Total
8266 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-5480 | 1 B2evolution | 1 B2evolution | 2025-04-20 | 5.5 MEDIUM | 8.1 HIGH |
|
Directory traversal vulnerability in inc/files/files.ctrl.php in b2evolution through 6.8.3 allows remote authenticated users to read or delete arbitrary files by leveraging back-office access to provide a .. (dot dot) in the fm_selected array parameter.
|
|||||
| CVE-2017-12943 | 1 Dlink | 2 Dir-600 B1, Dir-600 B1 Firmware | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
|
D-Link DIR-600 Rev Bx devices with v2.x firmware allow remote attackers to read passwords via a model/__show_info.php?REQUIRE_FILE= absolute path traversal attack, as demonstrated by discovering the admin password.
|
|||||
| CVE-2017-14849 | 1 Nodejs | 1 Node.js | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was incompatible with the pathname validation used by unspecified community modules.
|
|||||
| CVE-2017-9511 | 2 Atlassian, Microsoft | 3 Crucible, Fisheye, Windows | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
The MultiPathResource class in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote attackers to read arbitrary files via a path traversal vulnerability when Fisheye or Crucible is running on the Microsoft Windows operating system.
|
|||||
| CVE-2016-8593 | 1 Trendmicro | 1 Threat Discovery Appliance | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
|
Directory traversal vulnerability in upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via a .. (dot dot) in the dID parameter.
|
|||||
| CVE-2016-5312 | 1 Symantec | 1 Messaging Gateway | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Directory traversal vulnerability in the charting component in Symantec Messaging Gateway before 10.6.2 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the sn parameter to brightmail/servlet/com.ve.kavachart.servlet.ChartStream.
|
|||||
| CVE-2015-0781 | 1 Novell | 1 Zenworks Configuration Management | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Directory traversal vulnerability in the doPost method of the Rtrlet class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to upload and execute arbitrary files via unspecified vectors.
|
|||||
| CVE-2017-7974 | 1 Schneider-electric | 1 U.motion Builder | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
A path traversal information disclosure vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can execute arbitrary code and exfiltrate files.
|
|||||
| CVE-2015-1386 | 1 Unshield Project | 1 Unshield | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
Directory traversal vulnerability in unshield 1.0-1.
|
|||||
| CVE-2017-17671 | 2 Microsoft, Vbulletin | 2 Windows, Vbulletin | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
vBulletin through 5.3.x on Windows allows remote PHP code execution because a require_once call is reachable with an unauthenticated request that can include directory traversal sequences to specify an arbitrary pathname, and because ../ traversal is blocked but ..\ traversal is not blocked. For example, an attacker can make an invalid HTTP request containing PHP code, and then make an index.php?routestring= request with enough instances of ".." to reach an Apache HTTP Server log file.
|
|||||
| CVE-2017-5966 | 1 Sitecore | 1 Crm | 2025-04-20 | 4.0 MEDIUM | 4.9 MEDIUM |
|
Sitecore CRM 8.1 Rev 151207 allows remote authenticated administrators to read arbitrary files via an absolute path traversal attack on sitecore/shell/download.aspx with the file parameter.
|
|||||
| CVE-2017-11512 | 1 Manageengine | 1 Servicedesk | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the name parameter for the download-snapshot URL. An unauthenticated remote attacker can use this vulnerability to download arbitrary files.
|
|||||
| CVE-2017-11511 | 1 Manageengine | 1 Servicedesk | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the filepath parameter for the download-file URL. An unauthenticated remote attacker can use this vulnerability to download arbitrary files.
|
|||||
| CVE-2017-5899 | 1 S-nail Project | 1 S-nail | 2025-04-20 | 6.9 MEDIUM | 7.0 HIGH |
|
Directory traversal vulnerability in the setuid root helper binary in S-nail (later S-mailx) before 14.8.16 allows local users to write to arbitrary files and consequently gain root privileges via a .. (dot dot) in the randstr argument.
|
|||||
| CVE-2017-6527 | 1 Dnatools | 1 Dnalims | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to a NUL-terminated directory traversal attack allowing an unauthenticated attacker to access system files readable by the web server user (by using the viewAppletFsa.cgi seqID parameter).
|
|||||
| CVE-2017-11500 | 1 Metinfo | 1 Metinfo | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
A directory traversal vulnerability exists in MetInfo 5.3.17. A remote attacker can use ..\ to delete any .zip file via the filenames parameter to /admin/system/database/filedown.php.
|
|||||
| CVE-2017-5946 | 2 Debian, Rubyzip Project | 2 Debian Linux, Rubyzip | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
The Zip::File component in the rubyzip gem before 1.2.1 for Ruby has a directory traversal vulnerability. If a site allows uploading of .zip files, an attacker can upload a malicious file that uses "../" pathname substrings to write arbitrary files to the filesystem.
|
|||||
| CVE-2017-10907 | 1 Spiqe | 1 Onethird Cms Show Off | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
|
Directory traversal vulnerability in OneThird CMS Show Off v1.85 and earlier. Show Off v1.85 en and earlier allows an attacker to read arbitrary files via unspecified vectors.
|
|||||
| CVE-2017-11469 | 1 Idera | 1 Uptime Infrastructure Monitor | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
get2post.php in IDERA Uptime Monitor 7.8 has directory traversal in the file_name parameter.
|
|||||
| CVE-2015-7780 | 1 Zohocorp | 1 Manageengine Firewall Analyzer | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Directory traversal vulnerability in ManageEngine Firewall Analyzer before 8.0.
|
|||||
| CVE-2016-4314 | 1 Wso2 | 1 Carbon | 2025-04-20 | 4.0 MEDIUM | 4.9 MEDIUM |
|
Directory traversal vulnerability in the LogViewer Admin Service in WSO2 Carbon 4.4.5 allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the logFile parameter to downloadgz-ajaxprocessor.jsp.
|
|||||
| CVE-2017-12263 | 1 Cisco | 1 License Manager | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
A vulnerability in the web interface of Cisco License Manager software could allow an unauthenticated, remote attacker to download and view files within the application that should be restricted, aka Directory Traversal. The issue is due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location. An exploit could allow the attac ...
Show More |
|||||
| CVE-2017-16759 | 1 Librenms | 1 Librenms | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
|
The installation process in LibreNMS before 2017-08-18 allows remote attackers to read arbitrary files, related to html/install.php.
|
|||||
| CVE-2017-11589 | 1 Cisco | 2 Residential Gateway, Residential Gateway Firmware | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00.00.03.45.4E and DDR2201v1 ADSL2+ Residential Gateway DDR2201v1-NA-AnnexA-FCC-V00.00.03.28.3 devices, there is no access control for info.html, wancfg.cmd, rtroutecfg.cmd, arpview.cmd, cpuview.cmd, memoryview.cmd, statswan.cmd, statsatm.cmd, scsrvcntr.cmd, scacccntr.cmd, logview.cmd, voicesipview.cmd, usbview.cmd, wlmacflt.cmd, wlwds.cmd, wlstationlist.cmd, HPNAShow.cmd, HPNAView.cmd, qoscls.cmd, qosqueue.cmd, portmap.cmd, scm ...
Show More |
|||||
| CVE-2017-1000062 | 1 Kitto Project | 1 Kitto | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
kittoframework kitto 0.5.1 is vulnerable to directory traversal in the router resulting in remote code execution
|
|||||
| CVE-2017-7424 | 1 Microfocus | 2 Enterprise Developer, Enterprise Server | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
|
A Path Traversal (CWE-22) vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote authenticated users to download arbitrary files from a system running the product, if this component is configured. Note esfadmingui is not enabled by default.
|
|||||
| CVE-2015-1876 | 1 Estrongs | 1 Es File Explorer | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
Directory traversal vulnerability in ES File Explorer 3.2.4.1.
|
|||||
| CVE-2017-16788 | 1 Meinbergglobal | 2 Lantime, Lantime Firmware | 2025-04-20 | 9.0 HIGH | 7.2 HIGH |
|
Directory traversal vulnerability in the "Upload Groupkey" functionality in the Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with Admin-User access to write to arbitrary files and consequently gain root privileges by uploading a file, as demonstrated by storing a file in the cron.d directory.
|
|||||
| CVE-2017-14614 | 1 Gridgain | 1 Gridgain | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Directory traversal vulnerability in the Visor GUI Console in GridGain before 1.7.16, 1.8.x before 1.8.12, 1.9.x before 1.9.7, and 8.x before 8.1.5 allows remote authenticated users to read arbitrary files on remote cluster nodes via a crafted path.
|
|||||
| CVE-2017-12285 | 1 Cisco | 1 Prime Network Analysis Module | 2025-04-20 | 6.4 MEDIUM | 5.3 MEDIUM |
|
A vulnerability in the web interface of Cisco Network Analysis Module Software could allow an unauthenticated, remote attacker to delete arbitrary files from an affected system, aka Directory Traversal. The vulnerability exists because the affected software does not perform proper input validation of HTTP requests that it receives and the software does not apply role-based access controls (RBACs) to requested HTTP URLs. An attacker could exploit this vulnerability by sending a crafted HTTP reque ...
Show More |
|||||
| CVE-2017-7461 | 1 Intellinet-network | 2 Nfc-30ir, Nfc-30ir Firmware | 2025-04-20 | 6.8 MEDIUM | 4.9 MEDIUM |
|
Directory traversal vulnerability in the web-based management site on the Intellinet NFC-30ir IP Camera with firmware LM.1.6.16.05 allows remote attackers to read arbitrary files via a request to a vendor-supplied CGI script that is used to read HTML text file, but that does not do any URI/path sanitization.
|
|||||
| CVE-2017-8853 | 1 Fiyo | 1 Fiyo Cms | 2025-04-20 | 6.4 MEDIUM | 7.5 HIGH |
|
Fiyo CMS v2.0.7 has an arbitrary file delete vulnerability in dapur/apps/app_config/controller/backuper.php via directory traversal in the file parameter during an act=db action.
|
|||||
| CVE-2015-8352 | 1 Zen-cart | 1 Zen Cart | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
|
Directory traversal vulnerability in Zen Cart 1.5.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the act parameter to ajax.php.
|
|||||
| CVE-2017-11348 | 1 Octopus | 2 Octopus Deploy, Octopus Server | 2025-04-20 | 6.3 MEDIUM | 5.7 MEDIUM |
|
In Octopus Deploy 3.x before 3.15.4, an authenticated user with PackagePush permission to upload packages could upload a maliciously crafted NuGet package, potentially overwriting other packages or modifying system files. This is a directory traversal in the PackageId value.
|
|||||
| CVE-2016-8207 | 1 Brocade | 1 Network Advisor | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
A Directory Traversal vulnerability in CliMonitorReportServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to read arbitrary files including files with sensitive user information.
|
|||||
| CVE-2017-10861 | 1 Qualitysoft | 1 Qnd Advance\/standard | 2025-04-20 | 6.4 MEDIUM | 9.1 CRITICAL |
|
Directory traversal vulnerability in QND Advance/Standard allows an attacker to read arbitrary files via a specially crafted command.
|
|||||
| CVE-2017-12074 | 1 Synology | 1 Dns Server | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Directory traversal vulnerability in the SYNO.DNSServer.Zone.MasterZoneConf in Synology DNS Server before 2.2.1-3042 allows remote authenticated attackers to write arbitrary files via the domain_name parameter.
|
|||||
| CVE-2016-7842 | 1 Hibara | 1 Attachecase | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
|
Directory traversal vulnerability in AttacheCase 2.8.2.8 and earlier and 3.2.0.4 and earlier allows remote attackers to read arbitrary files via specially crafted ATC file.
|
|||||
| CVE-2017-8921 | 1 Flightgear | 1 Flightgear | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
In FlightGear before 2017.2.1, the FGCommand interface allows overwriting any file the user has write access to, but not with arbitrary data: only with the contents of a FlightGear flightplan (XML). A resource such as a malicious third-party aircraft could exploit this to damage files belonging to the user. Both this issue and CVE-2016-9956 are directory traversal vulnerabilities in Autopilot/route_mgr.cxx - this one exists because of an incomplete fix for CVE-2016-9956.
|
|||||
| CVE-2011-5325 | 3 Busybox, Canonical, Debian | 3 Busybox, Ubuntu Linux, Debian Linux | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
Directory traversal vulnerability in the BusyBox implementation of tar before 1.22.0 v5 allows remote attackers to point to files outside the current working directory via a symlink.
|
|||||