Total
7106 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-4704 | 1 Download Zip Attachments Project | 1 Download Zip Attachments | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in the Download Zip Attachments plugin 1.0 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the File parameter to download.php. | |||||
| CVE-2017-11469 | 1 Idera | 1 Uptime Infrastructure Monitor | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| get2post.php in IDERA Uptime Monitor 7.8 has directory traversal in the file_name parameter. | |||||
| CVE-2016-10173 | 1 Minitar | 2 Archive-tar-minitar, Minitar | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in the minitar before 0.6 and archive-tar-minitar 0.5.2 gems for Ruby allows remote attackers to write to arbitrary files via a .. (dot dot) in a TAR archive entry. | |||||
| CVE-2017-11589 | 1 Cisco | 2 Residential Gateway, Residential Gateway Firmware | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00.00.03.45.4E and DDR2201v1 ADSL2+ Residential Gateway DDR2201v1-NA-AnnexA-FCC-V00.00.03.28.3 devices, there is no access control for info.html, wancfg.cmd, rtroutecfg.cmd, arpview.cmd, cpuview.cmd, memoryview.cmd, statswan.cmd, statsatm.cmd, scsrvcntr.cmd, scacccntr.cmd, logview.cmd, voicesipview.cmd, usbview.cmd, wlmacflt.cmd, wlwds.cmd, wlstationlist.cmd, HPNAShow.cmd, HPNAView.cmd, qoscls.cmd, qosqueue.cmd, portmap.cmd, scmacflt.cmd, scinflt.cmd, scoutflt.cmd, certlocal.cmd, or certca.cmd. | |||||
| CVE-2017-17992 | 1 Iwcnetwork | 1 Biometric Shift Employee Management System | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
| Biometric Shift Employee Management System allows Arbitrary File Download via directory traversal sequences in the index.php form_file_name parameter in a download_form action. | |||||
| CVE-2017-3851 | 1 Cisco | 1 Iox | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| A Directory Traversal vulnerability in the web framework code of the Cisco application-hosting framework (CAF) component of the Cisco IOx application environment could allow an unauthenticated, remote attacker to read any file from the CAF in the virtual instance running on the affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by submitting crafted requests to the CAF web interface. The impacts of a successful exploit are limited to the scope of the virtual instance and do not impact the router that is hosting Cisco IOx. Cisco IOx Releases 1.0.0.0 and 1.1.0.0 are vulnerable. Cisco Bug IDs: CSCuy52302. | |||||
| CVE-2017-8007 | 1 Dell | 4 Emc M\&r, Emc Storage Monitoring And Reporting, Emc Vipr Srm and 1 more | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Webservice Gateway is affected by a directory traversal vulnerability. Attackers with knowledge of Webservice Gateway credentials could potentially exploit this vulnerability to access unauthorized information, and modify or delete data, by supplying specially crafted strings in input parameters of the web service call. | |||||
| CVE-2016-5312 | 1 Symantec | 1 Messaging Gateway | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| Directory traversal vulnerability in the charting component in Symantec Messaging Gateway before 10.6.2 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the sn parameter to brightmail/servlet/com.ve.kavachart.servlet.ChartStream. | |||||
| CVE-2016-4986 | 1 Jenkins | 1 Tap | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in the TAP plugin before 1.25 in Jenkins allows remote attackers to read arbitrary files via an unspecified parameter. | |||||
| CVE-2015-5473 | 1 Samsung | 1 Syncthru 6 | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| Multiple directory traversal vulnerabilities in Samsung SyncThru 6 before 1.0 allow remote attackers to delete arbitrary files via unspecified parameters to (1) upload/updateDriver or (2) upload/addDriver or to execute arbitrary code with SYSTEM privileges via unspecified parameters to (3) uploadCloning.html, (4) fileupload.html, (5) uploadFirmware.html, or (6) upload/driver. | |||||
| CVE-2017-2090 | 1 Cubecart | 1 Cubecart | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2017-2695 | 1 Huawei | 2 Tit-al00, Tit-al00 Firmware | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| TIT-AL00C583B211 has a directory traversal vulnerability which allows an attacker to obtain the files in email application. | |||||
| CVE-2017-15359 | 1 3cx | 1 3cx | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| In the 3CX Phone System 15.5.3554.1, the Management Console typically listens to port 5001 and is prone to a directory traversal attack: "/api/RecordingList/DownloadRecord?file=" and "/api/SupportInfo?file=" are the vulnerable parameters. An attacker must be authenticated to exploit this issue to access sensitive information to aid in subsequent attacks. | |||||
| CVE-2017-1000062 | 1 Kitto Project | 1 Kitto | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| kittoframework kitto 0.5.1 is vulnerable to directory traversal in the router resulting in remote code execution | |||||
| CVE-2017-10974 | 1 Yaws | 1 Yaws | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Yaws 1.91 allows Unauthenticated Remote File Disclosure via HTTP Directory Traversal with /%5C../ to port 8080. NOTE: this CVE is only about use of an initial /%5C sequence to defeat traversal protection mechanisms; the initial /%5C sequence was apparently not discussed in earlier research on this product. | |||||
| CVE-2017-5168 | 1 Hanwha-security | 1 Smart Security Manager | 2025-04-20 | 5.1 MEDIUM | 7.5 HIGH |
| An issue was discovered in Hanwha Techwin Smart Security Manager Versions 1.5 and prior. Multiple Path Traversal vulnerabilities have been identified. The flaws exist within the ActiveMQ Broker service that is installed as part of the product. By issuing specific HTTP requests, if a user visits a malicious page, an attacker can gain access to arbitrary files on the server. Smart Security Manager Versions 1.4 and prior to 1.31 are affected by these vulnerabilities. These vulnerabilities can allow for remote code execution. | |||||
| CVE-2015-5609 | 1 Image-export Project | 1 Image-export | 2025-04-20 | 6.4 MEDIUM | 9.1 CRITICAL |
| Absolute path traversal vulnerability in the Image Export plugin 1.1 for WordPress allows remote attackers to read and delete arbitrary files via a full pathname in the file parameter to download.php. | |||||
| CVE-2017-12263 | 1 Cisco | 1 License Manager | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the web interface of Cisco License Manager software could allow an unauthenticated, remote attacker to download and view files within the application that should be restricted, aka Directory Traversal. The issue is due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location. An exploit could allow the attacker to view application files that may contain sensitive information. Cisco Bug IDs: CSCvd83577. | |||||
| CVE-2016-8205 | 1 Brocade | 1 Network Advisor | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| A Directory Traversal vulnerability in DashboardFileReceiveServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to upload a malicious file in a section of the file system where it can be executed. | |||||
| CVE-2014-5301 | 1 Manageengine | 4 Assetexplorer, It360, Servicedesk Plus and 1 more | 2025-04-20 | 9.0 HIGH | 8.8 HIGH |
| Directory traversal vulnerability in ServiceDesk Plus MSP v5 to v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 to v7.9; IT360 v8 to v10.4. | |||||