Total
7089 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-16093 | 1 Cyber-js Project | 1 Cyber-js | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| cyber-js is a simple http server. A cyberjs server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16092 | 1 Sencisho Project | 1 Sencisho | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Sencisho is a simple http server for local development. Sencisho is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL. | |||||
| CVE-2017-16091 | 1 Xtalk Project | 1 Xtalk | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| xtalk helps your browser talk to nodex, a simple web framework. xtalk is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL. | |||||
| CVE-2017-16090 | 1 Fsk-server Project | 1 Fsk-server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| fsk-server is a simple http server. fsk-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16089 | 1 Serverlyr Project | 1 Serverlyr | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| serverlyr is a simple http server. serverlyr is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL. | |||||
| CVE-2017-16085 | 1 Tinyserver2 Project | 1 Tinyserver2 | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| tinyserver2 is a webserver for static files. tinyserver2 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL. | |||||
| CVE-2017-16084 | 1 List-n-stream Project | 1 List-n-stream | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| list-n-stream is a server for static files to list and stream local videos. list-n-stream v0.0.10 or lower is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16083 | 1 Node-simple-router | 1 Node-simple-router | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| node-simple-router is a minimalistic router for Node. node-simple-router is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL. | |||||
| CVE-2017-16039 | 1 Hftp Project | 1 Hftp | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| `hftp` is a static http or ftp server `hftp` is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16038 | 1 F2e-server Project | 1 F2e-server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| `f2e-server` 1.12.11 and earlier is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. This is compounded by `f2e-server` requiring elevated privileges to run. | |||||
| CVE-2017-16037 | 1 Gomeplus-h5-proxy Project | 1 Gomeplus-h5-proxy | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| `gomeplus-h5-proxy` is vulnerable to a directory traversal issue, allowing attackers to access any file in the system by placing '../' in the URL. | |||||
| CVE-2017-16036 | 1 Badjs-sourcemap-server Project | 1 Badjs-sourcemap-server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| `badjs-sourcemap-server` receives files sent by `badjs-sourcemap`. `badjs-sourcemap-server` is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16029 | 1 Hostr Project | 1 Hostr | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| hostr is a simple web server that serves up the contents of the current directory. There is a directory traversal vulnerability in hostr 2.3.5 and earlier that allows an attacker to read files outside the current directory by sending `../` in the url path for GET requests. | |||||
| CVE-2017-15712 | 1 Apache | 1 Oozie | 2024-11-21 | 6.8 MEDIUM | 6.5 MEDIUM |
| Vulnerability allows a user of Apache Oozie 3.1.3-incubating to 4.3.0 and 5.0.0-beta1 to expose private files on the Oozie server process. The malicious user can construct a workflow XML file containing XML directives and configuration that reference sensitive files on the Oozie server host. | |||||
| CVE-2017-15684 | 1 Craftercms | 1 Crafter Cms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Crafter CMS Crafter Studio 3.0.1 has a directory traversal vulnerability which allows unauthenticated attackers to view files from the operating system. | |||||
| CVE-2017-15681 | 1 Craftercms | 1 Crafter Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In Crafter CMS Crafter Studio 3.0.1 a directory traversal vulnerability exists which allows unauthenticated attackers to overwrite files from the operating system which can lead to RCE. | |||||
| CVE-2017-15550 | 1 Emc | 3 Avamar Server, Integrated Data Protection Appliance, Networker | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could access arbitrary files on the server file system in the context of the running vulnerable application via Path traversal. | |||||
| CVE-2017-14537 | 1 Netfortris | 1 Trixbox | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| trixbox 2.8.0.4 has path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter to /maint/modules/home/index.php. | |||||
| CVE-2017-14384 | 1 Dell | 1 Storage Manager | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Dell Storage Manager versions earlier than 16.3.20, the EMConfigMigration service is affected by a directory traversal vulnerability. A remote malicious user could potentially exploit this vulnerability to read unauthorized files by supplying specially crafted strings in input parameters of the application. A malicious user cannot delete or modify any files via this vulnerability. | |||||
| CVE-2017-12815 | 1 Bomgar | 1 Remote Support | 2024-11-21 | 10.0 HIGH | 10.0 CRITICAL |
| Analysis of the Bomgar Remote Support Portal JavaStart.jar Applet 52790 and earlier revealed that it is vulnerable to a path traversal vulnerability. The archive can be downloaded from a given Bomgar Remote Support Portal deployment at https://domain/api/content/JavaStart.jar and is callable from an arbitrary website using <object> and/or <appletHTML> tags. Successful exploitation results in file creation/modification/deletion in the operating system and with privileges of the user that ran the Java applet. | |||||