yard before 0.9.20 allows path traversal.
Source: DWF
Max CVSS
7.5
EPSS Score
0.26%
Published
2019-07-29
Updated
2024-03-06
An Information Disclosure / Data Modification issue exists in article2pdf_getfile.php in the article2pdf Wordpress plugin 0.24, 0.25, 0.26, 0.27. A URL can be constructed which allows overriding the PDF file's path leading to any PDF whose path is known and which is readable to the web server can be downloaded. The file will be deleted after download if the web server has permission to do so. For PHP versions before 5.3, any file can be read by null terminating the string left of the file extension.
Source: DWF
Max CVSS
9.1
EPSS Score
0.51%
Published
2019-03-27
Updated
2023-02-28
LINAGORA hublin latest (commit 72ead897082403126bf8df9264e70f0a9de247ff) is affected by: Directory Traversal. The impact is: The vulnerability allows an attacker to access any file (with a fixed extension) on the server. The component is: A web-view renderer; details here: https://lgtm.com/projects/g/linagora/hublin/snapshot/af9f1ce253b4ee923ff8da8f9d908d02a8e95b7f/files/backend/webserver/views.js?sort=name&dir=ASC&mode=heatmap&showExcluded=false#xb24eb0101d2aec21:1. The attack vector is: Attacker sends a specially crafted HTTP request.
Source: DWF
Max CVSS
7.5
EPSS Score
1.08%
Published
2019-07-23
Updated
2019-07-26
zzcms zzmcms 8.3 and earlier is affected by: File Delete to getshell. The impact is: getshell. The component is: /user/ppsave.php.
Source: DWF
Max CVSS
9.8
EPSS Score
0.71%
Published
2019-07-19
Updated
2020-08-24
Helm ChartMuseum version >=0.1.0 and < 0.8.1 contains a CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in HTTP API to save charts that can result in a specially crafted chart could be uploaded and saved outside the intended location. This attack appears to be exploitable via A POST request to the HTTP API can save a chart archive outside of the intended directory. If authentication is, optionally, enabled this requires an authorized user to do so. This vulnerability appears to have been fixed in 0.8.1.
Source: MITRE
Max CVSS
6.5
EPSS Score
0.06%
Published
2019-02-04
Updated
2019-02-08
All versions of Helm between Helm >=2.0.0 and < 2.12.2 contains a CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The commands `helm fetch --untar` and `helm lint some.tgz` that can result when chart archive files are unpacked a file may be unpacked outside of the target directory. This attack appears to be exploitable via a victim must run a helm command on a specially crafted chart archive. This vulnerability appears to have been fixed in 2.12.2.
Source: MITRE
Max CVSS
6.5
EPSS Score
0.10%
Published
2019-02-04
Updated
2019-02-15

CVE-2019-20085

Known exploited
Public exploit
TVT NVMS-1000 devices allow GET /.. Directory Traversal
Source: MITRE
Max CVSS
7.5
EPSS Score
69.01%
Published
2019-12-30
Updated
2023-01-20
CISA KEV Added
2021-11-03
An issue was discovered on Alcatel-Lucent OmniVista 4760 devices. A remote unauthenticated attacker can chain a directory traversal (which helps to bypass authentication) with an insecure file upload to achieve Remote Code Execution as SYSTEM. The directory traversal is in the __construct() whereas the insecure file upload is in SetSkinImages().
Source: MITRE
Max CVSS
10.0
EPSS Score
10.69%
Published
2019-12-27
Updated
2020-01-07
An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. It has been discovered that the extraction of manually uploaded ZIP archives in Extension Manager is vulnerable to directory traversal. Admin privileges are required in order to exploit this vulnerability. (In v9 LTS and later, System Maintainer privileges are also required.)
Source: MITRE
Max CVSS
7.2
EPSS Score
0.18%
Published
2019-12-17
Updated
2019-12-23
In Joomla! before 3.9.14, a missing access check in framework files could lead to a path disclosure.
Source: MITRE
Max CVSS
5.3
EPSS Score
0.15%
Published
2019-12-18
Updated
2019-12-19
Path traversal in RadChart in Telerik UI for ASP.NET AJAX allows a remote attacker to read and delete an image with extension .BMP, .EXIF, .GIF, .ICON, .JPEG, .PNG, .TIFF, or .WMF on the server through a specially crafted request. NOTE: RadChart was discontinued in 2014 in favor of RadHtmlChart. All RadChart versions were affected. To avoid this vulnerability, you must remove RadChart's HTTP handler from a web.config (its type is Telerik.Web.UI.ChartHttpHandler).
Source: MITRE
Max CVSS
9.8
EPSS Score
0.92%
Published
2019-12-13
Updated
2019-12-30

CVE-2019-19781

Known exploited
Public exploit
Used for ransomware
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.
Source: MITRE
Max CVSS
9.8
EPSS Score
97.54%
Published
2019-12-27
Updated
2023-01-20
CISA KEV Added
2021-11-03
Roxy Fileman 1.4.5 for .NET is vulnerable to path traversal. A remote attacker can write uploaded files to arbitrary locations via the RENAMEFILE action. This can be leveraged for code execution by uploading a specially crafted Windows shortcut file and writing the file to the Startup folder (because an incomplete blacklist of file extensions allows Windows shortcut files to be uploaded).
Source: MITRE
Max CVSS
7.5
EPSS Score
4.09%
Published
2019-12-16
Updated
2019-12-23
RoxyFileman, as shipped with nopCommerce v4.2.0, is vulnerable to ../ path traversal via d or f to Admin/RoxyFileman/ProcessRequest because of Libraries/Nop.Services/Media/RoxyFileman/FileRoxyFilemanService.cs.
Source: MITRE
Max CVSS
9.1
EPSS Score
0.12%
Published
2019-12-09
Updated
2019-12-17
An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. An attacker can write arbitrary content to arbitrary files, as demonstrated by CVE-2019-19458 files under the web root, or .bat files that will be used with auto start. This allows an attacker to execute arbitrary commands on the server.
Source: MITRE
Max CVSS
9.8
EPSS Score
3.34%
Published
2019-12-03
Updated
2021-07-21
SALTO ProAccess SPACE 5.4.3.0 allows Directory Traversal in the Data Export feature.
Source: MITRE
Max CVSS
8.6
EPSS Score
1.62%
Published
2019-12-03
Updated
2019-12-11
An issue was discovered in core/assets/form/form_question_types/form_question_type_file_upload/form_question_type_file_upload.inc in Squiz Matrix CMS 5.5.0 prior to 5.5.0.3, 5.5.1 prior to 5.5.1.8, 5.5.2 prior to 5.5.2.4, and 5.5.3 prior to 5.5.3.3 where a user can delete arbitrary files from the server during interaction with the File Upload field type, when a custom form exists. (This is related to an information disclosure issue within the File Upload field type that allows users to view the full path to uploaded files, including the product's web root directory.)
Source: MITRE
Max CVSS
9.1
EPSS Score
1.48%
Published
2019-12-11
Updated
2020-08-24
A downloadFile.php download_file path traversal vulnerability in rConfig through 3.9.3 allows attackers to list files in arbitrary folders and potentially download files. NOTE: the discoverer later reported that there was not a "fully working exploit.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.29%
Published
2019-11-28
Updated
2024-05-17
In Simplifile RecordFusion through 2019-11-25, the logs and hist parameters allow remote attackers to access local files via a logger/logs?/../ or logger/hist?/../ URI.
Source: MITRE
Max CVSS
7.5
EPSS Score
4.08%
Published
2019-12-17
Updated
2021-07-21
admincgi-bin/service.fcgi on Fronius Solar Inverter devices before 3.14.1 (HM 1.12.1) allows action=download&filename= Directory Traversal.
Source: MITRE
Max CVSS
6.5
EPSS Score
1.47%
Published
2019-12-04
Updated
2019-12-16
The Camera Upload functionality in Plex Media Server through 1.18.2.2029 allows remote authenticated users to write files anywhere the user account running the Plex Media Server has permissions. This allows remote code execution via a variety of methods, such as (on a default Ubuntu installation) creating a .ssh folder in the plex user's home directory via directory traversal, uploading an SSH authorized_keys file there, and logging into the host as the Plex user via SSH.
Source: MITRE
Max CVSS
8.8
EPSS Score
1.11%
Published
2019-12-19
Updated
2021-07-21
An issue was discovered in the rack-cors (aka Rack CORS Middleware) gem before 1.0.4 for Ruby. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format.
Source: MITRE
Max CVSS
5.3
EPSS Score
0.28%
Published
2019-11-14
Updated
2021-05-21
SibSoft Xfilesharing through 2.5.1 allows op=page&tmpl=../ directory traversal to read arbitrary files.
Source: MITRE
Max CVSS
7.5
EPSS Score
30.22%
Published
2019-11-13
Updated
2019-11-15
Systematic IRIS WebForms 5.4 is vulnerable to directory traversal. By manipulating variables that reference files with ../ (and variations), it is possible to list all the directories and check if a particular file exists.
Source: MITRE
Max CVSS
5.3
EPSS Score
0.10%
Published
2019-11-12
Updated
2019-11-13
A Directory Traversal in the Web interface of the Allied Telesis AT-GS950/8 until Firmware AT-S107 V.1.1.3 [1.00.047] allows unauthenticated attackers to read arbitrary system files via a GET request. NOTE: This is an End-of-Life product.
Source: MITRE
Max CVSS
7.8
EPSS Score
16.65%
Published
2019-11-29
Updated
2019-12-10
491 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!