Total
7798 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-12593 | 1 Icewarp | 1 Mail Server | 2024-11-21 | N/A |
| IceWarp Mail Server through 10.4.4 is prone to a local file inclusion vulnerability via webmail/calendar/minimizer/index.php?style=..%5c directory traversal. | ||||
| CVE-2019-12479 | 1 Twentytwenty.storage Project | 1 Twentytwenty.storage | 2024-11-21 | N/A |
| An issue was discovered in 20|20 Storage 2.11.0. A Path Traversal vulnerability in the TwentyTwenty.Storage library in the LocalStorageProvider allows creating and reading files outside of the specified basepath. If the application using this library does not sanitize user-supplied filenames, then this issue may be exploited to read or write arbitrary files. This affects LocalStorageProvider.cs. | ||||
| CVE-2019-12477 | 1 Supra | 2 Stv-lc40lt0020f, Stv-lc40lt0020f Firmware | 2024-11-21 | N/A |
| Supra Smart Cloud TV allows remote file inclusion in the openLiveURL function, which allows a local attacker to broadcast fake video without any authentication via a /remote/media_control?action=setUri&uri= URI. | ||||
| CVE-2019-12464 | 1 Librenms | 1 Librenms | 2024-11-21 | 7.5 High |
| An issue was discovered in LibreNMS 1.50.1. An authenticated user can perform a directory traversal attack against the /pdf.php file with a partial filename in the report parameter, to cause local file inclusion resulting in code execution. | ||||
| CVE-2019-12459 | 1 Afian | 1 Filerun | 2024-11-21 | 5.3 Medium |
| FileRun 2019.05.21 allows customizables/plugins/audio_player Directory Listing. This issue has been fixed in FileRun 2019.06.01. | ||||
| CVE-2019-12458 | 1 Afian | 1 Filerun | 2024-11-21 | 5.3 Medium |
| FileRun 2019.05.21 allows css/ext-ux Directory Listing. This issue has been fixed in FileRun 2019.06.01. | ||||
| CVE-2019-12457 | 1 Afian | 1 Filerun | 2024-11-21 | 5.3 Medium |
| FileRun 2019.05.21 allows images/extjs Directory Listing. This issue has been fixed in FileRun 2019.06.01. | ||||
| CVE-2019-12314 | 1 Deltek | 1 Maconomy | 2024-11-21 | N/A |
| Deltek Maconomy 2.2.5 is prone to local file inclusion via absolute path traversal in the WS.macx1.W_MCS/ PATH_INFO, as demonstrated by a cgi-bin/Maconomy/MaconomyWS.macx1.W_MCS/etc/passwd URI. | ||||
| CVE-2019-12310 | 1 Exagrid | 2 Backup Appliance, Backup Appliance Firmware | 2024-11-21 | N/A |
| ExaGrid appliances with firmware version v4.8.1.1044.P50 have a /monitor/data/Upgrade/ directory traversal vulnerability, which allows remote attackers to view and retrieve verbose logging information. Files within this directory were observed to contain sensitive run-time information, including Base64 encoded 'support' credentials, leading to administrative access of the device. | ||||
| CVE-2019-12309 | 1 Dotcms | 1 Dotcms | 2024-11-21 | N/A |
| dotCMS before 5.1.0 has a path traversal vulnerability exploitable by an administrator to create files. The vulnerability is caused by the insecure extraction of a ZIP archive. | ||||
| CVE-2019-12277 | 1 Blogifier | 1 Blogifier | 2024-11-21 | N/A |
| Blogifier 2.3 before 2019-05-11 does not properly restrict APIs, as demonstrated by missing checks for .. in a pathname. | ||||
| CVE-2019-12276 | 1 Grandnode | 1 Grandnode | 2024-11-21 | N/A |
| A Path Traversal vulnerability in Controllers/LetsEncryptController.cs in LetsEncryptController in GrandNode 4.40 allows remote, unauthenticated attackers to retrieve arbitrary files on the web server via specially crafted LetsEncrypt/Index?fileName= HTTP requests. A patch for this issue was made on 2019-05-30 in GrandNode 4.40. | ||||
| CVE-2019-12182 | 1 Safescan | 14 Ta-8010, Ta-8010 Firmware, Ta-8015 and 11 more | 2024-11-21 | 9.8 Critical |
| Directory Traversal in Safescan Timemoto and TA-8000 series version 1.0 allows unauthenticated remote attackers to execute code via the administrative API. | ||||
| CVE-2019-12173 | 1 Macdown Project | 1 Macdown | 2024-11-21 | N/A |
| MacDown 0.7.1 (870) allows remote code execution via a file:\\\ URI, with a .app pathname, in the HREF attribute of an A element. This is different from CVE-2019-12138. | ||||
| CVE-2019-12172 | 4 Apple, Linux, Microsoft and 1 more | 4 Mac Os X, Linux Kernel, Windows and 1 more | 2024-11-21 | N/A |
| Typora 0.9.9.21.1 (1913) allows arbitrary code execution via a modified file: URL syntax in the HREF attribute of an AREA element, as demonstrated by file:\\\ on macOS or Linux, or file://C| on Windows. This is different from CVE-2019-12137. | ||||
| CVE-2019-12169 | 1 Atutor | 1 Atutor | 2024-11-21 | 8.8 High |
| ATutor 2.2.4 allows Arbitrary File Upload and Directory Traversal, resulting in remote code execution via a ".." pathname in a ZIP archive to the mods/_core/languages/language_import.php (aka Import New Language) or mods/_standard/patcher/index_admin.php (aka Patcher) component. | ||||
| CVE-2019-12146 | 1 Ipswitch | 1 Ws Ftp Server | 2024-11-21 | N/A |
| A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. Attackers have the ability to abuse a flaw in the SCP listener by crafting strings using specific patterns to write files and create directories outside of their authorized directory. | ||||
| CVE-2019-12145 | 1 Ipswitch | 1 Ws Ftp Server | 2024-11-21 | N/A |
| A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. An attacker can supply a string using special patterns via the SCP protocol to disclose path names on the host operating system. | ||||
| CVE-2019-12144 | 1 Ipswitch | 1 Ws Ftp Server | 2024-11-21 | N/A |
| An issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. Attackers have the ability to abuse a path traversal vulnerability using the SCP protocol. Attackers who leverage this flaw could also obtain remote code execution by crafting a payload that abuses the SITE command feature. | ||||
| CVE-2019-12143 | 1 Progress | 1 Ws Ftp Server | 2024-11-21 | N/A |
| A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. An attacker can supply a string using special patterns via the SCP protocol to disclose WS_FTP usernames as well as filenames. | ||||