• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-22

CVE-2019-14798

February 26, 2023 by

The 10Web Photo Gallery plugin before 1.5.25 for WordPress has Authenticated Local File Inclusion via directory traversal in the wp-admin/admin-ajax.php?action=shortcode_bwg tagtext parameter.

CVE-2019-14751

February 26, 2023 by

NLTK Downloader before 3.4.5 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in an NLTK package (ZIP archive) that is mishandled during extraction.

CVE-2019-14766

February 26, 2023 by

Path Traversal in the file browser of DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to browse the server filesystem.

CVE-2019-14767

February 26, 2023 by

In DIMO YellowBox CRM before 6.3.4, Path Traversal in images/Apparence (dossier=../) and servletrecuperefichier (document=../) allows an unauthenticated user to download arbitrary files from the server.

CVE-2019-14768

February 26, 2023 by

An Arbitrary File Upload issue in the file browser of DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to deploy a new WebApp WAR file to the Tomcat server via Path Traversal, allowing remote code execution with SYSTEM privileges.

CVE-2019-14700

February 26, 2023 by

An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. There is disclosure of the existence of arbitrary files via Path Traversal in HTTPD. This occurs because the filename specified in the TZ parameter is accessed with a substantial delay if that file exists.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 298
  • Go to page 299
  • Go to page 300
  • Go to page 301
  • Go to page 302
  • Interim pages omitted …
  • Go to page 514
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE