2042 matches found
CVE-2019-17175
joyplus-cms 1.6.0 allows manager/adminpic.php?rootpath= absolute path traversal...
CVE-2019-17175
joyplus-cms 1.6.0 allows manager/adminpic.php?rootpath= absolute path traversal...
Path traversal
joyplus-cms 1.6.0 allows manager/adminpic.php?rootpath= absolute path traversal...
CVE-2019-17175
The CVE-2019-17175 vulnerability affects joyplus-cms version 1.6.0 and is caused by an absolute path traversal flaw in manager/admin_pic.php?rootpath=. This allows an attacker to access locations outside of a restricted directory. Metrics indicate a CVSS v2 base score of 5.0 (MEDIUM) with network...
CVE-2019-17175
joyplus-cms 1.6.0 allows manager/adminpic.php?rootpath= absolute path traversal...
Roundcube Webmail < 1.0.6, 1.1.x < 1.1.2 Directory Traversal Vulnerability
Roundcube Webmail is prone to a directory traversal vulnerability. Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...
Path traversal
Deltek Maconomy 2.2.5 is prone to local file inclusion via absolute path traversal in the WS.macx1.WMCS/ PATHINFO, as demonstrated by a cgi-bin/Maconomy/MaconomyWS.macx1.WMCS/etc/passwd URI...
CVE-2019-12314
Deltek Maconomy 2.2.5 is prone to local file inclusion via absolute path traversal in the WS.macx1.WMCS/ PATHINFO, as demonstrated by a cgi-bin/Maconomy/MaconomyWS.macx1.WMCS/etc/passwd URI...
CVE-2019-12314
Deltek Maconomy 2.2.5 is prone to local file inclusion via absolute path traversal in the WS.macx1.WMCS/ PATHINFO, as demonstrated by a cgi-bin/Maconomy/MaconomyWS.macx1.WMCS/etc/passwd URI...
Path traversal
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. An Absolute Path Traversal vulnerability in the Administration zone, in /netflow/servlet/CReportPDFServlet via the parameter schFilePath, allows remote authenticated users to bypass intended SecurityManager...
CVE-2019-8925
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. An Absolute Path Traversal vulnerability in the Administration zone, in /netflow/servlet/CReportPDFServlet via the parameter schFilePath, allows remote authenticated users to bypass intended SecurityManager...
CVE-2019-8925
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. An Absolute Path Traversal vulnerability in the Administration zone, in /netflow/servlet/CReportPDFServlet via the parameter schFilePath, allows remote authenticated users to bypass intended SecurityManager...
CVE-2019-11515
core/classes/dbbackup.php in Gila CMS 1.10.1 allows admin/dbbackup?download= absolute path traversal to read arbitrary files...
CVE-2019-11515
core/classes/dbbackup.php in Gila CMS 1.10.1 allows admin/dbbackup?download= absolute path traversal to read arbitrary files...
Path traversal
core/classes/dbbackup.php in Gila CMS 1.10.1 allows admin/dbbackup?download= absolute path traversal to read arbitrary files...
CVE-2019-11515
core/classes/dbbackup.php in Gila CMS 1.10.1 allows admin/dbbackup?download= absolute path traversal to read arbitrary files...
CVE-2019-11515
Gila CMS 1.10.1 is affected by CVE-2019-11515 where core/classes/db_backup.php allows absolute path traversal via admin/db_backup?download=, enabling reading arbitrary files. This is documented across multiple sources (NVD/RH/NVD mirror/CVE lists). The root cause is a path traversal in the backup...
CVE-2019-3828
Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path...
PYSEC-2019-5
Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path...
PYSEC-2019-75
Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path...