Coen
Med.
E-Cidade 2.3.52 Directory Traversal
28.08.2016
vesp3r
Med.
WordPress 4.5.3 Core Ajax Handlers Path Traversal
22.08.2016
sumofpwn
Med.
Lepton CMS 2.2.0 / 2.2.1 Directory Traversal
17.08.2016
hyp3rlinx
Low
WebNMS Framework 5.2 SP1 Traversal / Weak Obfuscation / User Impersonation
10.08.2016
agileinfosec
Med.
PHP Power Browse 1.2 Path Traversal
06.08.2016
Manuel Mancera
Med.
Atutor 2.2.1 Path Traversal
04.08.2016
High-Tech Bridge Secur...
Med.
Avaya VOSS 4.1.0.0 SPB Traffic Traversal
28.07.2016
Dragan
Med.
PHP File Vault 0.9 Directory Traversal / File Read
26.07.2016
N_A
Med.
SAP NetWeaver AS JAVA 7.5 Directory Traversal
18.06.2016
Vahagn Vardanyan
Med.
jbFileManager Path Traversal
17.06.2016
HaHwul
Med.
Gemalto Sentinel License Manager 18.0.1 Directory Traversal
17.06.2016
Gjoko 'LiquidWorm' Krs...
Med.
SAP MII 15.0 Directory Traversal
17.05.2016
Dmitry Chastuhin
Med.
OXID eShop Path Traversal Vulnerability
05.05.2016
LSE
Med.
OXID eShop CE 4.9.7 Path Traversal / Privilege Escalation
04.05.2016
Tim Herres
High
Ovidentia Troubletickets 7.6 Remote File Inclusion
13.04.2016
bd0rk
Med.
DotCMS 3.5 Beta Directory Traversal
12.04.2016
Piaox From Pingan Prod...
Med.
Apache OpenMeetings 3.1.0 Path Traversal
31.03.2016
Andreas Lindh
High
ATutor 2.2.1 Directory Traversal / Remote Code Execution
30.03.2016
mr_me
Med.
WordPress eBook Download 1.1 Directory Traversal
22.03.2016
Wadeek
Med.
WordPress Import CSV 1.1 Directory Traversal
22.03.2016
Wadeek
Med.
Apache Tomcat 8.0.26 Limited Directory Traversal
23.02.2016
Apache Tomcat security...
High
SIMOGEO FileManager 2.3.0 Path Traversal
12.02.2016
HaHwul
High
File Replication Pro 7.2.0 Command Execution / File Disclosure / Traversal
12.02.2016
Jerold Hoong
High
D-Link DVG-N5402SP Path Traversal / Information Disclosure
05.02.2016
Karn Ganeshen
Med.
Roundcube 1.1.3 Path Traversal
15.01.2016
High-Tech Bridge Secur...
Med.
PFSense 2.2.5 Directory Traversal
19.12.2015
R-73eN
High
Ovidentia absences 2.64 Remote File Inclusion
16.12.2015
bd0rk
High
Ovidentia bulletindoc 2.9 Remote File Inclusion
16.12.2015
bd0rk
Med.
Polycom VVX-Series Path Traversal
15.12.2015
Jake Reynolds
Med.
4images 1.7.11 Path Traversal
14.12.2015
Tim Coen
Med.
bitrix.scan Bitrix 1.0.3 Path Traversal
11.12.2015
High-Tech Bridge Secur...
High
YesWiki 1 / 2 File Upload / Directory Traversal
09.12.2015
indoushka
High
WordPress Squirrel Theme 1.6.4 Remote File Inclusion
09.12.2015
indoushka
Med.
Awesome Media Gallery 1.0 Directory Traversal
08.12.2015
indoushka
High
WordPress Gwolle Guestbook 1.5.3 Remote File Inclusion
03.12.2015
High-Tech Bridge Secur...
Low
XCart 5.2.6 Path Traversal
17.11.2015
Curesec
High
D-Link DIR-825 Buffer Overflow / Directory Traversal
17.11.2015
Samuel Huntley
High
AlegroCart 1.2.8 Local / Remote File Inclusion
16.11.2015
Curesec
Med.
ClipperCMS 1.3.0 Path Traversal
16.11.2015
Curesec
Med.
YESWIKI 0.2 Path Traversal
11.11.2015
HaHwul
Med.
Pligg CMS 2.0.2 Directory Traversal
31.10.2015
Tim Coen


CVEMAP Search Results

CVE
Details
Description
2018-06-05
Medium
CVE-2018-8008

Vendor: Pivotal software
Software: Spring integ...
 

 
Apache Storm version 1.0.6 and earlier, 1.2.1 and earlier, and version 1.1.2 and earlier expose an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z), that holds path traversal filenames. So when the filename gets concatenated to the target extraction directory, the final path ends up outside of the target folder.

 
2018-05-18
Medium
CVE-2018-11248

Vendor: Liulishuo
Software: Filedownloader
 

 
util/FileDownloadUtils.java in FileDownloader 1.7.3 does not check an attachment's name. If an attacker places "../" in the file name, the file can be stored in an unintended directory because of Directory Traversal.

 
2018-05-16
Low
CVE-2018-0323

Vendor: Cisco
Software: Network func...
 

 
A vulnerability in the web management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to conduct a path traversal attack on a targeted system. The vulnerability is due to insufficient validation of web request parameters. An attacker who has access to the web management interface of the affected application could exploit this vulnerability by sending a malicious web request to the affected device. A successful exploit could allow the attacker to access sensitive information on the affected system. Cisco Bug IDs: CSCvh99631.

 
2018-05-15
Low
CVE-2018-1263

Updating...
 

 
Addresses partial fix in CVE-2018-1261. Pivotal spring-integration-zip, versions prior to 1.0.2, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z), that holds path traversal filenames. So when the filename gets concatenated to the target extraction directory, the final path ends up outside of the target folder.

 
Medium
CVE-2018-10589

Vendor: Advantech
Software: Webaccess
 

 
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a path transversal vulnerability has been identified, which may allow an attacker to execute arbitrary code.

 
Medium
CVE-2018-7495

Vendor: Advantech
Software: Webaccess
 

 
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an external control of file name or path vulnerability has been identified, which may allow an attacker to delete files.

 
Medium
CVE-2018-7503

Vendor: Advantech
Software: Webaccess
 

 
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a path transversal vulnerability has been identified, which may allow an attacker to disclose sensitive information on the target.

 
2018-05-14
Low
CVE-2018-0586

Vendor: Ultimatemember
Software: User profile...
 

 
Directory traversal vulnerability in the shortcodes function of Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to read arbitrary files via unspecified vectors.

 
Medium
CVE-2018-0588

Vendor: Ultimatemember
Software: User profile...
 

 
Directory traversal vulnerability in the AJAX function of Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote attackers to read arbitrary files via unspecified vectors.

 
2018-05-11
Low
CVE-2018-1261

Updating...
 

 
Spring-integration-zip versions prior to 1.0.1 exposes an arbitrary file write vulnerability, which can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z) that holds path traversal filenames. So when the filename gets concatenated to the target extraction directory, the final path ends up outside of the target folder.

 

 


Copyright 2018, cxsecurity.com

 

Back to Top