Total
7161 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-1000550 | 2 Debian, Sympa | 2 Debian Linux, Sympa | 2024-11-21 | N/A |
| The Sympa Community Sympa version prior to version 6.2.32 contains a Directory Traversal vulnerability in wwsympa.fcgi template editing function that can result in Possibility to create or modify files on the server filesystem. This attack appear to be exploitable via HTTP GET/POST request. This vulnerability appears to have been fixed in 6.2.32. | ||||
| CVE-2018-1000544 | 3 Debian, Redhat, Rubyzip Project | 4 Debian Linux, Cloudforms, Cloudforms Managementengine and 1 more | 2024-11-21 | 9.8 Critical |
| rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. This attack appear to be exploitable via If a site allows uploading of .zip files , an attacker can upload a malicious file that contains symlinks or files with absolute pathnames "../" to write arbitrary files to the filesystem.. | ||||
| CVE-2018-1000532 | 1 Beep Project | 1 Beep | 2024-11-21 | N/A |
| beep version 1.3 and up contains a External Control of File Name or Path vulnerability in --device option that can result in Local unprivileged user can inhibit execution of arbitrary programs by other users, allowing DoS. This attack appear to be exploitable via The system must allow local users to run beep. | ||||
| CVE-2018-1000406 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-11-21 | N/A |
| A path traversal vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/model/FileParameterValue.java that allows attackers with Job/Configure permission to define a file parameter with a file name outside the intended directory, resulting in an arbitrary file write on the Jenkins master when scheduling a build. | ||||
| CVE-2018-1000208 | 1 Modx | 1 Modx Revolution | 2024-11-21 | N/A |
| MODX Revolution version <=2.6.4 contains a Directory Traversal vulnerability in /core/model/modx/modmanagerrequest.class.php that can result in remove files. This attack appear to be exploitable via web request via security/login processor. This vulnerability appears to have been fixed in pull 13980. | ||||
| CVE-2018-1000194 | 2 Jenkins, Oracle | 2 Jenkins, Communications Cloud Native Core Automated Test Suite | 2024-11-21 | 8.1 High |
| A path traversal vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in FilePath.java, SoloFilePathFilter.java that allows malicious agents to read and write arbitrary files on the Jenkins master, bypassing the agent-to-master security subsystem protection. | ||||
| CVE-2018-1000175 | 1 Jenkins | 1 Html Publisher | 2024-11-21 | N/A |
| A path traversal vulnerability exists in Jenkins HTML Publisher Plugin 1.15 and older in HtmlPublisherTarget.java that allows attackers able to configure the HTML Publisher build step to override arbitrary files on the Jenkins master. | ||||
| CVE-2018-1000161 | 1 Nmap | 1 Nmap | 2024-11-21 | N/A |
| nmap version 6.49BETA6 through 7.60, up to and including SVN revision 37147 contains a Directory Traversal vulnerability in NSE script http-fetch that can result in file overwrite as the user is running it. This attack appears to be exploitable via a victim that runs NSE script http-fetch against a malicious web site. This vulnerability appears to have been fixed in 7.7. | ||||
| CVE-2018-1000083 | 1 Ajenti | 1 Ajenti | 2024-11-21 | N/A |
| Ajenti version version 2 contains a Improper Error Handling vulnerability in Login JSON request that can result in The requisition leaks a path of the server. This attack appear to be exploitable via By sending a malformed JSON, the tool responds with a traceback error that leaks a path of the server. | ||||
| CVE-2018-1000079 | 2 Redhat, Rubygems | 7 Enterprise Linux, Rhel Aus, Rhel E4s and 4 more | 2024-11-21 | N/A |
| RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in gem installation that can result in the gem could write to arbitrary filesystem locations during installation. This attack appear to be exploitable via the victim must install a malicious gem. This vulnerability appears to have been fixed in 2.7.6. | ||||
| CVE-2018-1000073 | 2 Redhat, Rubygems | 7 Enterprise Linux, Rhel Aus, Rhel E4s and 4 more | 2024-11-21 | N/A |
| RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in install_location function of package.rb that can result in path traversal when writing to a symlinked basedir outside of the root. This vulnerability appears to have been fixed in 2.7.6. | ||||
| CVE-2018-0722 | 1 Qnap | 2 Photo Station, Qts | 2024-11-21 | N/A |
| Path Traversal vulnerability in Photo Station versions: 5.7.2 and earlier in QTS 4.3.4, 5.4.4 and earlier in QTS 4.3.3, 5.2.8 and earlier in QTS 4.2.6 could allow remote attackers to access sensitive information on the device. | ||||
| CVE-2018-0705 | 1 Cybozu | 1 Dezie | 2024-11-21 | N/A |
| Directory traversal vulnerability in Cybozu Dezie 8.0.2 to 8.1.2 allows remote attackers to read arbitrary files via HTTP requests. | ||||
| CVE-2018-0704 | 1 Cybozu | 1 Office | 2024-11-21 | N/A |
| Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 allows remote attackers to delete arbitrary files via Keitai Screen. | ||||
| CVE-2018-0703 | 1 Cybozu | 1 Office | 2024-11-21 | N/A |
| Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 allows remote attackers to delete arbitrary files via HTTP requests. | ||||
| CVE-2018-0702 | 1 Cybozu | 1 Mailwise | 2024-11-21 | N/A |
| Directory traversal vulnerability in Cybozu Mailwise 5.0.0 to 5.4.5 allows remote attackers to delete arbitrary files via unspecified vectors. | ||||
| CVE-2018-0693 | 1 Soliton | 1 Filezen | 2024-11-21 | N/A |
| Directory traversal vulnerability in FileZen V3.0.0 to V4.2.1 allows remote attackers to upload an arbitrary file in the specific directory in FileZen via unspecified vectors. | ||||
| CVE-2018-0673 | 1 Cybozu | 1 Garoon | 2024-11-21 | N/A |
| Directory traversal vulnerability in Cybozu Garoon 3.5.0 to 4.6.3 allows authenticated attackers to read arbitrary files via unspecified vectors. | ||||
| CVE-2018-0660 | 1 Hibara | 1 Attachecase | 2024-11-21 | N/A |
| Directory traversal vulnerability in ver.2.8.4.0 and earlier and ver.3.3.0.0 and earlier allows an attacker to create arbitrary files via specially crafted ATC file. | ||||
| CVE-2018-0659 | 1 Hibara | 1 Attachecase | 2024-11-21 | N/A |
| Directory traversal vulnerability in ver.2.8.4.0 and earlier and ver.3.3.0.0 and earlier allows an attacker to create or overwrite existing files via specially crafted ATC file. | ||||