| Max CVSS | 6.6 | Min CVSS | 5.0 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2018-9148 | 5.0 |
Western Digital WD My Cloud v04.05.00-320 devices embed the session token (aka PHPSESSID) in filenames, which makes it easier for attackers to bypass authentication by listing a directory. NOTE: this can be exploited in conjunction with CVE-2018-7171
|
28-05-2019 - 15:07 | 30-03-2018 - 19:29 | |
| CVE-2018-7171 | 5.0 |
Directory traversal vulnerability in Twonky Server 7.0.11 through 8.5 allows remote attackers to share the contents of arbitrary directories via a .. (dot dot) in the contentbase parameter to rpc/set_all.
|
20-04-2018 - 13:16 | 30-03-2018 - 21:29 | |
| CVE-2007-4781 | 6.6 |
administrator/index.php in the installer component (com_installer) in Joomla! 1.5 Beta1, Beta2, and RC1 allows remote authenticated administrators to upload arbitrary files to tmp/ via the "Upload Package File" functionality, which is accessible when
|
29-09-2017 - 01:29 | 10-09-2007 - 21:17 |