Total
7089 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-5539 | 1 B2evolution | 1 B2evolution | 2025-04-20 | 9.0 HIGH | 9.1 CRITICAL |
| The patch for directory traversal (CVE-2017-5480) in b2evolution version 6.8.4-stable has a bypass vulnerability. An attacker can use ..\/ to bypass the filter rule. Then, this attacker can exploit this vulnerability to delete or read any files on the server. It can also be used to determine whether a file exists. | |||||
| CVE-2017-5163 | 1 Belden Hirschmann | 2 Gecko Lite Managed Switch, Gecko Lite Managed Switch Firmware | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. After an administrator downloads a configuration file, a copy of the configuration file, which includes hashes of user passwords, is saved to a location that is accessible without authentication by path traversal. | |||||
| CVE-2017-16806 | 1 Ulterius | 1 Ulterius Server | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| The Process function in RemoteTaskServer/WebServer/HttpServer.cs in Ulterius before 1.9.5.0 allows HTTP server directory traversal. | |||||
| CVE-2015-8309 | 1 Fomori | 1 Cherrymusic | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| Directory traversal vulnerability in Cherry Music before 0.36.0 allows remote authenticated users to read arbitrary files via the "value" parameter to "download." | |||||
| CVE-2015-0781 | 1 Novell | 1 Zenworks Configuration Management | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Directory traversal vulnerability in the doPost method of the Rtrlet class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to upload and execute arbitrary files via unspecified vectors. | |||||
| CVE-2016-8207 | 1 Brocade | 1 Network Advisor | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| A Directory Traversal vulnerability in CliMonitorReportServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to read arbitrary files including files with sensitive user information. | |||||
| CVE-2017-11440 | 1 Sitecore | 1 Cms | 2025-04-20 | 4.0 MEDIUM | 4.9 MEDIUM |
| In Sitecore 8.2, there is absolute path traversal via the shell/Applications/Layouts/IDE.aspx fi parameter and the admin/LinqScratchPad.aspx Reference parameter. | |||||
| CVE-2017-7258 | 1 Auromeera | 1 Emli | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| HTTP Exploit in eMLi Portal in AuroMeera Technometrix Pvt. Ltd. eMLi allows an Attacker to View Restricted Information or (even more seriously) execute powerful commands on the web server which can lead to a full compromise of the system via Directory Path Traversal, as demonstrated by reading core-emli/Storage. The affected versions are eMLi School Management 1.0, eMLi College Campus Management 1.0, and eMLi University Management 1.0. | |||||
| CVE-2017-5168 | 1 Hanwha-security | 1 Smart Security Manager | 2025-04-20 | 5.1 MEDIUM | 7.5 HIGH |
| An issue was discovered in Hanwha Techwin Smart Security Manager Versions 1.5 and prior. Multiple Path Traversal vulnerabilities have been identified. The flaws exist within the ActiveMQ Broker service that is installed as part of the product. By issuing specific HTTP requests, if a user visits a malicious page, an attacker can gain access to arbitrary files on the server. Smart Security Manager Versions 1.4 and prior to 1.31 are affected by these vulnerabilities. These vulnerabilities can allow for remote code execution. | |||||
| CVE-2017-9829 | 1 Vivotek | 6 Network Camera Fd8164, Network Camera Fd8164 Firmware, Network Camera Fd816ba and 3 more | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| '/cgi-bin/admin/downloadMedias.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable, which allows remote attackers to read any file on the camera's Linux filesystem via a crafted HTTP request containing ".." sequences. This vulnerability is already verified on VIVOTEK Network Camera IB8369/FD8164/FD816BA; most others have similar firmware that may be affected. | |||||
| CVE-2017-8003 | 1 Emc | 1 Data Protection Advisor | 2025-04-20 | 6.8 MEDIUM | 4.9 MEDIUM |
| EMC Data Protection Advisor prior to 6.4 contains a path traversal vulnerability. A remote authenticated high privileged user may potentially exploit this vulnerability to access unauthorized information from the underlying OS server by supplying specially crafted strings in input parameters of the application. | |||||
| CVE-2017-10949 | 1 Dell | 1 Storage Manager 2016 | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Directory Traversal in Dell Storage Manager 2016 R2.1 causes Information Disclosure when the doGet method of the EmWebsiteServlet class doesn't properly validate user provided path before using it in file operations. Was ZDI-CAN-4459. | |||||
| CVE-2016-9351 | 1 Advantech | 1 Susiaccess | 2025-04-20 | 6.0 MEDIUM | 7.0 HIGH |
| An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. The directory traversal/file upload error allows an attacker to upload and unpack a zip file. | |||||
| CVE-2017-8283 | 1 Debian | 1 Dpkg | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source on NetBSD. | |||||
| CVE-2017-6527 | 1 Dnatools | 1 Dnalims | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to a NUL-terminated directory traversal attack allowing an unauthenticated attacker to access system files readable by the web server user (by using the viewAppletFsa.cgi seqID parameter). | |||||
| CVE-2017-8115 | 1 Modx | 1 Modx Revolution | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| Directory traversal in setup/processors/url_search.php (aka the search page of an unused processor) in MODX Revolution 2.5.7 might allow remote attackers to obtain system directory information. | |||||
| CVE-2017-15647 | 1 Fiberhome | 1 Routerfiberhome Firmware | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| On FiberHome routers, Directory Traversal exists in /cgi-bin/webproc via the getpage parameter in conjunction with a crafted var:page value. | |||||
| CVE-2016-9364 | 1 Fidelex | 4 Fx-2030a-basic Controller, Fx-2030a-basic Firmware, Fx-2030a Controller and 1 more | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Fidelix FX-20 series controllers, versions prior to 11.50.19. Arbitrary file reading via path traversal allows an attacker to access arbitrary files and directories on the server. | |||||
| CVE-2017-12285 | 1 Cisco | 1 Prime Network Analysis Module | 2025-04-20 | 6.4 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the web interface of Cisco Network Analysis Module Software could allow an unauthenticated, remote attacker to delete arbitrary files from an affected system, aka Directory Traversal. The vulnerability exists because the affected software does not perform proper input validation of HTTP requests that it receives and the software does not apply role-based access controls (RBACs) to requested HTTP URLs. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow the attacker to delete arbitrary files from the affected system. Cisco Bug IDs: CSCvf41365. | |||||
| CVE-2015-4074 | 1 Helpdesk Pro Project | 1 Helpdesk Pro | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in the Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter in a ticket.download_attachment task. | |||||