Total
6174 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-25094 | 1 Kotchasan | 1 Online Accounting System | 2024-05-17 | 2.7 LOW | 7.5 HIGH |
| A vulnerability was found in ระบบบัญชีออนไลน์ Online Accounting System up to 1.4.0 and classified as problematic. This issue affects some unknown processing of the file ckeditor/filemanager/browser/default/image.php. The manipulation of the argument fid with the input ../../../etc/passwd leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. Upgrading to version 2.0.0 is able to address this issue. The identifier of the patch is 9d9618422b980335bb30be612ea90f4f56cb992c. It is recommended to upgrade the affected component. The identifier VDB-246641 was assigned to this vulnerability. | |||||
| CVE-2018-25059 | 1 Pastebinit Project | 1 Pastebinit | 2024-05-17 | 2.7 LOW | 5.3 MEDIUM |
| A vulnerability was found in pastebinit up to 0.2.2 and classified as problematic. Affected by this issue is the function pasteHandler of the file server.go. The manipulation of the argument r.URL.Path leads to path traversal. Upgrading to version 0.2.3 is able to address this issue. The name of the patch is 1af2facb6d95976c532b7f8f82747d454a092272. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217040. | |||||
| CVE-2018-18586 | 1 Kyzer | 1 Libmspack | 2024-05-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| chmextract.c in the chmextract sample program, as distributed with libmspack before 0.8alpha, does not protect against absolute/relative pathnames in CHM files, leading to Directory Traversal. NOTE: the vendor disputes that this is a libmspack vulnerability, because chmextract.c was only intended as a source-code example, not a supported application | |||||
| CVE-2018-12909 | 1 Webgrind Project | 1 Webgrind | 2024-05-17 | 7.8 HIGH | 7.5 HIGH |
| Webgrind 1.5 relies on user input to display a file, which lets anyone view files from the local filesystem (that the webserver user has access to) via an index.php?op=fileviewer&file= URI. NOTE: the vendor indicates that the product is not intended for a "publicly accessible environment. | |||||
| CVE-2017-9833 | 1 Boa | 1 Boa | 2024-05-17 | 7.8 HIGH | 7.5 HIGH |
| /cgi-bin/wapopen in Boa 0.94.14rc21 allows the injection of "../.." using the FILECAMERA variable (sent by GET) to read files with root privileges. NOTE: multiple third parties report that this is a system-integrator issue (e.g., a vulnerability on one type of camera) because Boa does not include any wapopen program or any code to read a FILECAMERA variable. | |||||
| CVE-2017-20181 | 1 Vocable Trainer Project | 1 Vocable Trainer | 2024-05-17 | 4.3 MEDIUM | 5.5 MEDIUM |
| A vulnerability classified as critical was found in hgzojer Vocable Trainer up to 1.3.0 on Android. This vulnerability affects unknown code of the file src/at/hgz/vocabletrainer/VocableTrainerProvider.java. The manipulation leads to path traversal. Attacking locally is a requirement. Upgrading to version 1.3.1 is able to address this issue. The name of the patch is accf6838078f8eb105cfc7865aba5c705fb68426. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-222328. | |||||
| CVE-2017-20152 | 1 Imageserve Project | 1 Imageserve | 2024-05-17 | 2.1 LOW | 7.5 HIGH |
| A vulnerability, which was classified as problematic, was found in aerouk imageserve. Affected is an unknown function of the file public/viewer.php of the component File Handler. The manipulation of the argument filelocation leads to path traversal. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is bd23c784f0e5cb12f66d15c100248449f87d72e2. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217056. | |||||
| CVE-2016-15038 | 2024-05-17 | 6.4 MEDIUM | 6.5 MEDIUM | ||
| A vulnerability, which was classified as critical, was found in NUUO NVRmini 2 up to 3.0.8. Affected is an unknown function of the file /deletefile.php. The manipulation of the argument filename leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258780. | |||||
| CVE-2016-15023 | 1 Sitefusion | 1 Application Server | 2024-05-17 | 2.7 LOW | 5.3 MEDIUM |
| A vulnerability, which was classified as problematic, was found in SiteFusion Application Server up to 6.6.6. This affects an unknown part of the file getextension.php of the component Extension Handler. The manipulation leads to path traversal. Upgrading to version 6.6.7 is able to address this issue. The identifier of the patch is 49fff155c303d6cd06ce8f97bba56c9084bf08ac. It is recommended to upgrade the affected component. The identifier VDB-219765 was assigned to this vulnerability. | |||||
| CVE-2016-15019 | 1 Jekbox Project | 1 Jekbox | 2024-05-17 | 4.0 MEDIUM | 7.5 HIGH |
| A vulnerability was found in tombh jekbox. It has been rated as problematic. This issue affects some unknown processing of the file lib/server.rb. The manipulation leads to exposure of information through directory listing. The attack may be initiated remotely. The patch is named 64eb2677671018fc08b96718b81e3dbc83693190. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218375. | |||||
| CVE-2016-15017 | 1 Ecodev | 1 Media Upload | 2024-05-17 | 5.2 MEDIUM | 9.8 CRITICAL |
| A vulnerability has been found in fabarea media_upload on TYPO3 and classified as critical. This vulnerability affects the function getUploadedFileList of the file Classes/Service/UploadFileService.php. The manipulation leads to pathname traversal. Upgrading to version 0.9.0 is able to address this issue. The patch is identified as b25d42a4981072321c1a363311d8ea2a4ac8763a. It is recommended to upgrade the affected component. VDB-217786 is the identifier assigned to this vulnerability. | |||||
| CVE-2015-10105 | 1 Ip-finder | 1 Ip Blacklist Cloud | 2024-05-17 | 6.5 MEDIUM | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in IP Blacklist Cloud Plugin up to 3.42 on WordPress. This affects the function valid_js_identifier of the file ip_blacklist_cloud.php of the component CSV File Import. The manipulation of the argument filename leads to path traversal. It is possible to initiate the attack remotely. Upgrading to version 3.43 is able to address this issue. The identifier of the patch is 6e6fe8c6fda7cbc252eef083105e08d759c07312. It is recommended to upgrade the affected component. The identifier VDB-227757 was assigned to this vulnerability. | |||||
| CVE-2015-10043 | 1 Apollo Project | 1 Apollo | 2024-05-17 | 5.2 MEDIUM | 8.8 HIGH |
| A vulnerability, which was classified as critical, was found in abreen Apollo. This affects an unknown part. The manipulation of the argument file leads to path traversal. The patch is named 6206406630780bbd074aff34f4683fb764faba71. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218307. | |||||
| CVE-2015-10030 | 1 Surpass Project | 1 Surpass | 2024-05-17 | 5.2 MEDIUM | 5.3 MEDIUM |
| A vulnerability has been found in SUKOHI Surpass and classified as critical. This vulnerability affects unknown code of the file src/Sukohi/Surpass/Surpass.php. The manipulation of the argument dir leads to pathname traversal. Upgrading to version 1.0.0 is able to address this issue. The patch is identified as d22337d453a2a14194cdb02bf12cdf9d9f827aa7. It is recommended to upgrade the affected component. VDB-217642 is the identifier assigned to this vulnerability. | |||||
| CVE-2015-10024 | 1 Larasync Project | 1 Larasync | 2024-05-17 | 5.2 MEDIUM | 9.8 CRITICAL |
| A vulnerability classified as critical was found in hoffie larasync. This vulnerability affects unknown code of the file repository/content/file_storage.go. The manipulation leads to path traversal. The name of the patch is 776bad422f4bd4930d09491711246bbeb1be9ba5. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217612. | |||||
| CVE-2014-5160 | 1 Hp | 1 Data Protector | 2024-05-17 | 6.4 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in crs.exe in the Cell Request Service in HP Data Protector allow remote attackers to create arbitrary files via an opcode-1091 request, or create or delete arbitrary files via an opcode-305 request. NOTE: the vendor reportedly asserts that this behavior is "by design. | |||||
| CVE-2014-125080 | 1 Faplanet Project | 1 Faplanet | 2024-05-17 | 5.2 MEDIUM | 9.8 CRITICAL |
| A vulnerability has been found in frontaccounting faplanet and classified as critical. This vulnerability affects unknown code. The manipulation leads to path traversal. The patch is identified as a5dcd87f46080a624b1a9ad4b0dd035bbd24ac50. It is recommended to apply a patch to fix this issue. VDB-218398 is the identifier assigned to this vulnerability. | |||||
| CVE-2014-125069 | 1 Maps-js-icoads Project | 1 Maps-js-icoads | 2024-05-17 | 4.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability was found in saxman maps-js-icoads. It has been classified as problematic. Affected is an unknown function. The manipulation leads to exposure of information through directory listing. It is possible to launch the attack remotely. The name of the patch is 34b8b0cce2807b119f4cffda2ac48fc8f427d69a. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217644. | |||||
| CVE-2014-125068 | 1 Maps-js-icoads Project | 1 Maps-js-icoads | 2024-05-17 | 5.2 MEDIUM | 5.3 MEDIUM |
| A vulnerability was found in saxman maps-js-icoads and classified as critical. This issue affects some unknown processing of the file http-server.js. The manipulation leads to path traversal. The patch is named 34b8b0cce2807b119f4cffda2ac48fc8f427d69a. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217643. | |||||
| CVE-2014-125033 | 1 Rails-cv-app Project | 1 Rails-cv-app | 2024-05-17 | 2.7 LOW | 7.5 HIGH |
| A vulnerability was found in rails-cv-app. It has been rated as problematic. Affected by this issue is some unknown functionality of the file app/controllers/uploaded_files_controller.rb. The manipulation with the input ../../../etc/passwd leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. The patch is identified as 0d20362af0a5f8a126f67c77833868908484a863. It is recommended to apply a patch to fix this issue. VDB-217178 is the identifier assigned to this vulnerability. | |||||