CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2019(Directory Traversal)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-6500 Dir. Trav. 2019-01-21 2019-01-21
0.0
None ??? ??? ??? ??? ??? ???
In Axway File Transfer Direct 2.7.1, an unauthenticated Directory Traversal vulnerability can be exploited by issuing a specially crafted HTTP GET request with %2e instead of '.' characters, as demonstrated by an initial /h2hdocumentation//%2e%2e/ substring.
2 CVE-2019-5887 22 Dir. Trav. 2019-01-10 2019-01-18
6.4
None Remote Low Not required None Partial Partial
An issue was discovered in ShopXO 1.2.0. In the UnlinkDir method of the FileUtil.php file, the input parameters are not checked, resulting in input mishandling by the rmdir method. Attackers can delete arbitrary files by using "../" directory traversal.
3 CVE-2019-3580 Dir. Trav. 2019-01-02 2019-01-02
0.0
None ??? ??? ??? ??? ??? ???
OpenRefine through 3.1 allows arbitrary file write because Directory Traversal can occur during the import of a crafted project file.
4 CVE-2018-1000406 Dir. Trav. 2019-01-09 2019-01-14
0.0
None ??? ??? ??? ??? ??? ???
A path traversal vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/model/FileParameterValue.java that allows attackers with Job/Configure permission to define a file parameter with a file name outside the intended directory, resulting in an arbitrary file write on the Jenkins master when scheduling a build.
5 CVE-2018-16202 Dir. Trav. 2019-01-09 2019-01-09
0.0
None ??? ??? ??? ??? ??? ???
Directory traversal vulnerability in cordova-plugin-ionic-webview versions prior to 2.2.0 (not including 2.0.0-beta.0, 2.0.0-beta.1, 2.0.0-beta.2, and 2.1.0-0) allows remote attackers to access arbitrary files via unspecified vectors.
6 CVE-2018-16171 22 Exec Code Dir. Trav. 2019-01-09 2019-01-14
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in Cybozu Remote Service 3.0.0 to 3.1.8 allows remote attackers to execute Java code file on the server via unspecified vectors.
7 CVE-2018-16170 22 Dir. Trav. 2019-01-09 2019-01-14
6.5
None Remote Low Single system Partial Partial Partial
Directory traversal vulnerability in Cybozu Remote Service 3.0.0 to 3.1.8 for Windows allows remote authenticated attackers to read arbitrary files via unspecified vectors.
8 CVE-2018-0705 22 Dir. Trav. 2019-01-09 2019-01-15
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in Cybozu Dezie 8.0.2 to 8.1.2 allows remote attackers to read arbitrary files via HTTP requests.
9 CVE-2018-0704 22 Dir. Trav. 2019-01-09 2019-01-15
6.4
None Remote Low Not required None Partial Partial
Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 allows remote attackers to delete arbitrary files via Keitai Screen.
10 CVE-2018-0703 22 Dir. Trav. 2019-01-09 2019-01-15
6.4
None Remote Low Not required None Partial Partial
Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 allows remote attackers to delete arbitrary files via HTTP requests.
11 CVE-2018-0702 22 Dir. Trav. 2019-01-09 2019-01-15
6.4
None Remote Low Not required None Partial Partial
Directory traversal vulnerability in Cybozu Mailwise 5.0.0 to 5.4.5 allows remote attackers to delete arbitrary files via unspecified vectors.
12 CVE-2015-9277 22 Dir. Trav. 2019-01-16 2019-01-17
7.5
None Remote Low Not required Partial Partial Partial
MailEnable before 8.60 allows Directory Traversal for reading the messages of other users, uploading files, and deleting files because "/../" and "/.. /" are mishandled.
13 CVE-2015-9275 22 Dir. Trav. 2019-01-07 2019-01-10
5.0
None Remote Low Not required Partial None None
ARC 5.21q allows directory traversal via a full pathname in an archive file.
Total number of vulnerabilities : 13   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.