Total
7108 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-37500 | 1 Reprisesoftware | 1 Reprise License Manager | 2025-04-03 | N/A | 8.1 HIGH |
| Directory traversal vulnerability in Reprise License Manager (RLM) web interface before 14.2BL4 in the diagnostics function that allows RLM users with sufficient privileges to overwrite any file the on the server. | |||||
| CVE-2025-25371 | 1 Nasa | 1 Cfs | 2025-04-03 | N/A | 7.5 HIGH |
| NASA cFS (Core Flight System) Aquila is vulnerable to path traversal in the OSAL module, allowing the override of any arbitrary file on the system. | |||||
| CVE-2022-46639 | 1 Correos | 1 Correos | 2025-04-03 | N/A | 7.5 HIGH |
| A vulnerability in the descarga_etiqueta.php component of Correos Prestashop 1.7.x allows attackers to execute a directory traversal. | |||||
| CVE-2022-46959 | 1 Sonic Project | 1 Sonic | 2025-04-03 | N/A | 4.3 MEDIUM |
| An issue in the component /admin/backups/work-dir of Sonic v1.0.4 allows attackers to execute a directory traversal. | |||||
| CVE-2022-25377 | 1 Appwrite | 1 Appwrite | 2025-04-03 | N/A | 7.5 HIGH |
| The ACME-challenge endpoint in Appwrite 0.5.0 through 0.12.x before 0.12.2 allows remote attackers to read arbitrary local files via ../ directory traversal. In order to be vulnerable, APP_STORAGE_CERTIFICATES/.well-known/acme-challenge must exist on disk. (This pathname is automatically created if the user chooses to install Let's Encrypt certificates via Appwrite.) | |||||
| CVE-2024-9676 | 1 Redhat | 15 Enterprise Linux, Enterprise Linux Eus, Enterprise Linux For Arm 64 and 12 more | 2025-04-03 | N/A | 6.5 MEDIUM |
| A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned user namespace (`--userns=auto` in Podman and Buildah). The containers/storage library will read /etc/passwd inside the container, but does not properly validate if that file is a symlink, which can be used to cause the library to read an arbitrary file on the host. | |||||
| CVE-2002-2233 | 1 Mollensoft Software | 1 Enceladus Server Suite | 2025-04-03 | 8.3 HIGH | N/A |
| Directory traversal vulnerability in Enceladus Server Suite 3.9 allows remote attackers to list arbitrary directories and possibly cause a denial of service via "@" (at) characters in a CD (CWD) command, such as (1) "@/....\", (2) "@@@/..c:\", or (3) "@/..@/..". | |||||
| CVE-2002-2154 | 1 Monkey-project | 1 Monkey | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Monkey HTTP Daemon 0.1.4 allows remote attackers to read arbitrary files via .. (dot dot) sequences. | |||||
| CVE-2005-2371 | 1 Oracle | 1 Reports | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Oracle Reports 6.0, 6i, 9i, and 10g allows remote attackers to overwrite arbitrary files via (1) "..", (2) Windows drive letter (C:), and (3) absolute path sequences in the desname parameter. NOTE: this issue was probably fixed by REP06 in CPU Jan 2006, in which case it overlaps CVE-2006-0289. | |||||
| CVE-2003-1430 | 3 Epic Games, Linux, Microsoft | 3 Unreal Engine, Linux Kernel, All Windows | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Unreal Tournament Server 436 and earlier allows remote attackers to access known files via a ".." (dot dot) in an unreal:// URL. | |||||
| CVE-2004-2686 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 7.2 HIGH | N/A |
| Directory traversal vulnerability in the vfs_getvfssw function in Solaris 2.6, 7, 8, and 9 allows local users to load arbitrary kernel modules via crafted (1) mount or (2) sysfs system calls. NOTE: this might be the same issue as CVE-2004-1767, but there are insufficient details to be sure. | |||||
| CVE-2006-2516 | 1 Xoops | 1 Xoops | 2025-04-03 | 5.1 MEDIUM | N/A |
| mainfile.php in XOOPS 2.0.13.2 and earlier, when register_globals is enabled, allows remote attackers to overwrite variables such as $xoopsOption['nocommon'] and conduct directory traversal attacks or include PHP files via (1) xoopsConfig[language] to misc.php or (2) xoopsConfig[theme_set] to index.php, as demonstrated by injecting PHP sequences into a log file. | |||||
| CVE-2004-1444 | 1 Roundup-tracker | 1 Roundup | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Roundup 0.6.4 and earlier allows remote attackers to view arbitrary files via .. (dot dot) sequences in an @@ command in an HTTP GET request. | |||||
| CVE-2003-1501 | 1 Gast Arbeiter | 1 Gast Arbeiter | 2025-04-03 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in the file upload CGI of Gast Arbeiter 1.3 allows remote attackers to write arbitrary files via a .. (dot dot) in the req_file parameter. | |||||
| CVE-2001-0780 | 1 Cosmicperl | 1 Directory Pro | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in cosmicpro.cgi in Cosmicperl Directory Pro 2.0 allows remote attackers to gain sensitive information via a .. (dot dot) in the SHOW parameter. | |||||
| CVE-2006-1095 | 1 Apache | 1 Mod Python | 2025-04-03 | 7.2 HIGH | N/A |
| Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie. | |||||
| CVE-2003-1351 | 1 Greg Billock | 1 Edittag | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in edittag.cgi in EditTag 1.1 allows remote attackers to read arbitrary files via a "%2F.." (encoded slash dot dot) in the file parameter. | |||||
| CVE-2002-2387 | 1 Mollensoft Software | 1 Hyperion Ftp Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Hyperion FTP server 2.8.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the LS command. | |||||
| CVE-2006-0223 | 1 Topcmm Computing | 1 123 Flash Chat Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Shanghai TopCMM 123 Flash Chat Server Software 5.1 allows attackers to create or overwrite arbitrary files on the server via ".." (dot dot) sequences in the username field. | |||||
| CVE-2002-2416 | 1 Zeroo | 1 Http Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Zeroo web server 1.5 allows remote attackers to read arbitrary files via a .. (dot dot) in a URL GET request. | |||||