Total
7089 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-12560 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 6.8 MEDIUM | 6.5 MEDIUM |
| A Remote Denial of Service vulnerability in HPE Intelligent Management Center (iMC) PLAT version iMC Plat 7.3 E0504P2 was found. | |||||
| CVE-2017-12559 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 6.8 MEDIUM | 6.5 MEDIUM |
| A Remote Denial of Service vulnerability in HPE Intelligent Management Center (iMC) PLAT version iMC Plat 7.3 E0504P2 was found. | |||||
| CVE-2017-10273 | 1 Oracle | 1 Jdeveloper | 2024-11-21 | 3.7 LOW | 4.7 MEDIUM |
| Vulnerability in the Oracle JDeveloper component of Oracle Fusion Middleware (subcomponent: Deployment). Supported versions that are affected are 11.1.1.7.0, 11.1.1.7.1, 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0 and 12.2.1.2.0. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle JDeveloper executes to compromise Oracle JDeveloper. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle JDeveloper, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle JDeveloper accessible data as well as unauthorized read access to a subset of Oracle JDeveloper accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle JDeveloper. CVSS 3.0 Base Score 4.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L). | |||||
| CVE-2017-1000501 | 2 Awstats, Debian | 2 Awstats, Debian Linux | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Awstats version 7.6 and earlier is vulnerable to a path traversal flaw in the handling of the "config" and "migrate" parameters resulting in unauthenticated remote code execution. | |||||
| CVE-2017-1000490 | 2 Acquia, Mautic | 2 Mautic, Mautic | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Mautic versions 1.0.0 - 2.11.0 are vulnerable to allowing any authorized Mautic user session (must be logged into Mautic) to use the Filemanager to download any file from the server that the web user has access to. | |||||
| CVE-2017-1000472 | 2 Debian, Pocoproject | 2 Debian Linux, Poco | 2024-11-21 | 5.8 MEDIUM | 6.5 MEDIUM |
| The ZipCommon::isValidPath() function in Zip/src/ZipCommon.cpp in POCO C++ Libraries before 1.8 does not properly restrict the filename value in the ZIP header, which allows attackers to conduct absolute path traversal attacks during the ZIP decompression, and possibly create or overwrite arbitrary files, via a crafted ZIP file, related to a "file path injection vulnerability". | |||||
| CVE-2017-1000448 | 1 Structured-data | 1 Structured Data Linter | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Structured Data Linter versions 2.4.1 and older are vulnerable to a directory traversal attack in the URL input field resulting in the possibility of disclosing information about the remote host. | |||||
| CVE-2017-0930 | 1 Augustine Project | 1 Augustine | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| augustine node module suffers from a Path Traversal vulnerability due to lack of validation of url, which allows a malicious user to read content of any file with known path. | |||||
| CVE-2017-0918 | 2 Debian, Gitlab | 2 Debian Linux, Gitlab | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Gitlab Community Edition version 10.3 is vulnerable to a path traversal issue in the GitLab CI runner component resulting in remote code execution. | |||||
| CVE-2016-9484 | 1 Jqueryform | 1 Php Formmail Generator | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The generated PHP form code does not properly validate user input folder directories, allowing a remote unauthenticated attacker to perform a path traversal and access arbitrary files on the server. The PHP FormMail Generator website does not use version numbers and is updated continuously. Any PHP form code generated by this website prior to 2016-12-06 may be vulnerable. | |||||
| CVE-2016-7063 | 1 Pritunl | 1 Pritunl-client | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A flaw was found in pritunl-client before version 1.0.1116.6. Arbitrary write to user specified path may lead to privilege escalation. | |||||
| CVE-2016-7041 | 1 Redhat | 2 Jboss Brms, Jboss Drools | 2024-11-21 | 6.8 MEDIUM | 6.5 MEDIUM |
| Drools Workbench contains a path traversal vulnerability. The vulnerability allows a remote, authenticated attacker to bypass the directory restrictions and retrieve arbitrary files from the affected host. | |||||
| CVE-2016-15038 | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM | ||
| A vulnerability, which was classified as critical, was found in NUUO NVRmini 2 up to 3.0.8. Affected is an unknown function of the file /deletefile.php. The manipulation of the argument filename leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258780. | |||||
| CVE-2016-15023 | 1 Sitefusion | 1 Application Server | 2024-11-21 | 2.7 LOW | 3.5 LOW |
| A vulnerability, which was classified as problematic, was found in SiteFusion Application Server up to 6.6.6. This affects an unknown part of the file getextension.php of the component Extension Handler. The manipulation leads to path traversal. Upgrading to version 6.6.7 is able to address this issue. The identifier of the patch is 49fff155c303d6cd06ce8f97bba56c9084bf08ac. It is recommended to upgrade the affected component. The identifier VDB-219765 was assigned to this vulnerability. | |||||
| CVE-2016-15019 | 1 Jekbox Project | 1 Jekbox | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in tombh jekbox. It has been rated as problematic. This issue affects some unknown processing of the file lib/server.rb. The manipulation leads to exposure of information through directory listing. The attack may be initiated remotely. The patch is named 64eb2677671018fc08b96718b81e3dbc83693190. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218375. | |||||
| CVE-2016-15017 | 1 Ecodev | 1 Media Upload | 2024-11-21 | 5.2 MEDIUM | 5.5 MEDIUM |
| A vulnerability has been found in fabarea media_upload on TYPO3 and classified as critical. This vulnerability affects the function getUploadedFileList of the file Classes/Service/UploadFileService.php. The manipulation leads to pathname traversal. Upgrading to version 0.9.0 is able to address this issue. The patch is identified as b25d42a4981072321c1a363311d8ea2a4ac8763a. It is recommended to upgrade the affected component. VDB-217786 is the identifier assigned to this vulnerability. | |||||
| CVE-2016-10977 | 1 Neliosoftware | 1 Nelio Ab Testing | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| The nelio-ab-testing plugin before 4.5.0 for WordPress has filename=..%2f directory traversal. | |||||
| CVE-2016-10966 | 1 Creativeinteractivemedia | 1 Real3d Flipbook | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The real3d-flipbook-lite plugin 1.0 for WordPress has bookName=../ directory traversal for file upload. | |||||
| CVE-2016-10965 | 1 Creativeinteractivemedia | 1 Real3d Flipbook | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
| The real3d-flipbook-lite plugin 1.0 for WordPress has deleteBook=../ directory traversal for file deletion. | |||||
| CVE-2016-10924 | 1 Zedna Ebook Download Project | 1 Zedna Ebook Download | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The ebook-download plugin before 1.2 for WordPress has directory traversal. | |||||