Total
8097 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-11658 | 1 Wp-rocket | 1 Wp-rocket | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| In the WP Rocket plugin 2.9.3 for WordPress, the Local File Inclusion mitigation technique is to trim traversal characters (..) -- however, this is insufficient to stop remote attacks and can be bypassed by using 0x00 bytes, as demonstrated by a .%00.../.%00.../ attack. | |||||
| CVE-2017-11469 | 1 Idera | 1 Uptime Infrastructure Monitor | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| get2post.php in IDERA Uptime Monitor 7.8 has directory traversal in the file_name parameter. | |||||
| CVE-2016-10367 | 1 Opsview | 1 Opsview | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| In Opsview Monitor Pro (Prior to 5.1.0.162300841, prior to 5.0.2.27475, prior to 4.6.4.162391051, and 4.5.x without a certain 2016 security patch), an unauthenticated Directory Traversal vulnerability can be exploited by issuing a specially crafted HTTP GET request utilizing a simple URL encoding bypass, %252f instead of /. | |||||
| CVE-2016-6126 | 1 Ibm | 1 Kenexa Lms On Cloud | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. | |||||
| CVE-2016-10184 | 1 Dlink | 2 Dwr-932b, Dwr-932b Firmware | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on the D-Link DWR-932B router. qmiweb allows file reading with ..%2f traversal. | |||||
| CVE-2014-0115 | 1 Apache | 1 Storm | 2025-04-20 | 7.8 HIGH | 7.5 HIGH |
| Directory traversal vulnerability in the log viewer in Apache Storm 0.9.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to log. | |||||
| CVE-2017-17927 | 1 Ordermanagementscript | 1 Professional Service Script | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| PHP Scripts Mall Professional Service Script allows remote attackers to obtain sensitive full-path information via a crafted PATH_INFO to service-list/category/. | |||||
| CVE-2016-10400 | 1 Atutor | 1 Atutor | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Directory Traversal exists in ATutor before 2.2.2 via the icon parameter to /mods/_core/courses/users/create_course.php. The attacker can read an arbitrary file by visiting get_course_icon.php?id= after the traversal attack. | |||||
| CVE-2017-2706 | 1 Huawei | 2 Mate 9, Mate 9 Firmware | 2025-04-20 | 5.8 MEDIUM | 7.1 HIGH |
| Mate 9 smartphones with software MHA-AL00AC00B125 have a directory traversal vulnerability in Push module. Since the system does not verify the file name during decompression, system directories are traversed. It could be exploited to cause the attacker to replace files and impact the service. | |||||
| CVE-2015-7245 | 2 D-link, Dlink | 2 Dvg-n5402sp Firmware, Dvg-n5402sp | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 allows remote attackers to read sensitive information via a .. (dot dot) in the errorpage parameter. | |||||
| CVE-2011-5325 | 3 Busybox, Canonical, Debian | 3 Busybox, Ubuntu Linux, Debian Linux | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in the BusyBox implementation of tar before 1.22.0 v5 allows remote attackers to point to files outside the current working directory via a symlink. | |||||
| CVE-2017-13780 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows directory traversal attacks for reading arbitrary files via the module/admin_conf/download.php file parameter. | |||||
| CVE-2017-7675 | 1 Apache | 1 Tomcat | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M21 and 8.5.0 to 8.5.15 bypassed a number of security checks that prevented directory traversal attacks. It was therefore possible to bypass security constraints using a specially crafted URL. | |||||
| CVE-2017-9428 | 2 Bigtreecms, Microsoft | 2 Bigtree Cms, Windows | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| A directory traversal vulnerability exists in core\admin\ajax\developer\extensions\file-browser.php in BigTree CMS through 4.2.18 on Windows, allowing attackers to read arbitrary files via ..\ sequences in the directory parameter. | |||||
| CVE-2017-16877 | 1 Zeit | 1 Next.js | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| ZEIT Next.js before 2.4.1 has directory traversal under the /_next and /static request namespace, allowing attackers to obtain sensitive information. | |||||
| CVE-2017-11589 | 1 Cisco | 2 Residential Gateway, Residential Gateway Firmware | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00.00.03.45.4E and DDR2201v1 ADSL2+ Residential Gateway DDR2201v1-NA-AnnexA-FCC-V00.00.03.28.3 devices, there is no access control for info.html, wancfg.cmd, rtroutecfg.cmd, arpview.cmd, cpuview.cmd, memoryview.cmd, statswan.cmd, statsatm.cmd, scsrvcntr.cmd, scacccntr.cmd, logview.cmd, voicesipview.cmd, usbview.cmd, wlmacflt.cmd, wlwds.cmd, wlstationlist.cmd, HPNAShow.cmd, HPNAView.cmd, qoscls.cmd, qosqueue.cmd, portmap.cmd, scmacflt.cmd, scinflt.cmd, scoutflt.cmd, certlocal.cmd, or certca.cmd. | |||||
| CVE-2017-6821 | 1 Synacor | 1 Zimbra Collaboration Suite | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Directory traversal vulnerability in Zimbra Collaboration Suite (aka ZCS) before 8.7.6 allows attackers to have unspecified impact via unknown vectors. | |||||
| CVE-2016-4314 | 1 Wso2 | 1 Carbon | 2025-04-20 | 4.0 MEDIUM | 4.9 MEDIUM |
| Directory traversal vulnerability in the LogViewer Admin Service in WSO2 Carbon 4.4.5 allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the logFile parameter to downloadgz-ajaxprocessor.jsp. | |||||
| CVE-2014-8676 | 1 Soplanning | 1 Soplanning | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| Directory traversal vulnerability in the file_get_contents function in SOPlanning 1.32 and earlier allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) in a URL path parameter. | |||||
| CVE-2017-9511 | 2 Atlassian, Microsoft | 3 Crucible, Fisheye, Windows | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| The MultiPathResource class in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote attackers to read arbitrary files via a path traversal vulnerability when Fisheye or Crucible is running on the Microsoft Windows operating system. | |||||