• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-22

CVE-2018-13332

February 26, 2023 by

Directory Traversal in the explorer application in TerraMaster TOS version 3.1.03 allows attackers to upload files to arbitrary locations via the “path” URL parameter.

CVE-2018-13299

February 26, 2023 by

Relative path traversal vulnerability in Attachment Uploader in Synology Calendar before 2.2.2-0532 allows remote authenticated users to upload arbitrary files via the filename parameter.

CVE-2018-1323

February 26, 2023 by

The IIS/ISAPI specific code in the Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.42 that normalised the requested path before matching it to the URI-worker map did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via IIS, then it was possible for a specially constructed request to expose application functionality through the reverse proxy that was not intended for clients accessing Tomcat via the reverse proxy.

CVE-2018-1316

February 26, 2023 by

The ODE process deployment web service was sensible to deployment messages with forged names. Using a path for the name was allowing directory traversal, resulting in the potential writing of files under unwanted locations, the overwriting of existing files or their deletion. This issue was addressed in Apache ODE 1.3.3 which was released in 2009, however the incorrect name CVE-2008-2370 was used on the advisory by mistake.

CVE-2018-13034

February 26, 2023 by

Directory traversal in Jester web framework 0.2.0 allows remote attackers to fetch files in arbitrary locations via “..%f” sequences.

CVE-2018-12939

February 26, 2023 by

A directory traversal flaw in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows an authenticated attacker to write to (or potentially delete) arbitrary files via a .. (dot dot) in the “op/op.UploadChunks.php” “qquuid” parameter. NOTE: this can be leveraged to execute arbitrary code by using CVE-2018-12940.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 152
  • Go to page 153
  • Go to page 154
  • Go to page 155
  • Go to page 156
  • Interim pages omitted …
  • Go to page 514
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE