Total
7108 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-16903 | 1 Lvyecms Project | 1 Lvyecms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| LvyeCMS through 3.1 allows remote attackers to upload and execute arbitrary PHP code via directory traversal sequences in the dir parameter, in conjunction with PHP code in the content parameter, within a template Style add request to index.php. | |||||
| CVE-2017-2098 | 1 Cubecart | 1 Cubecart | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2017-17058 | 1 Automattic | 1 Woocommerce | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| The WooCommerce plugin through 3.x for WordPress has a Directory Traversal Vulnerability via a /wp-content/plugins/woocommerce/templates/emails/plain/ URI, which accesses a parent directory. NOTE: a software maintainer indicates that Directory Traversal is not possible because all of the template files have "if (!defined('ABSPATH')) {exit;}" code | |||||
| CVE-2017-7929 | 1 Advantech | 1 Webaccess | 2025-04-20 | 5.5 MEDIUM | 7.1 HIGH |
| An Absolute Path Traversal issue was discovered in Advantech WebAccess Version 8.1 and prior. The absolute path traversal vulnerability has been identified, which may allow an attacker to traverse the file system to access restricted files or directories. | |||||
| CVE-2015-1198 | 1 Linux-ha | 1 Ha | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Multiple directory traversal vulnerabilities in ha 0.999p+dfsg-5. | |||||
| CVE-2016-6600 | 1 Zohocorp | 1 Webnms Framework | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Directory traversal vulnerability in the file upload functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to upload and execute arbitrary JSP files via a .. (dot dot) in the fileName parameter to servlets/FileUploadServlet. | |||||
| CVE-2015-7888 | 1 Samsung | 2 Galaxy S6 Edge, Galaxy S6 Edge Firmware | 2025-04-20 | 7.8 HIGH | 7.5 HIGH |
| Directory traversal vulnerability in the WifiHs20UtilityService on the Samsung S6 Edge LRX22G.G925VVRU1AOE2 allows remote attackers to overwrite or create arbitrary files as the system-level user via a .. (dot dot) in the name of a file, compressed into a zipped file named cred.zip, and downloaded to /sdcard/Download. | |||||
| CVE-2017-15607 | 1 Inedo | 1 Otter | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Inedo Otter before 1.7.4 has directory traversal in filesystem-based rafts via vectors involving '/' characters or initial '.' characters, aka OT-181. | |||||
| CVE-2015-4085 | 1 Etherpad | 1 Etherpad | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in node/hooks/express/tests.js in Etherpad frontend tests before 1.6.1. | |||||
| CVE-2017-14120 | 2 Debian, Rarlab | 2 Debian Linux, Unrar | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a directory traversal vulnerability for RAR v2 archives: pathnames of the form ../[filename] are unpacked into the upper directory. | |||||
| CVE-2017-3980 | 1 Mcafee | 1 Epolicy Orchestrator | 2025-04-20 | 6.5 MEDIUM | 7.2 HIGH |
| A directory traversal vulnerability in the ePO Extension in McAfee ePolicy Orchestrator (ePO) 5.9.0, 5.3.2, and 5.1.3 and earlier allows remote authenticated users to execute a command of their choice via an authenticated ePO session. | |||||
| CVE-2017-17671 | 2 Microsoft, Vbulletin | 2 Windows, Vbulletin | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| vBulletin through 5.3.x on Windows allows remote PHP code execution because a require_once call is reachable with an unauthenticated request that can include directory traversal sequences to specify an arbitrary pathname, and because ../ traversal is blocked but ..\ traversal is not blocked. For example, an attacker can make an invalid HTTP request containing PHP code, and then make an index.php?routestring= request with enough instances of ".." to reach an Apache HTTP Server log file. | |||||
| CVE-2017-1000002 | 1 Atutor | 1 Atutor | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| ATutor versions 2.2.1 and earlier are vulnerable to a directory traversal and file extension check bypass in the Course component resulting in code execution. ATutor versions 2.2.1 and earlier are vulnerable to a directory traversal vulnerability in the Course Icon component resulting in information disclosure. | |||||
| CVE-2017-7424 | 1 Microfocus | 2 Enterprise Developer, Enterprise Server | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| A Path Traversal (CWE-22) vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote authenticated users to download arbitrary files from a system running the product, if this component is configured. Note esfadmingui is not enabled by default. | |||||
| CVE-2017-8805 | 1 Debian | 1 Ftpsync | 2025-04-20 | 6.4 MEDIUM | 9.1 CRITICAL |
| Debian ftpsync before 20171017 does not use the rsync --safe-links option, which allows remote attackers to conduct directory traversal attacks via a crafted upstream mirror. | |||||
| CVE-2017-14196 | 1 Squiz | 1 Matrix | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Squiz Matrix from 5.3 through to 5.3.6.1 and 5.4.1.3. An information disclosure caused by a Path Traversal issue in the 'File Bridge' plugin allowed the existence of files outside of the bridged path to be confirmed. | |||||
| CVE-2017-11630 | 1 Fiyo | 1 Fiyo Cms | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| dapur\apps\app_config\controller\backuper.php in Fiyo CMS 2.0.7 allows remote attackers to delete arbitrary files via directory traversal sequences in the file parameter in a type=database request, a different vulnerability than CVE-2017-8853. | |||||
| CVE-2017-16788 | 1 Meinbergglobal | 2 Lantime, Lantime Firmware | 2025-04-20 | 9.0 HIGH | 7.2 HIGH |
| Directory traversal vulnerability in the "Upload Groupkey" functionality in the Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with Admin-User access to write to arbitrary files and consequently gain root privileges by uploading a file, as demonstrated by storing a file in the cron.d directory. | |||||
| CVE-2014-8704 | 1 Wondercms | 1 Wondercms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Directory traversal vulnerability in index.php in Wonder CMS 2014 allows remote attackers to include and execute arbitrary local files via a crafted theme. | |||||
| CVE-2015-4181 | 1 Phpmybackuppro | 1 Phpmybackuppro | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in get_file.php in phpMyBackupPro 2.1 through 2.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this vulnerability exists due to an incomplete fix to CVE-2015-4180. | |||||