Total
7723 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-1429 | 1 Cybelesoft | 1 Thinfinity Remote Desktop Workstation | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in Cybele Software Thinfinity Remote Desktop Workstation 3.0.0.3 32-bit and 64-bit allows remote attackers to download arbitrary files via a .. (dot dot) in an unspecified parameter. | |||||
| CVE-2016-8206 | 1 Brocade | 1 Network Advisor | 2025-04-20 | 6.4 MEDIUM | 7.5 HIGH |
| A Directory Traversal vulnerability in servlet SoftwareImageUpload in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to write to arbitrary files, and consequently delete the files. | |||||
| CVE-2017-5231 | 1 Rapid7 | 1 Metasploit | 2025-04-20 | 5.1 MEDIUM | 7.1 HIGH |
| All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter stdapi CommandDispatcher.cmd_download() function. By using a specially-crafted build of Meterpreter, it is possible to write to an arbitrary directory on the Metasploit console with the permissions of the running Metasploit instance. | |||||
| CVE-2015-8283 | 1 Seawell Networks | 1 Spectrum Sdc | 2025-04-20 | 6.8 MEDIUM | 6.5 MEDIUM |
| Directory traversal vulnerability in configure_manage.php in SeaWell Networks Spectrum SDC 02.05.00. | |||||
| CVE-2017-12285 | 1 Cisco | 1 Prime Network Analysis Module | 2025-04-20 | 6.4 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the web interface of Cisco Network Analysis Module Software could allow an unauthenticated, remote attacker to delete arbitrary files from an affected system, aka Directory Traversal. The vulnerability exists because the affected software does not perform proper input validation of HTTP requests that it receives and the software does not apply role-based access controls (RBACs) to requested HTTP URLs. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow the attacker to delete arbitrary files from the affected system. Cisco Bug IDs: CSCvf41365. | |||||
| CVE-2017-8283 | 1 Debian | 1 Dpkg | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source on NetBSD. | |||||
| CVE-2014-0115 | 1 Apache | 1 Storm | 2025-04-20 | 7.8 HIGH | 7.5 HIGH |
| Directory traversal vulnerability in the log viewer in Apache Storm 0.9.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to log. | |||||
| CVE-2017-7433 | 1 Micro Focus | 1 Vibe | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| An absolute path traversal vulnerability (CWE-36) in Micro Focus Vibe 4.0.2 and earlier allows a remote authenticated attacker to download arbitrary files from the server by submitting a specially crafted request to the viewFile endpoint. Note that the attack can be performed without authentication if Guest access is enabled (Guest access is disabled by default). | |||||
| CVE-2017-14695 | 1 Saltstack | 1 Salt | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-12791. | |||||
| CVE-2017-6758 | 1 Cisco | 1 Unified Communications Manager | 2025-04-20 | 6.8 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the web framework of Cisco Unified Communications Manager 11.5(1.10000.6) could allow an authenticated, remote attacker to access arbitrary files in the context of the web root directory structure on an affected device. The vulnerability is due to insufficient input validation by the affected software. An attacker could exploit this vulnerability by using directory traversal techniques to read files in the web root directory structure on the Cisco Unified Communications Manager filesystem. Cisco Bug IDs: CSCve13796. | |||||
| CVE-2015-1847 | 1 Appserver | 1 Appserver | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in the web request/response interface in Appserver before 1.0.3 allows remote attackers to read normally inaccessible files via a .. (dot dot) in a crafted URL. | |||||
| CVE-2016-4320 | 1 Atlassian | 1 Bitbucket | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| Atlassian Bitbucket Server before 4.7.1 allows remote attackers to read the first line of an arbitrary file via a directory traversal attack on the pull requests resource. | |||||
| CVE-2017-1000026 | 1 Progress | 1 Mixlib-archive | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Chef Software's mixlib-archive versions 0.3.0 and older are vulnerable to a directory traversal attack allowing attackers to overwrite arbitrary files by using ".." in tar archive entries | |||||
| CVE-2015-7245 | 2 D-link, Dlink | 2 Dvg-n5402sp Firmware, Dvg-n5402sp | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 allows remote attackers to read sensitive information via a .. (dot dot) in the errorpage parameter. | |||||
| CVE-2013-7462 | 1 Mcafee | 1 Saas Control Console Platform | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| A directory traversal vulnerability in the web application in McAfee (now Intel Security) SaaS Control Console (SCC) Platform 6.14 before patch 1070, and 6.15 before patch 1076 allows unauthenticated users to view contents of arbitrary system files that did not have file system level read access restrictions via a null-byte injection exploit. | |||||
| CVE-2017-5946 | 2 Debian, Rubyzip Project | 2 Debian Linux, Rubyzip | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| The Zip::File component in the rubyzip gem before 1.2.1 for Ruby has a directory traversal vulnerability. If a site allows uploading of .zip files, an attacker can upload a malicious file that uses "../" pathname substrings to write arbitrary files to the filesystem. | |||||
| CVE-2017-10933 | 1 Zte | 2 Zxdt22 Sf01, Zxdt22 Sf01 Firmware | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| All versions prior to V2.06.00.00 of ZTE ZXDT22 SF01, an monitoring system of ZTE energy product, are impacted by directory traversal vulnerability that allows remote attackers to read arbitrary files on the system via a full path name after host address. | |||||
| CVE-2017-11658 | 1 Wp-rocket | 1 Wp-rocket | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| In the WP Rocket plugin 2.9.3 for WordPress, the Local File Inclusion mitigation technique is to trim traversal characters (..) -- however, this is insufficient to stop remote attacks and can be bypassed by using 0x00 bytes, as demonstrated by a .%00.../.%00.../ attack. | |||||
| CVE-2017-9846 | 1 Magicwinmail | 1 Winmail Server | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| Winmail Server 6.1 allows remote code execution by authenticated users who leverage directory traversal in a netdisk.php move_folder_file call to move a .php file from the FTP folder into a web folder. | |||||
| CVE-2017-15527 | 1 Symantec | 1 Management Console | 2025-04-20 | 5.2 MEDIUM | 6.8 MEDIUM |
| Prior to ITMS 8.1 RU4, the Symantec Management Console can be susceptible to a directory traversal exploit, which is a type of attack that can occur when there is insufficient security validation / sanitization of user-supplied input file names, such that characters representing "traverse to parent directory" are passed through to the file APIs. | |||||