Total
7186 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-15276 | 1 Opentext | 1 Documentum Content Server | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Server allows uploading content using batches (TAR archives). When unpacking TAR archives, Content Server fails to verify the contents of an archive, which causes a path traversal vulnerability via symlinks. Because some files on the Content Server filesystem are security-sensitive, this leads to privilege escalation. | |||||
| CVE-2017-8841 | 1 Peplink | 12 1350hw2 Firmware, 2500 Firmware, 380hw6 Firmware and 9 more | 2025-04-20 | 7.5 HIGH | 8.1 HIGH |
| Arbitrary file deletion exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The attack methodology is absolute path traversal in cgi-bin/MANGA/firmware_process.cgi via the upfile.path parameter. | |||||
| CVE-2017-14849 | 1 Nodejs | 1 Node.js | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was incompatible with the pathname validation used by unspecified community modules. | |||||
| CVE-2017-14719 | 1 Wordpress | 1 Wordpress | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components. | |||||
| CVE-2017-11500 | 1 Metinfo | 1 Metinfo | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| A directory traversal vulnerability exists in MetInfo 5.3.17. A remote attacker can use ..\ to delete any .zip file via the filenames parameter to /admin/system/database/filedown.php. | |||||
| CVE-2015-8352 | 1 Zen-cart | 1 Zen Cart | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| Directory traversal vulnerability in Zen Cart 1.5.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the act parameter to ajax.php. | |||||
| CVE-2016-4313 | 1 Extplorer | 1 Extplorer | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| Directory traversal vulnerability in unzip/extract feature in eXtplorer 2.1.9 allows remote attackers to execute arbitrary files via a .. (dot dot) in an archive file. | |||||
| CVE-2017-8007 | 1 Dell | 4 Emc M\&r, Emc Storage Monitoring And Reporting, Emc Vipr Srm and 1 more | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Webservice Gateway is affected by a directory traversal vulnerability. Attackers with knowledge of Webservice Gateway credentials could potentially exploit this vulnerability to access unauthorized information, and modify or delete data, by supplying specially crafted strings in input parameters of the web service call. | |||||
| CVE-2017-8283 | 1 Debian | 1 Dpkg | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source on NetBSD. | |||||
| CVE-2011-5325 | 3 Busybox, Canonical, Debian | 3 Busybox, Ubuntu Linux, Debian Linux | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in the BusyBox implementation of tar before 1.22.0 v5 allows remote attackers to point to files outside the current working directory via a symlink. | |||||
| CVE-2017-5182 | 1 Novell | 1 Open Enterprise Server | 2025-04-20 | 7.8 HIGH | 7.5 HIGH |
| Remote Manager in Open Enterprise Server (OES) allows unauthenticated remote attackers to read any arbitrary file, via a specially crafted URL, that allows complete directory traversal and total information disclosure. This vulnerability is present on all versions of OES for linux, it applies to OES2015 SP1 before Maintenance Update 11080, OES2015 before Maintenance Update 11079, OES11 SP3 before Maintenance Update 11078, OES11 SP2 before Maintenance Update 11077). | |||||
| CVE-2017-8003 | 1 Emc | 1 Data Protection Advisor | 2025-04-20 | 6.8 MEDIUM | 4.9 MEDIUM |
| EMC Data Protection Advisor prior to 6.4 contains a path traversal vulnerability. A remote authenticated high privileged user may potentially exploit this vulnerability to access unauthorized information from the underlying OS server by supplying specially crafted strings in input parameters of the application. | |||||
| CVE-2017-4980 | 1 Emc | 1 Isilon Onefs | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| EMC Isilon OneFS is affected by a path traversal vulnerability that may potentially be exploited by attackers to compromise the affected system. Affected versions are 7.1.0 - 7.1.1.10, 7.2.0 - 7.2.1.3, and 8.0.0 - 8.0.0.1. | |||||
| CVE-2015-5469 | 1 Mdc Youtube Downloader Project | 1 Mdc Youtube Downloader | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Absolute path traversal vulnerability in the MDC YouTube Downloader plugin 2.1.0 for WordPress allows remote attackers to read arbitrary files via a full pathname in the file parameter to includes/download.php. | |||||
| CVE-2017-8314 | 2 Debian, Kodi | 2 Debian Linux, Kodi | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| Directory Traversal in Zip Extraction built-in function in Kodi 17.1 and earlier allows arbitrary file write on disk via a Zip file as subtitles. | |||||
| CVE-2015-4085 | 1 Etherpad | 1 Etherpad | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in node/hooks/express/tests.js in Etherpad frontend tests before 1.6.1. | |||||
| CVE-2016-6601 | 1 Zohocorp | 1 Webnms Framework | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to read arbitrary files via a .. (dot dot) in the fileName parameter to servlets/FetchFile. | |||||
| CVE-2017-12285 | 1 Cisco | 1 Prime Network Analysis Module | 2025-04-20 | 6.4 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the web interface of Cisco Network Analysis Module Software could allow an unauthenticated, remote attacker to delete arbitrary files from an affected system, aka Directory Traversal. The vulnerability exists because the affected software does not perform proper input validation of HTTP requests that it receives and the software does not apply role-based access controls (RBACs) to requested HTTP URLs. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow the attacker to delete arbitrary files from the affected system. Cisco Bug IDs: CSCvf41365. | |||||
| CVE-2017-5261 | 1 Cambiumnetworks | 10 Cnpilot E400, Cnpilot E400 Firmware, Cnpilot E410 and 7 more | 2025-04-20 | 4.0 MEDIUM | 8.8 HIGH |
| In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the 'ping' and 'traceroute' functions of the web administrative console expose a file path traversal vulnerability, accessible to all authenticated users. | |||||
| CVE-2015-4181 | 1 Phpmybackuppro | 1 Phpmybackuppro | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in get_file.php in phpMyBackupPro 2.1 through 2.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this vulnerability exists due to an incomplete fix to CVE-2015-4180. | |||||