CVE & Exploit Intelligence Database

CVE-2018-18990 5.3 MEDIUM EPSS 0.04

LCDS Laquis SCADA prior to version 4.1.0.4150 allows a user-supplied path in file operations prior to proper validation. An attacker can leverage this vulnerability to disclose sensitive information under the context of the web server process.

CWE-22 Feb 05, 2019

CVE-2018-12473 3.1 LOW EPSS 0.00

A path traversal traversal vulnerability in obs-service-tar_scm of Open Build Service allows remote attackers to cause access files not in the current build. On the server itself this is prevented by confining the worker via KVM. Affected releases are openSUSE Open Build Service: versions prior to 70d1aa4cc4d7b940180553a63805c22fc62e2cf0.

CWE-22 Oct 02, 2018

CVE-2018-14795 8.8 HIGH EPSS 0.02

DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable due to improper path validation which may allow an attacker to replace executable files.

CWE-22 Aug 21, 2018

CVE-2018-10615 8.1 HIGH EPSS 0.02

Directory traversal may lead to files being exfiltrated or deleted on the GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior host platform.

CWE-22 Jun 04, 2018

CVE-2017-9664 9.8 CRITICAL EPSS 0.02

In ABB SREA-01 revisions A, B, C: application versions up to 3.31.5, and SREA-50 revision A: application versions up to 3.32.8, an attacker may access internal files of ABB SREA-01 and SREA-50 legacy remote monitoring tools without any authorization over the network using a HTTP request which refers to files using ../../ relative paths. Once the internal password file is retrieved, the password hash can be identified using a brute force attack. There is also an exploit allowing running of commands after authorization.

CWE-22 May 24, 2018

CVE-2018-5448 4.8 MEDIUM EPSS 0.00

Medtronic 2090 CareLink Programmer’s software deployment network contains a directory traversal vulnerability that could allow an attacker to read files on the system.

CWE-22 May 04, 2018

CVE-2017-0918 8.8 HIGH EPSS 0.06

Gitlab Community Edition version 10.3 is vulnerable to a path traversal issue in the GitLab CI runner component resulting in remote code execution.

CWE-22 Mar 21, 2018

CVE-2017-13996 8.8 HIGH EPSS 0.02

A Relative Path Traversal issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The web user interface fails to prevent access to critical files that non administrative users should not have access to, which could allow an attacker to create or modify files or execute arbitrary code.

CWE-22 Oct 05, 2017

CVE-2012-6069 10.0 CRITICAL EPSS 0.02

The CoDeSys Runtime Toolkit’s file transfer functionality does not perform input validation, which allows an attacker to access files and directories outside the intended scope. This may allow an attacker to upload and download any file on the device. This could allow the attacker to affect the availability, integrity, and confidentiality of the device.

CWE-22 Jan 21, 2013

CVE-2012-5972 1 PoC Analysis EPSS 0.08

Directory traversal vulnerability in the web server in SpecView 2.5 build 853 and earlier allows remote attackers to read arbitrary files via a ... (dot dot dot) in a URI.

CWE-22 Jan 17, 2013