| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| An issue was discovered in Maarch RM before 2.5. A path traversal vulnerability allows an unauthenticated remote attacker to overwrite any files with a crafted POST request if the default installation procedure was followed. This results in a permanent Denial of Service. |
| The wps-child-theme-generator plugin before 1.2 for WordPress has classes/helpers.php directory traversal. |
| cli/lib/main.js in Entropic before 2019-06-13 does not reject / and \ in command names, which might allow a directory traversal attack in unusual situations. |
| The insert-or-embed-articulate-content-into-wordpress plugin before 4.29991 for WordPress has insufficient restrictions on deleting or renaming by a Subscriber. |
| Directory Traversal in APIkit, HTTP connector, and OAuth2 Provider components in MuleSoft Mule Runtime 3.2.0 and higher released before August 1 2019, MuleSoft Mule Runtime 4.1.0 and higher released before August 1 2019, and all versions of MuleSoft API Gateway released before August 1 2019 allow remote attackers to read files accessible to the Mule process. |
| A Path traversal exists in http_server which allows an attacker to read arbitrary system files. |
| A path traversal in statics-server exists in all version that allows an attacker to perform a path traversal when a symlink is used within the working directory. |
| comelz Quark before 2019-03-26 allows directory traversal to locations outside of the project directory. |
| Power-Response before 2019-02-02 allows directory traversal (up to the application's main directory) via a plugin. |
| Swoole before 4.2.13 allows directory traversal in swPort_http_static_handler. |
| jc21 Nginx Proxy Manager before 2.0.13 allows %2e%2e%2f directory traversal. |
| Cuberite before 2019-06-11 allows webadmin directory traversal via ....// because the protection mechanism simply removes one ../ substring. |
| The import-users-from-csv-with-meta plugin before 1.14.2.1 for WordPress has directory traversal. |
| The ad-inserter plugin before 2.4.20 for WordPress has path traversal. |
| MikroTik RouterOS through 6.44.5 and 6.45.x through 6.45.3 improperly handles the disk name, which allows authenticated users to delete arbitrary files. Attackers can exploit this vulnerability to reset credential storage, which allows them access to the management interface as an administrator without authentication. |
| An issue was discovered in JetBrains TeamCity 2018.2.4. It had a possible remote code execution issue. This was fixed in TeamCity 2019.1. |
| The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before 3.9.17, from 3.10.0 before 3.16.10, from 4.0.0 before 4.2.6, from 4.3.0 before 4.3.5, from 4.4.0 before 4.4.3, and from 4.5.0 before 4.5.1 allows remote attackers with portal access to view arbitrary issues in Jira Service Desk projects via a path traversal vulnerability. Note that when the 'Anyone can email the service desk or raise a request in the portal' setting is enabled, an attacker can grant themselves portal access, allowing them to exploit the vulnerability. |
| The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before 3.9.17, from 3.10.0 before 3.16.10, from 4.0.0 before 4.2.6, from 4.3.0 before 4.3.5, from 4.4.0 before 4.4.3, and from 4.5.0 before 4.5.1 allows remote attackers with portal access to view arbitrary issues in Jira Service Desk projects via authorization bypass. Note that when the 'Anyone can email the service desk or raise a request in the portal' setting is enabled, an attacker can grant themselves portal access, allowing them to exploit the vulnerability. |
| The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before version 3.9.16, from version 3.10.0 before version 3.16.8, from version 4.0.0 before version 4.1.3, from version 4.2.0 before version 4.2.5, from version 4.3.0 before version 4.3.4, and version 4.4.0 allows remote attackers with portal access to view arbitrary issues in Jira Service Desk projects via a path traversal vulnerability. Note that when the 'Anyone can email the service desk or raise a request in the portal' setting is enabled, an attacker can grant themselves portal access, allowing them to exploit the vulnerability. |
| An issue was discovered in PRiSE adAS 1.7.0. The path is not properly escaped in the medatadata_del method, leading to an arbitrary file read and deletion via Directory Traversal. |
