Total
7108 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-16029 | 1 Hostr Project | 1 Hostr | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| hostr is a simple web server that serves up the contents of the current directory. There is a directory traversal vulnerability in hostr 2.3.5 and earlier that allows an attacker to read files outside the current directory by sending `../` in the url path for GET requests. | |||||
| CVE-2017-15712 | 1 Apache | 1 Oozie | 2024-11-21 | 6.8 MEDIUM | 6.5 MEDIUM |
| Vulnerability allows a user of Apache Oozie 3.1.3-incubating to 4.3.0 and 5.0.0-beta1 to expose private files on the Oozie server process. The malicious user can construct a workflow XML file containing XML directives and configuration that reference sensitive files on the Oozie server host. | |||||
| CVE-2017-15684 | 1 Craftercms | 1 Crafter Cms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Crafter CMS Crafter Studio 3.0.1 has a directory traversal vulnerability which allows unauthenticated attackers to view files from the operating system. | |||||
| CVE-2017-15681 | 1 Craftercms | 1 Crafter Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In Crafter CMS Crafter Studio 3.0.1 a directory traversal vulnerability exists which allows unauthenticated attackers to overwrite files from the operating system which can lead to RCE. | |||||
| CVE-2017-15550 | 1 Emc | 3 Avamar Server, Integrated Data Protection Appliance, Networker | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could access arbitrary files on the server file system in the context of the running vulnerable application via Path traversal. | |||||
| CVE-2017-14804 | 2 Opensuse, Suse | 2 Leap, Linux Enterprise Software Development Kit | 2024-11-21 | 5.0 MEDIUM | 9.9 CRITICAL |
| The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots. | |||||
| CVE-2017-14537 | 1 Netfortris | 1 Trixbox | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| trixbox 2.8.0.4 has path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter to /maint/modules/home/index.php. | |||||
| CVE-2017-14384 | 1 Dell | 1 Storage Manager | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Dell Storage Manager versions earlier than 16.3.20, the EMConfigMigration service is affected by a directory traversal vulnerability. A remote malicious user could potentially exploit this vulnerability to read unauthorized files by supplying specially crafted strings in input parameters of the application. A malicious user cannot delete or modify any files via this vulnerability. | |||||
| CVE-2017-12815 | 1 Bomgar | 1 Remote Support | 2024-11-21 | 10.0 HIGH | 10.0 CRITICAL |
| Analysis of the Bomgar Remote Support Portal JavaStart.jar Applet 52790 and earlier revealed that it is vulnerable to a path traversal vulnerability. The archive can be downloaded from a given Bomgar Remote Support Portal deployment at https://domain/api/content/JavaStart.jar and is callable from an arbitrary website using <object> and/or <appletHTML> tags. Successful exploitation results in file creation/modification/deletion in the operating system and with privileges of the user that ran the Java applet. | |||||
| CVE-2017-12560 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 6.8 MEDIUM | 6.5 MEDIUM |
| A Remote Denial of Service vulnerability in HPE Intelligent Management Center (iMC) PLAT version iMC Plat 7.3 E0504P2 was found. | |||||
| CVE-2017-12559 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 6.8 MEDIUM | 6.5 MEDIUM |
| A Remote Denial of Service vulnerability in HPE Intelligent Management Center (iMC) PLAT version iMC Plat 7.3 E0504P2 was found. | |||||
| CVE-2017-10273 | 1 Oracle | 1 Jdeveloper | 2024-11-21 | 3.7 LOW | 4.7 MEDIUM |
| Vulnerability in the Oracle JDeveloper component of Oracle Fusion Middleware (subcomponent: Deployment). Supported versions that are affected are 11.1.1.7.0, 11.1.1.7.1, 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0 and 12.2.1.2.0. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle JDeveloper executes to compromise Oracle JDeveloper. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle JDeveloper, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle JDeveloper accessible data as well as unauthorized read access to a subset of Oracle JDeveloper accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle JDeveloper. CVSS 3.0 Base Score 4.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L). | |||||
| CVE-2017-1000501 | 2 Awstats, Debian | 2 Awstats, Debian Linux | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Awstats version 7.6 and earlier is vulnerable to a path traversal flaw in the handling of the "config" and "migrate" parameters resulting in unauthenticated remote code execution. | |||||
| CVE-2017-1000490 | 2 Acquia, Mautic | 2 Mautic, Mautic | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Mautic versions 1.0.0 - 2.11.0 are vulnerable to allowing any authorized Mautic user session (must be logged into Mautic) to use the Filemanager to download any file from the server that the web user has access to. | |||||
| CVE-2017-1000472 | 2 Debian, Pocoproject | 2 Debian Linux, Poco | 2024-11-21 | 5.8 MEDIUM | 6.5 MEDIUM |
| The ZipCommon::isValidPath() function in Zip/src/ZipCommon.cpp in POCO C++ Libraries before 1.8 does not properly restrict the filename value in the ZIP header, which allows attackers to conduct absolute path traversal attacks during the ZIP decompression, and possibly create or overwrite arbitrary files, via a crafted ZIP file, related to a "file path injection vulnerability". | |||||
| CVE-2017-1000448 | 1 Structured-data | 1 Structured Data Linter | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Structured Data Linter versions 2.4.1 and older are vulnerable to a directory traversal attack in the URL input field resulting in the possibility of disclosing information about the remote host. | |||||
| CVE-2017-0930 | 1 Augustine Project | 1 Augustine | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| augustine node module suffers from a Path Traversal vulnerability due to lack of validation of url, which allows a malicious user to read content of any file with known path. | |||||
| CVE-2017-0918 | 2 Debian, Gitlab | 2 Debian Linux, Gitlab | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Gitlab Community Edition version 10.3 is vulnerable to a path traversal issue in the GitLab CI runner component resulting in remote code execution. | |||||
| CVE-2016-9484 | 1 Jqueryform | 1 Php Formmail Generator | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The generated PHP form code does not properly validate user input folder directories, allowing a remote unauthenticated attacker to perform a path traversal and access arbitrary files on the server. The PHP FormMail Generator website does not use version numbers and is updated continuously. Any PHP form code generated by this website prior to 2016-12-06 may be vulnerable. | |||||
| CVE-2016-7063 | 1 Pritunl | 1 Pritunl-client | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A flaw was found in pritunl-client before version 1.0.1116.6. Arbitrary write to user specified path may lead to privilege escalation. | |||||