Total
8266 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-9846 | 1 Magicwinmail | 1 Winmail Server | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
|
Winmail Server 6.1 allows remote code execution by authenticated users who leverage directory traversal in a netdisk.php move_folder_file call to move a .php file from the FTP folder into a web folder.
|
|||||
| CVE-2017-9367 | 1 Blackberry | 2 Workspaces Appliance-x, Workspaces Vapp | 2025-04-20 | 6.8 MEDIUM | 9.8 CRITICAL |
|
A directory traversal vulnerability in the BlackBerry Workspaces Server could potentially allow an attacker to execute or upload arbitrary files, or reveal the content of arbitrary files anywhere on the web server by crafting a URL with a manipulated POST request.
|
|||||
| CVE-2013-7462 | 1 Mcafee | 1 Saas Control Console Platform | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
A directory traversal vulnerability in the web application in McAfee (now Intel Security) SaaS Control Console (SCC) Platform 6.14 before patch 1070, and 6.15 before patch 1076 allows unauthenticated users to view contents of arbitrary system files that did not have file system level read access restrictions via a null-byte injection exploit.
|
|||||
| CVE-2017-6636 | 1 Cisco | 1 Prime Collaboration Provisioning | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
|
A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software (prior to Release 11.1) could allow an authenticated, remote attacker to view any file on an affected system. The vulnerability exists because the affected software does not perform proper input validation of HTTP requests and fails to apply role-based access controls (RBACs) to requested HTTP URLs. An attacker could exploit this vulnerability by sending a crafted HTTP request that uses directory traversal te ...
Show More |
|||||
| CVE-2015-1199 | 1 Ppmd Project | 1 Ppmd | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
Directory traversal vulnerability in ppmd 10.1-5.
|
|||||
| CVE-2017-5541 | 1 Getsymphony | 1 Symphony | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Directory traversal vulnerability in template/usererror.missing_extension.php in Symphony CMS before 2.6.10 allows remote attackers to rename arbitrary files via a .. (dot dot) in the existing-folder and new-folder parameters.
|
|||||
| CVE-2017-2119 | 1 Wbce | 1 Wbce Cms | 2025-04-20 | 5.0 MEDIUM | 8.6 HIGH |
|
Directory traversal vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to read arbitrary files via unspecified vectors.
|
|||||
| CVE-2017-7358 | 2 Canonical, Lightdm Project | 2 Ubuntu Linux, Lightdm | 2025-04-20 | 6.9 MEDIUM | 7.3 HIGH |
|
In LightDM through 1.22.0, a directory traversal issue in debian/guest-account.sh allows local attackers to own arbitrary directory path locations and escalate privileges to root when the guest user logs out.
|
|||||
| CVE-2017-6758 | 1 Cisco | 1 Unified Communications Manager | 2025-04-20 | 6.8 MEDIUM | 6.5 MEDIUM |
|
A vulnerability in the web framework of Cisco Unified Communications Manager 11.5(1.10000.6) could allow an authenticated, remote attacker to access arbitrary files in the context of the web root directory structure on an affected device. The vulnerability is due to insufficient input validation by the affected software. An attacker could exploit this vulnerability by using directory traversal techniques to read files in the web root directory structure on the Cisco Unified Communications Manage ...
Show More |
|||||
| CVE-2016-8913 | 1 Ibm | 1 Kenexa Lms On Cloud | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
|
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.
|
|||||
| CVE-2016-7135 | 1 Plone | 1 Plone | 2025-04-20 | 4.0 MEDIUM | 4.9 MEDIUM |
|
Directory traversal vulnerability in Plone CMS 5.x through 5.0.6 and 4.2.x through 4.3.11 allows remote administrators to read arbitrary files via a .. (dot dot) in the path parameter in a getFile action to Plone/++theme++barceloneta/@@plone.resourceeditor.filemanager-actions.
|
|||||
| CVE-2015-1395 | 3 Canonical, Fedoraproject, Gnu | 3 Ubuntu Linux, Fedora, Patch | 2025-04-20 | 7.8 HIGH | 7.5 HIGH |
|
Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. (dot dot) in a diff file name.
|
|||||
| CVE-2017-10834 | 1 Nippon-antenna | 2 Scr02hd, Scr02hd Firmware | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Directory traversal vulnerability in "Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier allows authenticated attackers to read arbitrary files via unspecified vectors.
|
|||||
| CVE-2017-15359 | 1 3cx | 1 3cx | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
|
In the 3CX Phone System 15.5.3554.1, the Management Console typically listens to port 5001 and is prone to a directory traversal attack: "/api/RecordingList/DownloadRecord?file=" and "/api/SupportInfo?file=" are the vulnerable parameters. An attacker must be authenticated to exploit this issue to access sensitive information to aid in subsequent attacks.
|
|||||
| CVE-2017-5869 | 1 Nuxeo | 1 Nuxeo | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
|
Directory traversal vulnerability in the file import feature in Nuxeo Platform 6.0, 7.1, 7.2, and 7.3 allows remote authenticated users to upload and execute arbitrary JSP code via a .. (dot dot) in the X-File-Name header.
|
|||||
| CVE-2017-15895 | 1 Synology | 1 Router Manager | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology Router Manager (SRM) before 1.1.5-6542-4 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter.
|
|||||
| CVE-2017-7693 | 1 Riverbed | 1 Opnet App Response Xpert | 2025-04-20 | 6.8 MEDIUM | 6.5 MEDIUM |
|
Directory traversal vulnerability in viewer_script.jsp in Riverbed OPNET App Response Xpert (ARX) version 9.6.1 allows remote authenticated users to inject arbitrary commands to read OS files.
|
|||||
| CVE-2017-17927 | 1 Ordermanagementscript | 1 Professional Service Script | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
|
PHP Scripts Mall Professional Service Script allows remote attackers to obtain sensitive full-path information via a crafted PATH_INFO to service-list/category/.
|
|||||
| CVE-2017-8003 | 1 Emc | 1 Data Protection Advisor | 2025-04-20 | 6.8 MEDIUM | 4.9 MEDIUM |
|
EMC Data Protection Advisor prior to 6.4 contains a path traversal vulnerability. A remote authenticated high privileged user may potentially exploit this vulnerability to access unauthorized information from the underlying OS server by supplying specially crafted strings in input parameters of the application.
|
|||||
| CVE-2017-7442 | 1 Gonitro | 1 Nitro Pro | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
|
Nitro Pro 11.0.3.173 allows remote attackers to execute arbitrary code via saveAs and launchURL calls with directory traversal sequences.
|
|||||
| CVE-2017-14754 | 1 Opentext | 1 Document Sciences Xpression | 2025-04-20 | 6.8 MEDIUM | 6.5 MEDIUM |
|
OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to Arbitrary File Read: /xAdmin/html/cm_datasource_group_xsd.jsp, parameter: xsd_datasource_schema_file filename. In order for this vulnerability to be exploited, an attacker must authenticate to the application first.
|
|||||
| CVE-2017-14695 | 1 Saltstack | 1 Salt | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-12791.
|
|||||
| CVE-2017-15532 | 1 Symantec | 1 Messaging Gateway | 2025-04-20 | 5.5 MEDIUM | 5.7 MEDIUM |
|
Prior to 10.6.4, Symantec Messaging Gateway may be susceptible to a path traversal attack (also known as directory traversal). These types of attacks aim to access files and directories that are stored outside the web root folder. By manipulating variables, it may be possible to access arbitrary files and directories stored on the file system including application source code or configuration and critical system files.
|
|||||
| CVE-2017-9067 | 2 Modx, Php | 2 Modx Revolution, Php | 2025-04-20 | 4.4 MEDIUM | 7.0 HIGH |
|
In MODX Revolution before 2.5.7, when PHP 5.3.3 is used, an attacker is able to include and execute arbitrary files on the web server due to insufficient validation of the action parameter to setup/index.php, aka directory traversal.
|
|||||
| CVE-2017-15647 | 1 Fiberhome | 1 Routerfiberhome Firmware | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
On FiberHome routers, Directory Traversal exists in /cgi-bin/webproc via the getpage parameter in conjunction with a crafted var:page value.
|
|||||
| CVE-2016-7552 | 1 Trendmicro | 1 Threat Discovery Appliance | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
|
On the Trend Micro Threat Discovery Appliance 2.6.1062r1, directory traversal when processing a session_id cookie allows a remote, unauthenticated attacker to delete arbitrary files as root. This can be used to bypass authentication or cause a DoS.
|
|||||
| CVE-2017-15607 | 1 Inedo | 1 Otter | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Inedo Otter before 1.7.4 has directory traversal in filesystem-based rafts via vectors involving '/' characters or initial '.' characters, aka OT-181.
|
|||||
| CVE-2017-15363 | 1 Luracast | 1 Restler | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
Directory traversal vulnerability in public/examples/resources/getsource.php in Luracast Restler through 3.0.0, as used in the restler extension before 1.7.1 for TYPO3, allows remote attackers to read arbitrary files via the file parameter.
|
|||||
| CVE-2017-6681 | 1 Cisco | 1 Ultra Services Framework | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
A vulnerability in the AutoVNF VNFStagingView class of Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to execute a relative path traversal attack, enabling an attacker to read sensitive files on the system. More Information: CSCvc76662. Known Affected Releases: 21.0.0.
|
|||||
| CVE-2017-16762 | 1 Sanic Project | 1 Sanic | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
Sanic before 0.5.1 allows reading arbitrary files with directory traversal, as demonstrated by the /static/..%2f substring.
|
|||||
| CVE-2015-1847 | 1 Appserver | 1 Appserver | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
Directory traversal vulnerability in the web request/response interface in Appserver before 1.0.3 allows remote attackers to read normally inaccessible files via a .. (dot dot) in a crafted URL.
|
|||||
| CVE-2017-1548 | 1 Ibm | 1 Sterling File Gateway | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
|
IBM Sterling File Gateway 2.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 131288.
|
|||||
| CVE-2014-8871 | 1 Sap | 1 Hybris | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
Directory traversal vulnerability in hybris Commerce software suite 5.0.3.3 and earlier, 5.0.0.3 and earlier, 5.0.4.4 and earlier, 5.1.0.1 and earlier, 5.1.1.2 and earlier, 5.2.0.3 and earlier, and 5.3.0.1 and earlier.
|
|||||
| CVE-2015-5473 | 1 Samsung | 1 Syncthru 6 | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
|
Multiple directory traversal vulnerabilities in Samsung SyncThru 6 before 1.0 allow remote attackers to delete arbitrary files via unspecified parameters to (1) upload/updateDriver or (2) upload/addDriver or to execute arbitrary code with SYSTEM privileges via unspecified parameters to (3) uploadCloning.html, (4) fileupload.html, (5) uploadFirmware.html, or (6) upload/driver.
|
|||||
| CVE-2016-10184 | 1 Dlink | 2 Dwr-932b, Dwr-932b Firmware | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered on the D-Link DWR-932B router. qmiweb allows file reading with ..%2f traversal.
|
|||||
| CVE-2017-11587 | 1 Cisco | 2 Residential Gateway, Residential Gateway Firmware | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00.00.03.45.4E and DDR2201v1 ADSL2+ Residential Gateway DDR2201v1-NA-AnnexA-FCC-V00.00.03.28.3 devices, there is directory traversal in the filename parameter to the /download.conf URI.
|
|||||
| CVE-2016-10331 | 1 Synology | 1 Photo Station | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
Directory traversal vulnerability in download.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to read arbitrary files via a full pathname in the id parameter.
|
|||||
| CVE-2015-8780 | 1 Samsung | 1 Kies | 2025-04-20 | 6.9 MEDIUM | 6.4 MEDIUM |
|
Samsung wssyncmlnps before 2015-10-31 allows directory traversal in a Kies restore, aka ZipFury.
|
|||||
| CVE-2016-6896 | 1 Wordpress | 1 Wordpress | 2025-04-20 | 5.5 MEDIUM | 7.1 HIGH |
|
Directory traversal vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress 4.5.3 allows remote authenticated users to cause a denial of service or read certain text files via a .. (dot dot) in the plugin parameter to wp-admin/admin-ajax.php, as demonstrated by /dev/random read operations that deplete the entropy pool.
|
|||||
| CVE-2016-7843 | 1 Hibara Software | 3 Attachecase For Java, Attachecase Lite, Attachecase Pro | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
|
Directory traversal vulnerability in AttacheCase for Java 0.60 and earlier, AttacheCase Lite 1.4.6 and earlier, and AttacheCase Pro 1.5.7 and earlier allows remote attackers to read arbitrary files via specially crafted ATC file.
|
|||||