Total
7723 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-11723 | 1 Xinha | 1 Xinha | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in plugins/ImageManager/backend.php in Xinha 0.96, as used in Jojo 4.4.0, allows remote attackers to delete any folder via directory traversal sequences in the deld parameter. | |||||
| CVE-2017-8189 | 1 Huawei | 1 Fusionsphere Openstack | 2025-04-20 | 3.6 LOW | 6.0 MEDIUM |
| FusionSphere OpenStack V100R006C00SPC102(NFV)has a path traversal vulnerability. Due to insufficient path validation, an attacker with high privilege may exploit this vulnerability to cover some files, causing services abnormal. | |||||
| CVE-2016-6601 | 1 Zohocorp | 1 Webnms Framework | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to read arbitrary files via a .. (dot dot) in the fileName parameter to servlets/FetchFile. | |||||
| CVE-2017-11511 | 1 Manageengine | 1 Servicedesk | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the filepath parameter for the download-file URL. An unauthenticated remote attacker can use this vulnerability to download arbitrary files. | |||||
| CVE-2017-10841 | 1 Webcalendar Project | 1 Webcalendar | 2025-04-20 | 4.0 MEDIUM | 4.9 MEDIUM |
| Directory traversal vulnerability in WebCalendar 1.2.7 and earlier allows authenticated attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2017-15079 | 1 Wpmudev | 1 Smush Image Compression And Optimization | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| The Smush Image Compression and Optimization plugin before 2.7.6 for WordPress allows directory traversal. | |||||
| CVE-2015-0107 | 1 Ibm | 11 Change And Configuration Management Database, Maximo Asset Management, Maximo Asset Management Essentials and 8 more | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX003, and 7.6 before 7.6.0.0 IFIX002 allow remote authenticated users to conduct directory traversal attacks via unspecified vectors. | |||||
| CVE-2016-5941 | 1 Ibm | 1 Kenexa Lms | 2025-04-20 | 3.5 LOW | 5.7 MEDIUM |
| IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing dot dot sequences (/../) to view arbitrary files on the system. | |||||
| CVE-2017-17927 | 1 Ordermanagementscript | 1 Professional Service Script | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| PHP Scripts Mall Professional Service Script allows remote attackers to obtain sensitive full-path information via a crafted PATH_INFO to service-list/category/. | |||||
| CVE-2017-15647 | 1 Fiberhome | 1 Routerfiberhome Firmware | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| On FiberHome routers, Directory Traversal exists in /cgi-bin/webproc via the getpage parameter in conjunction with a crafted var:page value. | |||||
| CVE-2016-7825 | 1 Buffalotech | 2 Wnc01wh, Wnc01wh Firmware | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| Directory traversal vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to read arbitrary files via specially crafted commands. | |||||
| CVE-2015-1834 | 2 Cloudfoundry, Pivotal Software | 2 Cf-release, Cloud Foundry Elastic Runtime | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| A path traversal vulnerability was identified in the Cloud Foundry component Cloud Controller that affects cf-release versions prior to v208 and Pivotal Cloud Foundry Elastic Runtime versions prior to 1.4.2. Path traversal is the 'outbreak' of a given directory structure through relative file paths in the user input. It aims at accessing files and directories that are stored outside the web root folder, for disallowed reading or even executing arbitrary system commands. An attacker could use a certain parameter of the file path for instance to inject '../' sequences in order to navigate through the file system. In this particular case a remote authenticated attacker can exploit the identified vulnerability in order to upload arbitrary files to the server running a Cloud Controller instance - outside the isolated application container. | |||||
| CVE-2015-7780 | 1 Zohocorp | 1 Manageengine Firewall Analyzer | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| Directory traversal vulnerability in ManageEngine Firewall Analyzer before 8.0. | |||||
| CVE-2017-9367 | 1 Blackberry | 2 Workspaces Appliance-x, Workspaces Vapp | 2025-04-20 | 6.8 MEDIUM | 9.8 CRITICAL |
| A directory traversal vulnerability in the BlackBerry Workspaces Server could potentially allow an attacker to execute or upload arbitrary files, or reveal the content of arbitrary files anywhere on the web server by crafting a URL with a manipulated POST request. | |||||
| CVE-2017-14849 | 1 Nodejs | 1 Node.js | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was incompatible with the pathname validation used by unspecified community modules. | |||||
| CVE-2017-7240 | 1 Miele Professional | 2 Pg 8528, Pst10 Webserver | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Miele Professional PST10 devices. The corresponding embedded webserver "PST10 WebServer" typically listens to port 80 and is prone to a directory traversal attack; therefore, an unauthenticated attacker may be able to exploit this issue to access sensitive information to aide in subsequent attacks. A Proof of Concept is GET /../../../../../../../../../../../../etc/shadow HTTP/1.1. This affects PG8527 devices 2.02 before 2.12, PG8527 devices 2.51 before 2.61, PG8527 devices 2.52 before 2.62, PG8527 devices 2.54 before 2.64, PG8528 devices 2.02 before 2.12, PG8528 devices 2.51 before 2.61, PG8528 devices 2.52 before 2.62, PG8528 devices 2.54 before 2.64, PG8535 devices 1.00 before 1.10, PG8535 devices 1.04 before 1.14, PG8536 devices 1.10 before 1.20, and PG8536 devices 1.14 before 1.24. | |||||
| CVE-2015-4704 | 1 Download Zip Attachments Project | 1 Download Zip Attachments | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in the Download Zip Attachments plugin 1.0 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the File parameter to download.php. | |||||
| CVE-2017-11469 | 1 Idera | 1 Uptime Infrastructure Monitor | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| get2post.php in IDERA Uptime Monitor 7.8 has directory traversal in the file_name parameter. | |||||
| CVE-2016-10173 | 1 Minitar | 2 Archive-tar-minitar, Minitar | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in the minitar before 0.6 and archive-tar-minitar 0.5.2 gems for Ruby allows remote attackers to write to arbitrary files via a .. (dot dot) in a TAR archive entry. | |||||
| CVE-2017-11589 | 1 Cisco | 2 Residential Gateway, Residential Gateway Firmware | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00.00.03.45.4E and DDR2201v1 ADSL2+ Residential Gateway DDR2201v1-NA-AnnexA-FCC-V00.00.03.28.3 devices, there is no access control for info.html, wancfg.cmd, rtroutecfg.cmd, arpview.cmd, cpuview.cmd, memoryview.cmd, statswan.cmd, statsatm.cmd, scsrvcntr.cmd, scacccntr.cmd, logview.cmd, voicesipview.cmd, usbview.cmd, wlmacflt.cmd, wlwds.cmd, wlstationlist.cmd, HPNAShow.cmd, HPNAView.cmd, qoscls.cmd, qosqueue.cmd, portmap.cmd, scmacflt.cmd, scinflt.cmd, scoutflt.cmd, certlocal.cmd, or certca.cmd. | |||||