Total
8097 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-11630 | 1 Fiyo | 1 Fiyo Cms | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| dapur\apps\app_config\controller\backuper.php in Fiyo CMS 2.0.7 allows remote attackers to delete arbitrary files via directory traversal sequences in the file parameter in a type=database request, a different vulnerability than CVE-2017-8853. | |||||
| CVE-2017-16806 | 1 Ulterius | 1 Ulterius Server | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| The Process function in RemoteTaskServer/WebServer/HttpServer.cs in Ulterius before 1.9.5.0 allows HTTP server directory traversal. | |||||
| CVE-2017-1000028 | 1 Oracle | 1 Glassfish Server | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Traversal vulnerability, that can be exploited by issuing a specially crafted HTTP GET request. | |||||
| CVE-2017-9367 | 1 Blackberry | 2 Workspaces Appliance-x, Workspaces Vapp | 2025-04-20 | 6.8 MEDIUM | 9.8 CRITICAL |
| A directory traversal vulnerability in the BlackBerry Workspaces Server could potentially allow an attacker to execute or upload arbitrary files, or reveal the content of arbitrary files anywhere on the web server by crafting a URL with a manipulated POST request. | |||||
| CVE-2017-17924 | 1 Ordermanagementscript | 1 Professional Service Script | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| PHP Scripts Mall Professional Service Script allows remote attackers to obtain sensitive full-path information via the id parameter to admin/review_userwise.php. | |||||
| CVE-2017-12074 | 1 Synology | 1 Dns Server | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| Directory traversal vulnerability in the SYNO.DNSServer.Zone.MasterZoneConf in Synology DNS Server before 2.2.1-3042 allows remote authenticated attackers to write arbitrary files via the domain_name parameter. | |||||
| CVE-2017-10841 | 1 Webcalendar Project | 1 Webcalendar | 2025-04-20 | 4.0 MEDIUM | 4.9 MEDIUM |
| Directory traversal vulnerability in WebCalendar 1.2.7 and earlier allows authenticated attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2016-9357 | 1 Eaton | 10 Eamaxx Series Epdu, Eamaxx Series Epdu Firmware, Eamxxx Series Epdu and 7 more | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in certain legacy Eaton ePDUs -- the affected products are past end-of-life (EoL) and no longer supported: EAMxxx prior to June 30, 2015, EMAxxx prior to January 31, 2014, EAMAxx prior to January 31, 2014, EMAAxx prior to January 31, 2014, and ESWAxx prior to January 31, 2014. An unauthenticated attacker may be able to access configuration files with a specially crafted URL (Path Traversal). | |||||
| CVE-2017-7240 | 1 Miele Professional | 2 Pg 8528, Pst10 Webserver | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Miele Professional PST10 devices. The corresponding embedded webserver "PST10 WebServer" typically listens to port 80 and is prone to a directory traversal attack; therefore, an unauthenticated attacker may be able to exploit this issue to access sensitive information to aide in subsequent attacks. A Proof of Concept is GET /../../../../../../../../../../../../etc/shadow HTTP/1.1. This affects PG8527 devices 2.02 before 2.12, PG8527 devices 2.51 before 2.61, PG8527 devices 2.52 before 2.62, PG8527 devices 2.54 before 2.64, PG8528 devices 2.02 before 2.12, PG8528 devices 2.51 before 2.61, PG8528 devices 2.52 before 2.62, PG8528 devices 2.54 before 2.64, PG8535 devices 1.00 before 1.10, PG8535 devices 1.04 before 1.14, PG8536 devices 1.10 before 1.20, and PG8536 devices 1.14 before 1.24. | |||||
| CVE-2017-5966 | 1 Sitecore | 1 Crm | 2025-04-20 | 4.0 MEDIUM | 4.9 MEDIUM |
| Sitecore CRM 8.1 Rev 151207 allows remote authenticated administrators to read arbitrary files via an absolute path traversal attack on sitecore/shell/download.aspx with the file parameter. | |||||
| CVE-2017-6805 | 1 Mobatek | 1 Mobaxterm | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| Directory traversal vulnerability in the TFTP server in MobaXterm Personal Edition 9.4 allows remote attackers to read arbitrary files via a .. (dot dot) in a GET command. | |||||
| CVE-2015-8352 | 1 Zen-cart | 1 Zen Cart | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| Directory traversal vulnerability in Zen Cart 1.5.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the act parameter to ajax.php. | |||||
| CVE-2015-7270 | 1 Dell | 4 Integrated Remote Access Controller 6, Integrated Remote Access Controller 7, Integrated Remote Access Controller 8 and 1 more | 2025-04-20 | 4.6 MEDIUM | 7.8 HIGH |
| Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 and 7/8 before 2.21.21.21 allows directory traversal. | |||||
| CVE-2017-14196 | 1 Squiz | 1 Matrix | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Squiz Matrix from 5.3 through to 5.3.6.1 and 5.4.1.3. An information disclosure caused by a Path Traversal issue in the 'File Bridge' plugin allowed the existence of files outside of the bridged path to be confirmed. | |||||
| CVE-2017-6704 | 1 Cisco | 1 Prime Collaboration Provisioning | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the web application in the Cisco Prime Collaboration Provisioning tool could allow an authenticated, remote attacker to perform arbitrary file downloads that could allow the attacker to read files from the underlying filesystem. More Information: CSCvc90335. Known Affected Releases: 12.1. | |||||
| CVE-2017-17715 | 1 Telegram | 1 Telegram Messenger | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| The saveFile method in MediaController.java in the Telegram Messenger application before 2017-12-08 for Android allows directory traversal via a pathname obtained in a file-transfer request from a remote peer, as demonstrated by writing to tgnet.dat or tgnet.dat.bak. | |||||
| CVE-2016-7569 | 1 Docker2aci Project | 1 Docker2aci | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| Directory traversal vulnerability in docker2aci before 0.13.0 allows remote attackers to write to arbitrary files via a .. (dot dot) in the embedded layer data in an image. | |||||
| CVE-2017-1000002 | 1 Atutor | 1 Atutor | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| ATutor versions 2.2.1 and earlier are vulnerable to a directory traversal and file extension check bypass in the Course component resulting in code execution. ATutor versions 2.2.1 and earlier are vulnerable to a directory traversal vulnerability in the Course Icon component resulting in information disclosure. | |||||
| CVE-2017-11511 | 1 Manageengine | 1 Servicedesk | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the filepath parameter for the download-file URL. An unauthenticated remote attacker can use this vulnerability to download arbitrary files. | |||||
| CVE-2017-5899 | 1 S-nail Project | 1 S-nail | 2025-04-20 | 6.9 MEDIUM | 7.0 HIGH |
| Directory traversal vulnerability in the setuid root helper binary in S-nail (later S-mailx) before 14.8.16 allows local users to write to arbitrary files and consequently gain root privileges via a .. (dot dot) in the randstr argument. | |||||