| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2019-6500 |
|
|
Dir. Trav. |
2019-01-21 |
2019-01-21 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In Axway File Transfer Direct 2.7.1, an unauthenticated Directory Traversal vulnerability can be exploited by issuing a specially crafted HTTP GET request with %2e instead of '.' characters, as demonstrated by an initial /h2hdocumentation//%2e%2e/ substring. |
|
2 |
CVE-2019-5887 |
22 |
|
Dir. Trav. |
2019-01-10 |
2019-01-18 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
An issue was discovered in ShopXO 1.2.0. In the UnlinkDir method of the FileUtil.php file, the input parameters are not checked, resulting in input mishandling by the rmdir method. Attackers can delete arbitrary files by using "../" directory traversal. |
|
3 |
CVE-2019-3580 |
|
|
Dir. Trav. |
2019-01-02 |
2019-01-02 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
OpenRefine through 3.1 allows arbitrary file write because Directory Traversal can occur during the import of a crafted project file. |
|
4 |
CVE-2018-1999020 |
22 |
|
Dir. Trav. |
2018-07-23 |
2018-09-20 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
Open Networking Foundation (ONF) ONOS version 1.13.2 and earlier version contains a Directory Traversal vulnerability in core/common/src/main/java/org/onosproject/common/app/ApplicationArchive.java line 35 that can result in arbitrary file deletion (overwrite). This attack appear to be exploitable via a specially crafted zip file should be uploaded. |
|
5 |
CVE-2018-1002209 |
22 |
|
Dir. Trav. |
2018-07-25 |
2018-09-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
QuaZIP before 0.7.6 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'. |
|
6 |
CVE-2018-1002208 |
22 |
|
Dir. Trav. |
2018-07-25 |
2018-09-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
sharplibzip before 1.0 RC1 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'. |
|
7 |
CVE-2018-1002207 |
22 |
|
Dir. Trav. |
2018-07-25 |
2018-09-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
mholt/archiver golang package before e4ef56d48eb029648b0e895bb0b6a393ef0829c3 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'. |
|
8 |
CVE-2018-1002206 |
22 |
|
Dir. Trav. |
2018-07-25 |
2018-09-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
SharpCompress before 0.21.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'. |
|
9 |
CVE-2018-1002205 |
22 |
|
Dir. Trav. |
2018-07-25 |
2018-09-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
DotNetZip.Semvered before 1.11.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'. |
|
10 |
CVE-2018-1002204 |
22 |
|
Dir. Trav. |
2018-07-25 |
2018-09-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
adm-zip npm library before 0.4.9 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'. |
|
11 |
CVE-2018-1002203 |
22 |
|
Dir. Trav. |
2018-07-25 |
2018-09-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
unzipper npm library before 0.8.13 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'. |
|
12 |
CVE-2018-1002202 |
22 |
|
Dir. Trav. |
2018-07-25 |
2018-10-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
zip4j before 1.3.3 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'. |
|
13 |
CVE-2018-1002201 |
22 |
|
Dir. Trav. |
2018-07-25 |
2018-09-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
zt-zip before 1.13 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'. |
|
14 |
CVE-2018-1002200 |
22 |
|
Dir. Trav. |
2018-07-25 |
2018-09-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'. |
|
15 |
CVE-2018-1000882 |
22 |
|
Dir. Trav. |
2018-12-20 |
2019-01-07 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
WeBid version up to current version 1.2.2 contains a Directory Traversal vulnerability in getthumb.php that can result in Arbitrary Image File Read. This attack appear to be exploitable via HTTP GET Request. This vulnerability appears to have been fixed in after commit 256a5f9d3eafbc477dcf77c7682446cc4b449c7f. |
|
16 |
CVE-2018-1000857 |
22 |
|
Dir. Trav. |
2018-12-20 |
2019-01-07 |
9.0 |
None |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
|
log-user-session version 0.7 and earlier contains a Directory Traversal vulnerability in Main SUID-binary /usr/local/bin/log-user-session that can result in User to root privilege escalation. This attack appear to be exploitable via Malicious unprivileged user executes the vulnerable binary/(remote) environment variable manipulation similar shell-shock also possible. |
|
17 |
CVE-2018-1000850 |
|
|
Dir. Trav. |
2018-12-20 |
2018-12-20 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Square Retrofit version versions from (including) 2.0 and 2.5.0 (excluding) contains a Directory Traversal vulnerability in RequestBuilder class, method addPathParameter that can result in By manipulating the URL an attacker could add or delete resources otherwise unavailable to her.. This attack appear to be exploitable via An attacker should have access to an encoded path parameter on POST, PUT or DELETE request.. This vulnerability appears to have been fixed in 2.5.0 and later. |
|
18 |
CVE-2018-1000817 |
|
|
Dir. Trav. |
2018-12-20 |
2018-12-20 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Asset Pipeline Grails Plugin Asset-pipeline plugin version Prior to 2.14.1.1, 2.15.1 and 3.0.6 contains a Incorrect Access Control vulnerability in Applications deployed in Jetty that can result in Download .class files and any arbitrary file. This attack appear to be exploitable via Specially crafted GET request containing directory traversal from assets-pipeline context. This vulnerability appears to have been fixed in 2.14.1.1 (for Grails 2.x), 2.15.1 (for Grails 3 and Java 7) and 3.0.6 (for Grails 3 and Java 8). |
|
19 |
CVE-2018-1000801 |
22 |
|
Dir. Trav. |
2018-09-06 |
2018-11-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
okular version 18.08 and earlier contains a Directory Traversal vulnerability in function "unpackDocumentArchive(...)" in "core/document.cpp" that can result in Arbitrary file creation on the user workstation. This attack appear to be exploitable via he victim must open a specially crafted Okular archive. This issue appears to have been corrected in version 18.08.1 |
|
20 |
CVE-2018-1000659 |
22 |
|
Exec Code Dir. Trav. |
2018-09-06 |
2018-10-26 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
LimeSurvey version 3.14.4 and earlier contains a directory traversal in file upload that allows upload of webshell vulnerability in file upload functionality that can result in remote code execution as authenticated user. This attack appear to be exploitable via An authenticated user can upload a specially crafted zip file to get remote code execution. This vulnerability appears to have been fixed in after commit 72a02ebaaf95a80e26127ee7ee2b123cccce05a7 / version 3.14.4. |
|
21 |
CVE-2018-1000623 |
22 |
|
Exec Code Dir. Trav. |
2018-07-09 |
2018-09-11 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
JFrog JFrog Artifactory version Prior to version 6.0.3, since version 4.0.0 contains a Directory Traversal vulnerability in The "Import Repository from Zip" feature, available through the Admin menu -> Import & Export -> Repositories, triggers a vulnerable UI REST endpoint (/ui/artifactimport/upload) that can result in Directory traversal / file overwrite and remote code execution. This attack appear to be exploitable via An attacker with Admin privileges may use the aforementioned UI endpoint and exploit the publicly known "Zip Slip" vulnerability, to add/overwrite files outside the target directory. This vulnerability appears to have been fixed in 6.0.3. |
|
22 |
CVE-2018-1000550 |
22 |
|
Dir. Trav. |
2018-06-26 |
2018-09-06 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The Sympa Community Sympa version prior to version 6.2.32 contains a Directory Traversal vulnerability in wwsympa.fcgi template editing function that can result in Possibility to create or modify files on the server filesystem. This attack appear to be exploitable via HTTP GET/POST request. This vulnerability appears to have been fixed in 6.2.32. |
|
23 |
CVE-2018-1000544 |
434 |
|
Dir. Trav. |
2018-06-26 |
2018-11-06 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. This attack appear to be exploitable via If a site allows uploading of .zip files , an attacker can upload a malicious file that contains symlinks or files with absolute pathnames "../" to write arbitrary files to the filesystem.. |
|
24 |
CVE-2018-1000532 |
22 |
|
Dir. Trav. |
2018-06-26 |
2018-08-30 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
beep version 1.3 and up contains a External Control of File Name or Path vulnerability in --device option that can result in Local unprivileged user can inhibit execution of arbitrary programs by other users, allowing DoS. This attack appear to be exploitable via The system must allow local users to run beep. |
|
25 |
CVE-2018-1000406 |
|
|
Dir. Trav. |
2019-01-09 |
2019-01-14 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A path traversal vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/model/FileParameterValue.java that allows attackers with Job/Configure permission to define a file parameter with a file name outside the intended directory, resulting in an arbitrary file write on the Jenkins master when scheduling a build. |
|
26 |
CVE-2018-1000208 |
22 |
|
Dir. Trav. |
2018-07-13 |
2018-09-07 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
MODX Revolution version <=2.6.4 contains a Directory Traversal vulnerability in /core/model/modx/modmanagerrequest.class.php that can result in remove files. This attack appear to be exploitable via web request via security/login processor. This vulnerability appears to have been fixed in pull 13980. |
|
27 |
CVE-2018-1000194 |
22 |
|
Dir. Trav. Bypass |
2018-06-05 |
2018-07-27 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
|
A path traversal vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in FilePath.java, SoloFilePathFilter.java that allows malicious agents to read and write arbitrary files on the Jenkins master, bypassing the agent-to-master security subsystem protection. |
|
28 |
CVE-2018-1000175 |
22 |
|
Dir. Trav. |
2018-05-08 |
2018-06-13 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
|
A path traversal vulnerability exists in Jenkins HTML Publisher Plugin 1.15 and older in HtmlPublisherTarget.java that allows attackers able to configure the HTML Publisher build step to override arbitrary files on the Jenkins master. |
|
29 |
CVE-2018-1000161 |
22 |
|
Dir. Trav. |
2018-04-18 |
2018-05-24 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
nmap version 6.49BETA6 through 7.60, up to and including SVN revision 37147 contains a Directory Traversal vulnerability in NSE script http-fetch that can result in file overwrite as the user is running it. This attack appears to be exploitable via a victim that runs NSE script http-fetch against a malicious web site. This vulnerability appears to have been fixed in 7.7. |
|
30 |
CVE-2018-1000083 |
22 |
|
Dir. Trav. |
2018-03-13 |
2018-04-06 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Ajenti version version 2 contains a Improper Error Handling vulnerability in Login JSON request that can result in The requisition leaks a path of the server. This attack appear to be exploitable via By sending a malformed JSON, the tool responds with a traceback error that leaks a path of the server. |
|
31 |
CVE-2018-1000079 |
22 |
|
Dir. Trav. |
2018-03-13 |
2018-11-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in gem installation that can result in the gem could write to arbitrary filesystem locations during installation. This attack appear to be exploitable via the victim must install a malicious gem. This vulnerability appears to have been fixed in 2.7.6. |
|
32 |
CVE-2018-1000073 |
22 |
|
Dir. Trav. |
2018-03-13 |
2018-11-30 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in install_location function of package.rb that can result in path traversal when writing to a symlinked basedir outside of the root. This vulnerability appears to have been fixed in 2.7.6. |
|
33 |
CVE-2018-20610 |
22 |
|
Dir. Trav. |
2018-12-30 |
2019-01-07 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
imcat 4.4 allows directory traversal via the root/run/adm.php efile parameter. |
|
34 |
CVE-2018-20604 |
22 |
|
Dir. Trav. |
2018-12-30 |
2019-01-10 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
Lei Feng TV CMS (aka LFCMS) 3.8.6 allows Directory Traversal via crafted use of ..* in Template/edit/path URIs, as demonstrated by the admin.php?s=/Template/edit/path/*web*..*..*..*..*1.txt.html URI to read the 1.txt file. |
|
35 |
CVE-2018-20566 |
22 |
|
Dir. Trav. |
2018-12-28 |
2019-01-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in DouCo DouPHP 1.5 20181221. It allows full path disclosure in "Smarty error: unable to read resource" error messages for a crafted installation page. |
|
36 |
CVE-2018-20463 |
22 |
|
Dir. Trav. |
2018-12-25 |
2019-01-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in the JSmol2WP plugin 1.07 for WordPress. There is an arbitrary file read vulnerability via ../ directory traversal in query=php://filter/resource= in the jsmol.php query string. This can also be used for SSRF. |
|
37 |
CVE-2018-20420 |
|
|
Dir. Trav. |
2018-12-23 |
2018-12-23 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In webERP 4.15, Z_CreateCompanyTemplateFile.php has Incorrect Access Control, leading to the overwrite of an existing .sql file on the target web site by creating a template and then using ../ directory traversal in the TemplateName parameter. |
|
38 |
CVE-2018-20303 |
|
|
Dir. Trav. |
2018-12-19 |
2018-12-19 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In pkg/tool/path.go in Gogs before 0.11.82.1218, a directory traversal in the file-upload functionality can allow an attacker to create a file under data/sessions on the server, a similar issue to CVE-2018-18925. |
|
39 |
CVE-2018-20227 |
22 |
|
Dir. Trav. |
2018-12-19 |
2019-01-07 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
RDF4J 2.4.2 allows Directory Traversal via ../ in an entry in a ZIP archive. |
|
40 |
CVE-2018-20128 |
22 |
|
Dir. Trav. |
2018-12-13 |
2019-01-04 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
An issue was discovered in UsualToolCMS v8.0. cmsadmin\a_sqlback.php allows remote attackers to delete arbitrary files via a backname[] directory-traversal pathname followed by a crafted substring. |
|
41 |
CVE-2018-20094 |
22 |
|
Dir. Trav. |
2018-12-12 |
2019-01-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in XXL-CONF 1.6.0. There is a path traversal vulnerability via ../ in the keys parameter that can download any configuration file, related to ConfController.java and PropUtil.java. |
|
42 |
CVE-2018-20092 |
22 |
|
Dir. Trav. |
2018-12-17 |
2019-01-07 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
PTC ThingWorx Platform through 8.3.0 is vulnerable to a directory traversal attack on ZIP files via a POST request. |
|
43 |
CVE-2018-20064 |
22 |
|
Dir. Trav. |
2018-12-11 |
2018-12-31 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
doorGets 7.0 allows remote attackers to write to arbitrary files via directory traversal, as demonstrated by a dg-user/?controller=theme&action=edit&name=doorgets&file=../../1.txt%00 URI with content in the theme_content_nofi parameter. |
|
44 |
CVE-2018-19859 |
22 |
|
Dir. Trav. |
2018-12-05 |
2018-12-26 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
|
OpenRefine before 3.5 allows directory traversal via a relative pathname in a ZIP archive. |
|
45 |
CVE-2018-19753 |
22 |
|
Dir. Trav. |
2018-12-05 |
2018-12-26 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Tarantella Enterprise before 3.11 allows Directory Traversal. |
|
46 |
CVE-2018-19748 |
22 |
|
Dir. Trav. |
2018-11-29 |
2018-12-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
app/plug/attachment/controller/admincontroller.php in SDCMS 1.6 allows reading arbitrary files via a /?m=plug&c=admin&a=index&p=attachment&root= directory traversal. The value of the root parameter must be base64 encoded (note that base64 encoding, instead of URL encoding, is very rare in a directory traversal attack vector). |
|
47 |
CVE-2018-19666 |
22 |
|
Dir. Trav. |
2018-11-29 |
2019-01-04 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The agent in OSSEC through 3.1.0 on Windows allows local users to gain NT AUTHORITY\SYSTEM access via Directory Traversal by leveraging full access to the associated OSSEC server. |
|
48 |
CVE-2018-19328 |
22 |
|
Dir. Trav. |
2018-11-17 |
2018-12-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
LAOBANCMS 2.0 allows install/mysql_hy.php?riqi=../ Directory Traversal. |
|
49 |
CVE-2018-19326 |
22 |
|
Dir. Trav. |
2018-11-17 |
2018-12-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Zyxel VMG1312-B10D devices before 5.13(AAXA.8)C0 allow ../ Directory Traversal, as demonstrated by reading /etc/passwd. |
|
50 |
CVE-2018-19228 |
22 |
|
Dir. Trav. |
2018-11-12 |
2018-12-11 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
An issue was discovered in LAOBANCMS 2.0. It allows arbitrary file deletion via ../ directory traversal in the admin/pic.php del parameter, as demonstrated by deleting install/install.txt to permit a reinstallation. |
