# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2019-5887 |
22 |
|
Dir. Trav. |
2019-01-10 |
2019-01-18 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
An issue was discovered in ShopXO 1.2.0. In the UnlinkDir method of the FileUtil.php file, the input parameters are not checked, resulting in input mishandling by the rmdir method. Attackers can delete arbitrary files by using "../" directory traversal. |
2 |
CVE-2018-1999020 |
22 |
|
Dir. Trav. |
2018-07-23 |
2018-09-20 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
Open Networking Foundation (ONF) ONOS version 1.13.2 and earlier version contains a Directory Traversal vulnerability in core/common/src/main/java/org/onosproject/common/app/ApplicationArchive.java line 35 that can result in arbitrary file deletion (overwrite). This attack appear to be exploitable via a specially crafted zip file should be uploaded. |
3 |
CVE-2018-1002209 |
22 |
|
Dir. Trav. |
2018-07-25 |
2018-09-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
QuaZIP before 0.7.6 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'. |
4 |
CVE-2018-1002208 |
22 |
|
Dir. Trav. |
2018-07-25 |
2018-09-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
sharplibzip before 1.0 RC1 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'. |
5 |
CVE-2018-1002207 |
22 |
|
Dir. Trav. |
2018-07-25 |
2018-09-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
mholt/archiver golang package before e4ef56d48eb029648b0e895bb0b6a393ef0829c3 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'. |
6 |
CVE-2018-1002206 |
22 |
|
Dir. Trav. |
2018-07-25 |
2018-09-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
SharpCompress before 0.21.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'. |
7 |
CVE-2018-1002205 |
22 |
|
Dir. Trav. |
2018-07-25 |
2018-09-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
DotNetZip.Semvered before 1.11.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'. |
8 |
CVE-2018-1002204 |
22 |
|
Dir. Trav. |
2018-07-25 |
2018-09-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
adm-zip npm library before 0.4.9 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'. |
9 |
CVE-2018-1002203 |
22 |
|
Dir. Trav. |
2018-07-25 |
2018-09-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
unzipper npm library before 0.8.13 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'. |
10 |
CVE-2018-1002202 |
22 |
|
Dir. Trav. |
2018-07-25 |
2018-10-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
zip4j before 1.3.3 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'. |
11 |
CVE-2018-1002201 |
22 |
|
Dir. Trav. |
2018-07-25 |
2018-09-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
zt-zip before 1.13 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'. |
12 |
CVE-2018-1002200 |
22 |
|
Dir. Trav. |
2018-07-25 |
2018-09-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'. |
13 |
CVE-2018-1000882 |
22 |
|
Dir. Trav. |
2018-12-20 |
2019-01-07 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
WeBid version up to current version 1.2.2 contains a Directory Traversal vulnerability in getthumb.php that can result in Arbitrary Image File Read. This attack appear to be exploitable via HTTP GET Request. This vulnerability appears to have been fixed in after commit 256a5f9d3eafbc477dcf77c7682446cc4b449c7f. |
14 |
CVE-2018-1000857 |
22 |
|
Dir. Trav. |
2018-12-20 |
2019-01-07 |
9.0 |
None |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
log-user-session version 0.7 and earlier contains a Directory Traversal vulnerability in Main SUID-binary /usr/local/bin/log-user-session that can result in User to root privilege escalation. This attack appear to be exploitable via Malicious unprivileged user executes the vulnerable binary/(remote) environment variable manipulation similar shell-shock also possible. |
15 |
CVE-2018-1000801 |
22 |
|
Dir. Trav. |
2018-09-06 |
2018-11-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
okular version 18.08 and earlier contains a Directory Traversal vulnerability in function "unpackDocumentArchive(...)" in "core/document.cpp" that can result in Arbitrary file creation on the user workstation. This attack appear to be exploitable via he victim must open a specially crafted Okular archive. This issue appears to have been corrected in version 18.08.1 |
16 |
CVE-2018-1000659 |
22 |
|
Exec Code Dir. Trav. |
2018-09-06 |
2018-10-26 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
LimeSurvey version 3.14.4 and earlier contains a directory traversal in file upload that allows upload of webshell vulnerability in file upload functionality that can result in remote code execution as authenticated user. This attack appear to be exploitable via An authenticated user can upload a specially crafted zip file to get remote code execution. This vulnerability appears to have been fixed in after commit 72a02ebaaf95a80e26127ee7ee2b123cccce05a7 / version 3.14.4. |
17 |
CVE-2018-1000623 |
22 |
|
Exec Code Dir. Trav. |
2018-07-09 |
2018-09-11 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
JFrog JFrog Artifactory version Prior to version 6.0.3, since version 4.0.0 contains a Directory Traversal vulnerability in The "Import Repository from Zip" feature, available through the Admin menu -> Import & Export -> Repositories, triggers a vulnerable UI REST endpoint (/ui/artifactimport/upload) that can result in Directory traversal / file overwrite and remote code execution. This attack appear to be exploitable via An attacker with Admin privileges may use the aforementioned UI endpoint and exploit the publicly known "Zip Slip" vulnerability, to add/overwrite files outside the target directory. This vulnerability appears to have been fixed in 6.0.3. |
18 |
CVE-2018-1000550 |
22 |
|
Dir. Trav. |
2018-06-26 |
2018-09-06 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
The Sympa Community Sympa version prior to version 6.2.32 contains a Directory Traversal vulnerability in wwsympa.fcgi template editing function that can result in Possibility to create or modify files on the server filesystem. This attack appear to be exploitable via HTTP GET/POST request. This vulnerability appears to have been fixed in 6.2.32. |
19 |
CVE-2018-1000532 |
22 |
|
Dir. Trav. |
2018-06-26 |
2018-08-30 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
beep version 1.3 and up contains a External Control of File Name or Path vulnerability in --device option that can result in Local unprivileged user can inhibit execution of arbitrary programs by other users, allowing DoS. This attack appear to be exploitable via The system must allow local users to run beep. |
20 |
CVE-2018-1000208 |
22 |
|
Dir. Trav. |
2018-07-13 |
2018-09-07 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
MODX Revolution version <=2.6.4 contains a Directory Traversal vulnerability in /core/model/modx/modmanagerrequest.class.php that can result in remove files. This attack appear to be exploitable via web request via security/login processor. This vulnerability appears to have been fixed in pull 13980. |
21 |
CVE-2018-1000194 |
22 |
|
Dir. Trav. Bypass |
2018-06-05 |
2018-07-27 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
A path traversal vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in FilePath.java, SoloFilePathFilter.java that allows malicious agents to read and write arbitrary files on the Jenkins master, bypassing the agent-to-master security subsystem protection. |
22 |
CVE-2018-1000175 |
22 |
|
Dir. Trav. |
2018-05-08 |
2018-06-13 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
A path traversal vulnerability exists in Jenkins HTML Publisher Plugin 1.15 and older in HtmlPublisherTarget.java that allows attackers able to configure the HTML Publisher build step to override arbitrary files on the Jenkins master. |
23 |
CVE-2018-1000161 |
22 |
|
Dir. Trav. |
2018-04-18 |
2018-05-24 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
nmap version 6.49BETA6 through 7.60, up to and including SVN revision 37147 contains a Directory Traversal vulnerability in NSE script http-fetch that can result in file overwrite as the user is running it. This attack appears to be exploitable via a victim that runs NSE script http-fetch against a malicious web site. This vulnerability appears to have been fixed in 7.7. |
24 |
CVE-2018-1000083 |
22 |
|
Dir. Trav. |
2018-03-13 |
2018-04-06 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Ajenti version version 2 contains a Improper Error Handling vulnerability in Login JSON request that can result in The requisition leaks a path of the server. This attack appear to be exploitable via By sending a malformed JSON, the tool responds with a traceback error that leaks a path of the server. |
25 |
CVE-2018-1000079 |
22 |
|
Dir. Trav. |
2018-03-13 |
2018-11-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in gem installation that can result in the gem could write to arbitrary filesystem locations during installation. This attack appear to be exploitable via the victim must install a malicious gem. This vulnerability appears to have been fixed in 2.7.6. |
26 |
CVE-2018-1000073 |
22 |
|
Dir. Trav. |
2018-03-13 |
2018-11-30 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in install_location function of package.rb that can result in path traversal when writing to a symlinked basedir outside of the root. This vulnerability appears to have been fixed in 2.7.6. |
27 |
CVE-2018-20610 |
22 |
|
Dir. Trav. |
2018-12-30 |
2019-01-07 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
imcat 4.4 allows directory traversal via the root/run/adm.php efile parameter. |
28 |
CVE-2018-20604 |
22 |
|
Dir. Trav. |
2018-12-30 |
2019-01-10 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
Lei Feng TV CMS (aka LFCMS) 3.8.6 allows Directory Traversal via crafted use of ..* in Template/edit/path URIs, as demonstrated by the admin.php?s=/Template/edit/path/*web*..*..*..*..*1.txt.html URI to read the 1.txt file. |
29 |
CVE-2018-20566 |
22 |
|
Dir. Trav. |
2018-12-28 |
2019-01-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
An issue was discovered in DouCo DouPHP 1.5 20181221. It allows full path disclosure in "Smarty error: unable to read resource" error messages for a crafted installation page. |
30 |
CVE-2018-20463 |
22 |
|
Dir. Trav. |
2018-12-25 |
2019-01-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
An issue was discovered in the JSmol2WP plugin 1.07 for WordPress. There is an arbitrary file read vulnerability via ../ directory traversal in query=php://filter/resource= in the jsmol.php query string. This can also be used for SSRF. |
31 |
CVE-2018-20227 |
22 |
|
Dir. Trav. |
2018-12-19 |
2019-01-07 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
RDF4J 2.4.2 allows Directory Traversal via ../ in an entry in a ZIP archive. |
32 |
CVE-2018-20128 |
22 |
|
Dir. Trav. |
2018-12-13 |
2019-01-04 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
An issue was discovered in UsualToolCMS v8.0. cmsadmin\a_sqlback.php allows remote attackers to delete arbitrary files via a backname[] directory-traversal pathname followed by a crafted substring. |
33 |
CVE-2018-20094 |
22 |
|
Dir. Trav. |
2018-12-12 |
2019-01-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
An issue was discovered in XXL-CONF 1.6.0. There is a path traversal vulnerability via ../ in the keys parameter that can download any configuration file, related to ConfController.java and PropUtil.java. |
34 |
CVE-2018-20092 |
22 |
|
Dir. Trav. |
2018-12-17 |
2019-01-07 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
PTC ThingWorx Platform through 8.3.0 is vulnerable to a directory traversal attack on ZIP files via a POST request. |
35 |
CVE-2018-20064 |
22 |
|
Dir. Trav. |
2018-12-11 |
2018-12-31 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
doorGets 7.0 allows remote attackers to write to arbitrary files via directory traversal, as demonstrated by a dg-user/?controller=theme&action=edit&name=doorgets&file=../../1.txt%00 URI with content in the theme_content_nofi parameter. |
36 |
CVE-2018-19859 |
22 |
|
Dir. Trav. |
2018-12-05 |
2018-12-26 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
OpenRefine before 3.5 allows directory traversal via a relative pathname in a ZIP archive. |
37 |
CVE-2018-19753 |
22 |
|
Dir. Trav. |
2018-12-05 |
2018-12-26 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Tarantella Enterprise before 3.11 allows Directory Traversal. |
38 |
CVE-2018-19748 |
22 |
|
Dir. Trav. |
2018-11-29 |
2018-12-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
app/plug/attachment/controller/admincontroller.php in SDCMS 1.6 allows reading arbitrary files via a /?m=plug&c=admin&a=index&p=attachment&root= directory traversal. The value of the root parameter must be base64 encoded (note that base64 encoding, instead of URL encoding, is very rare in a directory traversal attack vector). |
39 |
CVE-2018-19666 |
22 |
|
Dir. Trav. |
2018-11-29 |
2019-01-04 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
The agent in OSSEC through 3.1.0 on Windows allows local users to gain NT AUTHORITY\SYSTEM access via Directory Traversal by leveraging full access to the associated OSSEC server. |
40 |
CVE-2018-19328 |
22 |
|
Dir. Trav. |
2018-11-17 |
2018-12-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
LAOBANCMS 2.0 allows install/mysql_hy.php?riqi=../ Directory Traversal. |
41 |
CVE-2018-19326 |
22 |
|
Dir. Trav. |
2018-11-17 |
2018-12-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Zyxel VMG1312-B10D devices before 5.13(AAXA.8)C0 allow ../ Directory Traversal, as demonstrated by reading /etc/passwd. |
42 |
CVE-2018-19228 |
22 |
|
Dir. Trav. |
2018-11-12 |
2018-12-11 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
An issue was discovered in LAOBANCMS 2.0. It allows arbitrary file deletion via ../ directory traversal in the admin/pic.php del parameter, as demonstrated by deleting install/install.txt to permit a reinstallation. |
43 |
CVE-2018-19197 |
22 |
|
Dir. Trav. |
2018-11-12 |
2019-01-23 |
5.5 |
None |
Remote |
Low |
Single system |
None |
Partial |
Partial |
An issue was discovered in XiaoCms 20141229. admin\controller\database.php allows arbitrary directory deletion via admin/index.php?c=database&a=import&paths[]=../ directory traversal. |
44 |
CVE-2018-19181 |
22 |
|
Dir. Trav. |
2018-11-11 |
2018-12-12 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
statics/ueditor/php/vendor/Local.class.php in YUNUCMS 1.1.5 allows arbitrary file deletion via the statics/ueditor/php/controller.php?action=remove key parameter, as demonstrated by using directory traversal to delete the install.lock file. |
45 |
CVE-2018-19003 |
22 |
|
Dir. Trav. |
2018-12-14 |
2019-01-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
GE Mark VIe, EX2100e, EX2100e_Reg, and LS2100e Versions 03.03.28C to 05.02.04C, EX2100e All versions prior to v04.09.00C, EX2100e_Reg All versions prior to v04.09.00C, and LS2100e All versions prior to v04.09.00C The affected versions of the application have a path traversal vulnerability that fails to restrict the ability of an attacker to gain access to restricted information. |
46 |
CVE-2018-18950 |
22 |
|
Dir. Trav. |
2018-11-05 |
2018-12-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
KindEditor through 4.1.11 has a path traversal vulnerability in php/upload_json.php. Anyone can browse a file or directory in the kindeditor/attached/ folder via the path parameter without authentication. |
47 |
CVE-2018-18936 |
22 |
|
Dir. Trav. |
2018-11-05 |
2018-12-11 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
An issue was discovered in PopojiCMS v2.0.1. admin_library.php allows remote attackers to delete arbitrary files via directory traversal in the po-admin/route.php?mod=library&act=delete id parameter. |
48 |
CVE-2018-18890 |
22 |
|
Dir. Trav. |
2018-10-31 |
2018-12-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
MiniCMS 1.10 allows full path disclosure via /mc-admin/post.php?state=delete&delete= with an invalid filename. |
49 |
CVE-2018-18869 |
22 |
|
Exec Code Dir. Trav. |
2018-10-31 |
2018-12-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
EmpireCMS V7.5 allows remote attackers to upload and execute arbitrary code via ..%2F directory traversal in a .php filename in the upload/e/admin/ecmscom.php path parameter. |
50 |
CVE-2018-18831 |
22 |
|
Dir. Trav. |
2018-10-30 |
2018-12-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
An issue was discovered in com\mingsoft\cms\action\GeneraterAction.java in MCMS 4.6.5. An attacker can write a .jsp file (in the position parameter) to an arbitrary directory via a ../ Directory Traversal in the url parameter. |