Total
7783 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-15142 | 1 Open-emr | 1 Openemr | 2024-11-21 | N/A |
| Directory traversal in portal/import_template.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker authenticated in the patient portal to execute arbitrary PHP code by writing a file with a PHP extension via the "docid" and "content" parameters and accessing it in the traversed directory. | ||||
| CVE-2018-15141 | 1 Open-emr | 1 Openemr | 2024-11-21 | N/A |
| Directory traversal in portal/import_template.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker authenticated in the patient portal to delete arbitrary files via the "docid" parameter when the mode is set to delete. | ||||
| CVE-2018-15140 | 1 Open-emr | 1 Openemr | 2024-11-21 | N/A |
| Directory traversal in portal/import_template.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker authenticated in the patient portal to read arbitrary files via the "docid" parameter when the mode is set to get. | ||||
| CVE-2018-15138 | 1 Ericssonlg | 1 Ipecs Nms | 2024-11-21 | N/A |
| Ericsson-LG iPECS NMS 30M allows directory traversal via ipecs-cm/download?filename=../ URIs. | ||||
| CVE-2018-14957 | 1 Isweb | 1 Isweb | 2024-11-21 | N/A |
| CMS ISWEB 3.5.3 is vulnerable to directory traversal and local file download, as demonstrated by moduli/downloadFile.php?file=oggetto_documenti/../.././inc/config.php (one can take the control of the application because credentials are present in that config.php file). | ||||
| CVE-2018-14942 | 1 Harmonicinc | 2 Nsg 9000, Nsg 9000 Firmware | 2024-11-21 | N/A |
| Harmonic NSG 9000 devices allow remote authenticated users to conduct directory traversal attacks, as demonstrated by "POST /PY/EMULATION_GET_FILE" or "POST /PY/EMULATION_EXPORT" with FileName=../../../passwd in the POST data. | ||||
| CVE-2018-14927 | 1 Matera | 1 Banco | 2024-11-21 | N/A |
| Matera Banco 1.0.0 is vulnerable to path traversal (allowing access to system files outside the default application folder) via the /contingency/servlet/ServletFileDownload file parameter, related to /contingency/web/receiptQuery/receiptDisplay.jsp. | ||||
| CVE-2018-14918 | 1 Loytec | 2 Lgate-902, Lgate-902 Firmware | 2024-11-21 | N/A |
| LOYTEC LGATE-902 6.3.2 devices allow Directory Traversal. | ||||
| CVE-2018-14912 | 2 Cgit Project, Debian | 2 Cgit, Debian Linux | 2024-11-21 | N/A |
| cgit_clone_objects in CGit before 1.2.1 has a directory traversal vulnerability when `enable-http-clone=1` is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request. | ||||
| CVE-2018-14806 | 1 Advantech | 1 Webaccess | 2024-11-21 | N/A |
| Advantech WebAccess 8.3.1 and earlier has a path traversal vulnerability which may allow an attacker to execute arbitrary code. | ||||
| CVE-2018-14795 | 1 Emerson | 1 Deltav | 2024-11-21 | N/A |
| DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable due to improper path validation which may allow an attacker to replace executable files. | ||||
| CVE-2018-14707 | 1 Drobo | 2 5n2, 5n2 Firmware | 2024-11-21 | N/A |
| Directory traversal in the Drobo Pix web application on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to upload files to arbitrary locations. | ||||
| CVE-2018-14654 | 2 Debian, Redhat | 8 Debian Linux, Enterprise Linux, Enterprise Linux Server and 5 more | 2024-11-21 | 6.5 Medium |
| The Gluster file system through version 4.1.4 is vulnerable to abuse of the 'features/index' translator. A remote attacker with access to mount volumes could exploit this via the 'GF_XATTROP_ENTRY_IN_KEY' xattrop to create arbitrary, empty files on the target server. | ||||
| CVE-2018-14573 | 1 Trms | 1 Tightrope Media Carousel Digital Signage | 2024-11-21 | N/A |
| A Local File Inclusion (LFI) vulnerability exists in the Web Interface API of TightRope Media Carousel Digital Signage before 7.3.5. The RenderingFetch API allows for the downloading of arbitrary files through the use of directory traversal sequences, aka CSL-1683. | ||||
| CVE-2018-14429 | 1 Man-cgi Project | 1 Man-cgi | 2024-11-21 | N/A |
| man-cgi before 1.16 allows Local File Inclusion via absolute path traversal, as demonstrated by a cgi-bin/man-cgi?/etc/passwd URI. | ||||
| CVE-2018-14371 | 2 Eclipse, Redhat | 4 Mojarra, Jboss Enterprise Application Platform, Jboss Enterprise Application Platform Cd and 1 more | 2024-11-21 | N/A |
| The getLocalePrefix function in ResourceManager.java in Eclipse Mojarra before 2.3.7 is affected by Directory Traversal via the loc parameter. A remote attacker can download configuration files or Java bytecodes from applications. | ||||
| CVE-2018-14364 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A |
| GitLab Community and Enterprise Edition before 10.7.7, 10.8.x before 10.8.6, and 11.x before 11.0.4 allows Directory Traversal with write access and resultant remote code execution via the GitLab projects import component. | ||||
| CVE-2018-14363 | 2 Debian, Neomutt | 2 Debian Linux, Neomutt | 2024-11-21 | 7.5 High |
| An issue was discovered in NeoMutt before 2018-07-16. newsrc.c does not properly restrict '/' characters that may have unsafe interaction with cache pathnames. | ||||
| CVE-2018-14362 | 5 Canonical, Debian, Mutt and 2 more | 11 Ubuntu Linux, Debian Linux, Mutt and 8 more | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c does not forbid characters that may have unsafe interaction with message-cache pathnames, as demonstrated by a '/' character. | ||||
| CVE-2018-14355 | 5 Canonical, Debian, Mutt and 2 more | 5 Ubuntu Linux, Debian Linux, Mutt and 2 more | 2024-11-21 | 5.3 Medium |
| An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/util.c mishandles ".." directory traversal in a mailbox name. | ||||