• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-22

CVE-2019-17187

February 26, 2023 by

/var/WEB-GUI/cgi-bin/downloadfile.cgi on FiberHome HG2201T 1.00.M5007_JS_201804 devices allows pre-authentication Directory Traversal for reading arbitrary files.

CVE-2019-17199

February 26, 2023 by

www/getfile.php in WPO WebPageTest 19.04 on Windows allows Directory Traversal (for reading arbitrary files) because of an unanchored regular expression, as demonstrated by the a.jpg.. substring.

CVE-2019-17109

February 26, 2023 by

Koji through 1.18.0 allows remote Directory Traversal, with resultant Privilege Escalation.

CVE-2019-17073

February 26, 2023 by

emlog through 6.0.0beta allows remote authenticated users to delete arbitrary files via admin/template.php?action=del&tpl=../ directory traversal.

CVE-2019-16985

February 26, 2023 by

In FusionPBX up to v4.5.7, the file appxml_cdrxml_cdr_delete.php uses an unsanitized “rec” variable coming from the URL, which is base64 decoded and allows deletion of any file of the system.

CVE-2019-16986

February 26, 2023 by

In FusionPBX up to v4.5.7, the file resourcesdownload.php uses an unsanitized “f” variable coming from the URL, which takes any pathname and allows a download of it. (resourcessecure_download.php is also affected.)

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 288
  • Go to page 289
  • Go to page 290
  • Go to page 291
  • Go to page 292
  • Interim pages omitted …
  • Go to page 514
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE