Total
8373 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-1000026 | 1 Progress | 1 Mixlib-archive | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Chef Software's mixlib-archive versions 0.3.0 and older are vulnerable to a directory traversal attack allowing attackers to overwrite arbitrary files by using ".." in tar archive entries | |||||
| CVE-2017-11630 | 1 Fiyo | 1 Fiyo Cms | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| dapur\apps\app_config\controller\backuper.php in Fiyo CMS 2.0.7 allows remote attackers to delete arbitrary files via directory traversal sequences in the file parameter in a type=database request, a different vulnerability than CVE-2017-8853. | |||||
| CVE-2016-3151 | 1 Barco | 6 Clickshare Csc-1, Clickshare Csc-1 Firmware, Clickshare Cse-200 and 3 more | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in the wallpaper parsing functionality in Barco ClickShare CSC-1 devices with firmware before 01.09.03, CSM-1 devices with firmware before 01.06.02, and CSE-200 devices with firmware before 01.03.02 allows remote attackers to read /etc/shadow via unspecified vectors. | |||||
| CVE-2014-5301 | 1 Manageengine | 4 Assetexplorer, It360, Servicedesk Plus and 1 more | 2025-04-20 | 9.0 HIGH | 8.8 HIGH |
| Directory traversal vulnerability in ServiceDesk Plus MSP v5 to v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 to v7.9; IT360 v8 to v10.4. | |||||
| CVE-2017-9829 | 1 Vivotek | 6 Network Camera Fd8164, Network Camera Fd8164 Firmware, Network Camera Fd816ba and 3 more | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| '/cgi-bin/admin/downloadMedias.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable, which allows remote attackers to read any file on the camera's Linux filesystem via a crafted HTTP request containing ".." sequences. This vulnerability is already verified on VIVOTEK Network Camera IB8369/FD8164/FD816BA; most others have similar firmware that may be affected. | |||||
| CVE-2017-12791 | 1 Saltstack | 1 Salt | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.11.7 and 2017.7.x before 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. | |||||
| CVE-2016-4987 | 1 Jenkins | 1 Image Gallery | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| Directory traversal vulnerability in the Image Gallery plugin before 1.4 in Jenkins allows remote attackers to list arbitrary directories and read arbitrary files via unspecified form fields. | |||||
| CVE-2017-10907 | 1 Spiqe | 1 Onethird Cms Show Off | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| Directory traversal vulnerability in OneThird CMS Show Off v1.85 and earlier. Show Off v1.85 en and earlier allows an attacker to read arbitrary files via unspecified vectors. | |||||
| CVE-2017-15894 | 1 Synology | 1 Diskstation Manager | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology DiskStation Manager (DSM) 6.0.x before 6.0.3-8754-3 and before 5.2-5967-6 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter. | |||||
| CVE-2013-7462 | 1 Mcafee | 1 Saas Control Console Platform | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| A directory traversal vulnerability in the web application in McAfee (now Intel Security) SaaS Control Console (SCC) Platform 6.14 before patch 1070, and 6.15 before patch 1076 allows unauthenticated users to view contents of arbitrary system files that did not have file system level read access restrictions via a null-byte injection exploit. | |||||
| CVE-2014-8871 | 1 Sap | 1 Hybris | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in hybris Commerce software suite 5.0.3.3 and earlier, 5.0.0.3 and earlier, 5.0.4.4 and earlier, 5.1.0.1 and earlier, 5.1.1.2 and earlier, 5.2.0.3 and earlier, and 5.3.0.1 and earlier. | |||||
| CVE-2017-10933 | 1 Zte | 2 Zxdt22 Sf01, Zxdt22 Sf01 Firmware | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| All versions prior to V2.06.00.00 of ZTE ZXDT22 SF01, an monitoring system of ZTE energy product, are impacted by directory traversal vulnerability that allows remote attackers to read arbitrary files on the system via a full path name after host address. | |||||
| CVE-2017-15647 | 1 Fiberhome | 1 Routerfiberhome Firmware | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| On FiberHome routers, Directory Traversal exists in /cgi-bin/webproc via the getpage parameter in conjunction with a crafted var:page value. | |||||
| CVE-2016-10048 | 2 Imagemagick, Opensuse Project | 2 Imagemagick, Leap | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in magick/module.c in ImageMagick 6.9.4-7 allows remote attackers to load arbitrary modules via unspecified vectors. | |||||
| CVE-2015-8780 | 1 Samsung | 1 Kies | 2025-04-20 | 6.9 MEDIUM | 6.4 MEDIUM |
| Samsung wssyncmlnps before 2015-10-31 allows directory traversal in a Kies restore, aka ZipFury. | |||||
| CVE-2017-10993 | 1 Contao | 1 Contao Cms | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| Contao before 3.5.28 and 4.x before 4.4.1 allows remote attackers to include and execute arbitrary local PHP files via a crafted parameter in a URL, aka Directory Traversal. | |||||
| CVE-2017-1548 | 1 Ibm | 1 Sterling File Gateway | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Sterling File Gateway 2.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 131288. | |||||
| CVE-2016-5312 | 1 Symantec | 1 Messaging Gateway | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| Directory traversal vulnerability in the charting component in Symantec Messaging Gateway before 10.6.2 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the sn parameter to brightmail/servlet/com.ve.kavachart.servlet.ChartStream. | |||||
| CVE-2016-5803 | 1 Ca Technologies | 1 Unified Infrastructure Management | 2025-04-20 | 7.5 HIGH | 8.6 HIGH |
| An issue was discovered in CA Unified Infrastructure Management Version 8.47 and earlier. The Unified Infrastructure Management software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory. | |||||
| CVE-2017-1000170 | 1 Jqueryfiletree Project | 1 Jqueryfiletree | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| jqueryFileTree 2.1.5 and older Directory Traversal | |||||