Total
7186 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-11658 | 1 Wp-rocket | 1 Wp-rocket | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| In the WP Rocket plugin 2.9.3 for WordPress, the Local File Inclusion mitigation technique is to trim traversal characters (..) -- however, this is insufficient to stop remote attacks and can be bypassed by using 0x00 bytes, as demonstrated by a .%00.../.%00.../ attack. | |||||
| CVE-2015-3297 | 1 Etherpad | 1 Etherpad | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in node/utils/Minify.js in Etherpad 1.1.1 through 1.5.2 allows remote attackers to read arbitrary files by leveraging replacement of backslashes with slashes in the path parameter of HTTP API requests. | |||||
| CVE-2015-0107 | 1 Ibm | 11 Change And Configuration Management Database, Maximo Asset Management, Maximo Asset Management Essentials and 8 more | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX003, and 7.6 before 7.6.0.0 IFIX002 allow remote authenticated users to conduct directory traversal attacks via unspecified vectors. | |||||
| CVE-2016-8933 | 1 Ibm | 1 Kenexa Lms | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing dot dot sequences (/../) to view arbitrary files on the system. | |||||
| CVE-2015-7669 | 1 Easy2map | 1 Easy2map | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple directory traversal vulnerabilities in (1) includes/MapImportCSV2.php and (2) includes/MapImportCSV.php in the Easy2Map plugin before 1.3.0 for WordPress allow remote attackers to include and execute arbitrary files via the csvfile parameter related to "upload file functionality." | |||||
| CVE-2017-5966 | 1 Sitecore | 1 Crm | 2025-04-20 | 4.0 MEDIUM | 4.9 MEDIUM |
| Sitecore CRM 8.1 Rev 151207 allows remote authenticated administrators to read arbitrary files via an absolute path traversal attack on sitecore/shell/download.aspx with the file parameter. | |||||
| CVE-2017-12943 | 1 Dlink | 2 Dir-600 B1, Dir-600 B1 Firmware | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
| D-Link DIR-600 Rev Bx devices with v2.x firmware allow remote attackers to read passwords via a model/__show_info.php?REQUIRE_FILE= absolute path traversal attack, as demonstrated by discovering the admin password. | |||||
| CVE-2014-9983 | 1 Rarlab | 1 Rar | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| Directory Traversal exists in RAR 4.x and 5.x because an unpack operation follows any symlinks, including symlinks contained in the archive. This allows remote attackers to write to arbitrary files via a crafted archive. | |||||
| CVE-2017-6758 | 1 Cisco | 1 Unified Communications Manager | 2025-04-20 | 6.8 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the web framework of Cisco Unified Communications Manager 11.5(1.10000.6) could allow an authenticated, remote attacker to access arbitrary files in the context of the web root directory structure on an affected device. The vulnerability is due to insufficient input validation by the affected software. An attacker could exploit this vulnerability by using directory traversal techniques to read files in the web root directory structure on the Cisco Unified Communications Manager filesystem. Cisco Bug IDs: CSCve13796. | |||||
| CVE-2017-14722 | 1 Wordpress | 1 Wordpress | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Before version 4.8.2, WordPress allowed a Directory Traversal attack in the Customizer component via a crafted theme filename. | |||||
| CVE-2017-3980 | 1 Mcafee | 1 Epolicy Orchestrator | 2025-04-20 | 6.5 MEDIUM | 7.2 HIGH |
| A directory traversal vulnerability in the ePO Extension in McAfee ePolicy Orchestrator (ePO) 5.9.0, 5.3.2, and 5.1.3 and earlier allows remote authenticated users to execute a command of their choice via an authenticated ePO session. | |||||
| CVE-2017-13780 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows directory traversal attacks for reading arbitrary files via the module/admin_conf/download.php file parameter. | |||||
| CVE-2017-6527 | 1 Dnatools | 1 Dnalims | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to a NUL-terminated directory traversal attack allowing an unauthenticated attacker to access system files readable by the web server user (by using the viewAppletFsa.cgi seqID parameter). | |||||
| CVE-2017-9024 | 1 Secure-bytes | 1 Secure Cisco Auditor | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Secure Bytes Cisco Configuration Manager, as bundled in Secure Bytes Secure Cisco Auditor (SCA) 3.0, has a Directory Traversal issue in its TFTP Server, allowing attackers to read arbitrary files via ../ sequences in a pathname. | |||||
| CVE-2016-10330 | 1 Synology | 1 Photo Station | 2025-04-20 | 4.6 MEDIUM | 7.1 HIGH |
| Directory traversal vulnerability in synophoto_dsm_user, a SUID program, as used in Synology Photo Station before 6.5.3-3226 allows local users to write to arbitrary files via unspecified vectors. | |||||
| CVE-2016-6126 | 1 Ibm | 1 Kenexa Lms On Cloud | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. | |||||
| CVE-2017-10861 | 1 Qualitysoft | 1 Qnd Advance\/standard | 2025-04-20 | 6.4 MEDIUM | 9.1 CRITICAL |
| Directory traversal vulnerability in QND Advance/Standard allows an attacker to read arbitrary files via a specially crafted command. | |||||
| CVE-2016-8211 | 1 Dell | 1 Emc Data Protection Advisor | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| EMC Data Protection Advisor 6.1.x, EMC Data Protection Advisor 6.2, EMC Data Protection Advisor 6.2.1, EMC Data Protection Advisor 6.2.2, EMC Data Protection Advisor 6.2.3 prior to patch 446 has a path traversal vulnerability that may potentially be exploited by malicious users to compromise the affected system. | |||||
| CVE-2016-6896 | 1 Wordpress | 1 Wordpress | 2025-04-20 | 5.5 MEDIUM | 7.1 HIGH |
| Directory traversal vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress 4.5.3 allows remote authenticated users to cause a denial of service or read certain text files via a .. (dot dot) in the plugin parameter to wp-admin/admin-ajax.php, as demonstrated by /dev/random read operations that deplete the entropy pool. | |||||
| CVE-2017-6510 | 1 Efssoft | 1 Easy File Sharing Ftp Server | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Easy File Sharing FTP Server version 3.6 is vulnerable to a directory traversal vulnerability which allows an attacker to list and download any file from any folder outside the FTP root Directory. | |||||