Vulnerabilities (CVE)

Filtered by CWE-22
Total 7108 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-15359 1 3cx 1 3cx 2025-04-20 4.0 MEDIUM 6.5 MEDIUM
In the 3CX Phone System 15.5.3554.1, the Management Console typically listens to port 5001 and is prone to a directory traversal attack: "/api/RecordingList/DownloadRecord?file=" and "/api/SupportInfo?file=" are the vulnerable parameters. An attacker must be authenticated to exploit this issue to access sensitive information to aid in subsequent attacks.
CVE-2017-1000062 1 Kitto Project 1 Kitto 2025-04-20 5.0 MEDIUM 7.5 HIGH
kittoframework kitto 0.5.1 is vulnerable to directory traversal in the router resulting in remote code execution
CVE-2017-10974 1 Yaws 1 Yaws 2025-04-20 5.0 MEDIUM 7.5 HIGH
Yaws 1.91 allows Unauthenticated Remote File Disclosure via HTTP Directory Traversal with /%5C../ to port 8080. NOTE: this CVE is only about use of an initial /%5C sequence to defeat traversal protection mechanisms; the initial /%5C sequence was apparently not discussed in earlier research on this product.
CVE-2017-5168 1 Hanwha-security 1 Smart Security Manager 2025-04-20 5.1 MEDIUM 7.5 HIGH
An issue was discovered in Hanwha Techwin Smart Security Manager Versions 1.5 and prior. Multiple Path Traversal vulnerabilities have been identified. The flaws exist within the ActiveMQ Broker service that is installed as part of the product. By issuing specific HTTP requests, if a user visits a malicious page, an attacker can gain access to arbitrary files on the server. Smart Security Manager Versions 1.4 and prior to 1.31 are affected by these vulnerabilities. These vulnerabilities can allow for remote code execution.
CVE-2015-5609 1 Image-export Project 1 Image-export 2025-04-20 6.4 MEDIUM 9.1 CRITICAL
Absolute path traversal vulnerability in the Image Export plugin 1.1 for WordPress allows remote attackers to read and delete arbitrary files via a full pathname in the file parameter to download.php.
CVE-2017-12263 1 Cisco 1 License Manager 2025-04-20 5.0 MEDIUM 7.5 HIGH
A vulnerability in the web interface of Cisco License Manager software could allow an unauthenticated, remote attacker to download and view files within the application that should be restricted, aka Directory Traversal. The issue is due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location. An exploit could allow the attacker to view application files that may contain sensitive information. Cisco Bug IDs: CSCvd83577.
CVE-2016-8205 1 Brocade 1 Network Advisor 2025-04-20 10.0 HIGH 9.8 CRITICAL
A Directory Traversal vulnerability in DashboardFileReceiveServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to upload a malicious file in a section of the file system where it can be executed.
CVE-2014-5301 1 Manageengine 4 Assetexplorer, It360, Servicedesk Plus and 1 more 2025-04-20 9.0 HIGH 8.8 HIGH
Directory traversal vulnerability in ServiceDesk Plus MSP v5 to v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 to v7.9; IT360 v8 to v10.4.
CVE-2017-5229 1 Rapid7 1 Metasploit 2025-04-20 5.1 MEDIUM 7.1 HIGH
All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter extapi Clipboard.parse_dump() function. By using a specially-crafted build of Meterpreter, it is possible to write to an arbitrary directory on the Metasploit console with the permissions of the running Metasploit instance.
CVE-2017-2150 1 Booking Calendar Project 1 Booking Calendar 2025-04-20 5.0 MEDIUM 5.3 MEDIUM
Directory traversal vulnerability in Booking Calendar version 7.0 and earlier allows remote attackers to read arbitrary files via specially crafted captcha_chalange parameter.
CVE-2016-10367 1 Opsview 1 Opsview 2025-04-20 5.0 MEDIUM 7.5 HIGH
In Opsview Monitor Pro (Prior to 5.1.0.162300841, prior to 5.0.2.27475, prior to 4.6.4.162391051, and 4.5.x without a certain 2016 security patch), an unauthenticated Directory Traversal vulnerability can be exploited by issuing a specially crafted HTTP GET request utilizing a simple URL encoding bypass, %252f instead of /.
CVE-2016-8913 1 Ibm 1 Kenexa Lms On Cloud 2025-04-20 4.0 MEDIUM 6.5 MEDIUM
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.
CVE-2016-10183 1 Dlink 2 Dwr-932b, Dwr-932b Firmware 2025-04-20 5.0 MEDIUM 7.5 HIGH
An issue was discovered on the D-Link DWR-932B router. qmiweb allows directory listing with ../ traversal.
CVE-2017-8033 1 Cloudfoundry 2 Capi-release, Cf-release 2025-04-20 6.8 MEDIUM 7.8 HIGH
An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions prior to v1.35.0 and cf-release versions prior to v268. A filesystem traversal vulnerability exists in the Cloud Controller that allows a space developer to escalate privileges by pushing a specially crafted application that can write arbitrary files to the Cloud Controller VM.
CVE-2016-7843 1 Hibara Software 3 Attachecase For Java, Attachecase Lite, Attachecase Pro 2025-04-20 4.3 MEDIUM 5.5 MEDIUM
Directory traversal vulnerability in AttacheCase for Java 0.60 and earlier, AttacheCase Lite 1.4.6 and earlier, and AttacheCase Pro 1.5.7 and earlier allows remote attackers to read arbitrary files via specially crafted ATC file.
CVE-2016-10330 1 Synology 1 Photo Station 2025-04-20 4.6 MEDIUM 7.1 HIGH
Directory traversal vulnerability in synophoto_dsm_user, a SUID program, as used in Synology Photo Station before 6.5.3-3226 allows local users to write to arbitrary files via unspecified vectors.
CVE-2017-14514 1 Tenda 2 W15e, W15e Firmware 2025-04-20 5.0 MEDIUM 7.5 HIGH
Directory Traversal on Tenda W15E devices before 15.11.0.14 allows remote attackers to read unencrypted files via a crafted URL.
CVE-2017-10931 1 Zte 8 Zxr10 160, Zxr10 160 Firmware, Zxr10 1800-2s and 5 more 2025-04-20 5.0 MEDIUM 7.5 HIGH
The ZXR10 1800-2S before v3.00.40 incorrectly restricts the download of the file directory range for WEB users, resulting in the ability to download any files and cause information leaks such as system configuration.
CVE-2017-16929 1 Claymore Dual Miner Project 1 Claymore Dual Miner 2025-04-20 8.5 HIGH 8.1 HIGH
The remote management interface on the Claymore Dual GPU miner 10.1 is vulnerable to an authenticated directory traversal vulnerability exploited by issuing a specially crafted request, allowing a remote attacker to read/write arbitrary files. This can be exploited via ../ sequences in the pathname to miner_file or miner_getfile.
CVE-2015-2856 1 Accellion 1 File Transfer Appliance 2025-04-20 5.0 MEDIUM 7.5 HIGH
Directory traversal vulnerability in the template function in function.inc in Accellion File Transfer Appliance devices before FTA_9_11_210 allows remote attackers to read arbitrary files via a .. (dot dot) in the statecode cookie.