Total
8266 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-20505 | 1 Google | 1 Android | 2025-04-21 | N/A | 6.7 MEDIUM |
|
In openFile of CallLogProvider.java, there is a possible permission bypass due to a path traversal error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitationProduct: AndroidVersions: Android-13Android ID: A-225981754
|
|||||
| CVE-2017-10974 | 1 Yaws | 1 Yaws | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
Yaws 1.91 allows Unauthenticated Remote File Disclosure via HTTP Directory Traversal with /%5C../ to port 8080. NOTE: this CVE is only about use of an initial /%5C sequence to defeat traversal protection mechanisms; the initial /%5C sequence was apparently not discussed in earlier research on this product.
|
|||||
| CVE-2015-3297 | 1 Etherpad | 1 Etherpad | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
Directory traversal vulnerability in node/utils/Minify.js in Etherpad 1.1.1 through 1.5.2 allows remote attackers to read arbitrary files by leveraging replacement of backslashes with slashes in the path parameter of HTTP API requests.
|
|||||
| CVE-2016-7825 | 1 Buffalotech | 2 Wnc01wh, Wnc01wh Firmware | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Directory traversal vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to read arbitrary files via specially crafted commands.
|
|||||
| CVE-2015-8283 | 1 Seawell Networks | 1 Spectrum Sdc | 2025-04-20 | 6.8 MEDIUM | 6.5 MEDIUM |
|
Directory traversal vulnerability in configure_manage.php in SeaWell Networks Spectrum SDC 02.05.00.
|
|||||
| CVE-2017-17058 | 1 Automattic | 1 Woocommerce | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
The WooCommerce plugin through 3.x for WordPress has a Directory Traversal Vulnerability via a /wp-content/plugins/woocommerce/templates/emails/plain/ URI, which accesses a parent directory. NOTE: a software maintainer indicates that Directory Traversal is not possible because all of the template files have "if (!defined('ABSPATH')) {exit;}" code
|
|||||
| CVE-2017-1000170 | 1 Jqueryfiletree Project | 1 Jqueryfiletree | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
jqueryFileTree 2.1.5 and older Directory Traversal
|
|||||
| CVE-2017-1577 | 1 Ibm | 1 Websphere Portal | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 132117.
|
|||||
| CVE-2017-10993 | 1 Contao | 1 Contao Cms | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
|
Contao before 3.5.28 and 4.x before 4.4.1 allows remote attackers to include and execute arbitrary local PHP files via a crafted parameter in a URL, aka Directory Traversal.
|
|||||
| CVE-2015-4704 | 1 Download Zip Attachments Project | 1 Download Zip Attachments | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
Directory traversal vulnerability in the Download Zip Attachments plugin 1.0 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the File parameter to download.php.
|
|||||
| CVE-2017-2098 | 1 Cubecart | 1 Cubecart | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors.
|
|||||
| CVE-2017-9428 | 2 Bigtreecms, Microsoft | 2 Bigtree Cms, Windows | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
A directory traversal vulnerability exists in core\admin\ajax\developer\extensions\file-browser.php in BigTree CMS through 4.2.18 on Windows, allowing attackers to read arbitrary files via ..\ sequences in the directory parameter.
|
|||||
| CVE-2016-10367 | 1 Opsview | 1 Opsview | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
In Opsview Monitor Pro (Prior to 5.1.0.162300841, prior to 5.0.2.27475, prior to 4.6.4.162391051, and 4.5.x without a certain 2016 security patch), an unauthenticated Directory Traversal vulnerability can be exploited by issuing a specially crafted HTTP GET request utilizing a simple URL encoding bypass, %252f instead of /.
|
|||||
| CVE-2016-9351 | 1 Advantech | 1 Susiaccess | 2025-04-20 | 6.0 MEDIUM | 7.0 HIGH |
|
An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. The directory traversal/file upload error allows an attacker to upload and unpack a zip file.
|
|||||
| CVE-2016-10183 | 1 Dlink | 2 Dwr-932b, Dwr-932b Firmware | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered on the D-Link DWR-932B router. qmiweb allows directory listing with ../ traversal.
|
|||||
| CVE-2014-3702 | 1 Redhat | 1 Edeploy | 2025-04-20 | 6.4 MEDIUM | 9.1 CRITICAL |
|
Directory traversal vulnerability in eNovance eDeploy allows remote attackers to create arbitrary directories and files and consequently cause a denial of service (resource consumption) via a .. (dot dot) the session parameter.
|
|||||
| CVE-2017-5182 | 1 Novell | 1 Open Enterprise Server | 2025-04-20 | 7.8 HIGH | 7.5 HIGH |
|
Remote Manager in Open Enterprise Server (OES) allows unauthenticated remote attackers to read any arbitrary file, via a specially crafted URL, that allows complete directory traversal and total information disclosure. This vulnerability is present on all versions of OES for linux, it applies to OES2015 SP1 before Maintenance Update 11080, OES2015 before Maintenance Update 11079, OES11 SP3 before Maintenance Update 11078, OES11 SP2 before Maintenance Update 11077).
|
|||||
| CVE-2017-17739 | 1 Brightsign | 2 4k242, 4k242 Firmware | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) has directory traversal via the /storage.html rp parameter, allowing an attacker to read or write to files.
|
|||||
| CVE-2014-8676 | 1 Soplanning | 1 Soplanning | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Directory traversal vulnerability in the file_get_contents function in SOPlanning 1.32 and earlier allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) in a URL path parameter.
|
|||||
| CVE-2017-2829 | 1 Foscam | 2 C1 Indoor Hd Camera, C1 Indoor Hd Camera Firmware | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
|
An exploitable directory traversal vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can cause the application to read a file from disk but a failure to adequately filter characters results in allowing an attacker to specify a file outside of a directory. An attacker can simply send an HTTP request to the device to trigger this vulnerability.
|
|||||
| CVE-2016-5725 | 2 Jcraft, Microsoft | 2 Jsch, Windows | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
|
Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a ..\ (dot dot backslash) in a response to a recursive GET command.
|
|||||
| CVE-2017-11456 | 1 Geneko | 8 Gwr202 Gprs Router, Gwr202 Gprs Router Firmware, Gwr252 Edge Router and 5 more | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
Geneko GWR routers allow directory traversal sequences starting with a /../ substring, as demonstrated by unauthenticated read access to the configuration file.
|
|||||
| CVE-2017-10949 | 1 Dell | 1 Storage Manager 2016 | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
Directory Traversal in Dell Storage Manager 2016 R2.1 causes Information Disclosure when the doGet method of the EmWebsiteServlet class doesn't properly validate user provided path before using it in file operations. Was ZDI-CAN-4459.
|
|||||
| CVE-2017-9030 | 1 Codextrous | 1 B2j Contact | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
The Codextrous B2J Contact (aka b2j_contact) extension before 2.1.13 for Joomla! allows a directory traversal attack that bypasses a uniqid protection mechanism, and makes it easier to read arbitrary uploaded files.
|
|||||
| CVE-2015-4180 | 1 Phpmybackuppro | 1 Phpmybackuppro | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
Directory traversal vulnerability in get_file.php in phpMyBackupPro 2.1 through 2.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this vulnerability exists due to an incomplete fix to CVE-2009-4050.
|
|||||
| CVE-2017-8297 | 1 Simple-file-manager Project | 1 Simple-file-manager | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
A path traversal vulnerability exists in simple-file-manager before 2017-04-26, affecting index.php (the sole "Simple PHP File Manager" component).
|
|||||
| CVE-2017-5539 | 1 B2evolution | 1 B2evolution | 2025-04-20 | 9.0 HIGH | 9.1 CRITICAL |
|
The patch for directory traversal (CVE-2017-5480) in b2evolution version 6.8.4-stable has a bypass vulnerability. An attacker can use ..\/ to bypass the filter rule. Then, this attacker can exploit this vulnerability to delete or read any files on the server. It can also be used to determine whether a file exists.
|
|||||
| CVE-2017-5261 | 1 Cambiumnetworks | 10 Cnpilot E400, Cnpilot E400 Firmware, Cnpilot E410 and 7 more | 2025-04-20 | 4.0 MEDIUM | 8.8 HIGH |
|
In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the 'ping' and 'traceroute' functions of the web administrative console expose a file path traversal vulnerability, accessible to all authenticated users.
|
|||||
| CVE-2017-13780 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows directory traversal attacks for reading arbitrary files via the module/admin_conf/download.php file parameter.
|
|||||
| CVE-2017-11723 | 1 Xinha | 1 Xinha | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
Directory traversal vulnerability in plugins/ImageManager/backend.php in Xinha 0.96, as used in Jojo 4.4.0, allows remote attackers to delete any folder via directory traversal sequences in the deld parameter.
|
|||||
| CVE-2014-9983 | 1 Rarlab | 1 Rar | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
|
Directory Traversal exists in RAR 4.x and 5.x because an unpack operation follows any symlinks, including symlinks contained in the archive. This allows remote attackers to write to arbitrary files via a crafted archive.
|
|||||
| CVE-2017-2245 | 1 Getshortcodes | 1 Shortcodes Ultimate | 2025-04-20 | 4.0 MEDIUM | 5.0 MEDIUM |
|
Directory traversal vulnerability in Shortcodes Ultimate prior to version 4.10.0 allows remote attackers to read arbitrary files via unspecified vectors.
|
|||||
| CVE-2016-7826 | 1 Buffalotech | 2 Wnc01wh, Wnc01wh Firmware | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Directory traversal vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to read arbitrary files via specially crafted POST requests.
|
|||||
| CVE-2015-0269 | 1 Contao | 1 Contao Cms | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
|
Directory traversal vulnerability in Contao before 3.2.19, and 3.4.x before 3.4.4 allows remote authenticated "back end" users to view files outside their file mounts or the document root via unspecified vectors.
|
|||||
| CVE-2017-6629 | 1 Cisco | 1 Unity Connection | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A vulnerability in the ImageID parameter of Cisco Unity Connection 10.5(2) could allow an unauthenticated, remote attacker to access files in arbitrary locations on the filesystem of an affected device. The issue is due to improper sanitization of user-supplied input in HTTP POST parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location. Cisco Bug IDs: CSCvd90118.
|
|||||
| CVE-2017-17924 | 1 Ordermanagementscript | 1 Professional Service Script | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
|
PHP Scripts Mall Professional Service Script allows remote attackers to obtain sensitive full-path information via the id parameter to admin/review_userwise.php.
|
|||||
| CVE-2016-6600 | 1 Zohocorp | 1 Webnms Framework | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Directory traversal vulnerability in the file upload functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to upload and execute arbitrary JSP files via a .. (dot dot) in the fileName parameter to servlets/FileUploadServlet.
|
|||||
| CVE-2017-8314 | 2 Debian, Kodi | 2 Debian Linux, Kodi | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
|
Directory Traversal in Zip Extraction built-in function in Kodi 17.1 and earlier allows arbitrary file write on disk via a Zip file as subtitles.
|
|||||
| CVE-2017-8115 | 1 Modx | 1 Modx Revolution | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Directory traversal in setup/processors/url_search.php (aka the search page of an unused processor) in MODX Revolution 2.5.7 might allow remote attackers to obtain system directory information.
|
|||||
| CVE-2017-5228 | 1 Rapid7 | 1 Metasploit | 2025-04-20 | 5.1 MEDIUM | 7.1 HIGH |
|
All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter stdapi Dir.download() function. By using a specially-crafted build of Meterpreter, it is possible to write to an arbitrary directory on the Metasploit console with the permissions of the running Metasploit instance.
|
|||||