Total
6979 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-12586 | 1 Slims | 1 Akasia | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| SLiMS 8 Akasia through 8.3.1 has an arbitrary file reading issue because of directory traversal in the url parameter to admin/help.php. It can be exploited by remote authenticated librarian users. | |||||
| CVE-2017-2119 | 1 Wbce | 1 Wbce Cms | 2025-04-20 | 5.0 MEDIUM | 8.6 HIGH |
| Directory traversal vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2016-8593 | 1 Trendmicro | 1 Threat Discovery Appliance | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| Directory traversal vulnerability in upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via a .. (dot dot) in the dID parameter. | |||||
| CVE-2017-10931 | 1 Zte | 8 Zxr10 160, Zxr10 160 Firmware, Zxr10 1800-2s and 5 more | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| The ZXR10 1800-2S before v3.00.40 incorrectly restricts the download of the file directory range for WEB users, resulting in the ability to download any files and cause information leaks such as system configuration. | |||||
| CVE-2016-9351 | 1 Advantech | 1 Susiaccess | 2025-04-20 | 6.0 MEDIUM | 7.0 HIGH |
| An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. The directory traversal/file upload error allows an attacker to upload and unpack a zip file. | |||||
| CVE-2017-11152 | 1 Synology | 1 Photo Station | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to write arbitrary files via the path parameter. | |||||
| CVE-2017-15893 | 1 Synology | 1 File Station | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology File Station before 1.1.1-0099 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter. | |||||
| CVE-2016-5941 | 1 Ibm | 1 Kenexa Lms | 2025-04-20 | 3.5 LOW | 5.7 MEDIUM |
| IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing dot dot sequences (/../) to view arbitrary files on the system. | |||||
| CVE-2017-5229 | 1 Rapid7 | 1 Metasploit | 2025-04-20 | 5.1 MEDIUM | 7.1 HIGH |
| All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter extapi Clipboard.parse_dump() function. By using a specially-crafted build of Meterpreter, it is possible to write to an arbitrary directory on the Metasploit console with the permissions of the running Metasploit instance. | |||||
| CVE-2017-15276 | 1 Opentext | 1 Documentum Content Server | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Server allows uploading content using batches (TAR archives). When unpacking TAR archives, Content Server fails to verify the contents of an archive, which causes a path traversal vulnerability via symlinks. Because some files on the Content Server filesystem are security-sensitive, this leads to privilege escalation. | |||||
| CVE-2017-8841 | 1 Peplink | 12 1350hw2 Firmware, 2500 Firmware, 380hw6 Firmware and 9 more | 2025-04-20 | 7.5 HIGH | 8.1 HIGH |
| Arbitrary file deletion exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The attack methodology is absolute path traversal in cgi-bin/MANGA/firmware_process.cgi via the upfile.path parameter. | |||||
| CVE-2017-14849 | 1 Nodejs | 1 Node.js | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was incompatible with the pathname validation used by unspecified community modules. | |||||
| CVE-2017-14719 | 1 Wordpress | 1 Wordpress | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components. | |||||
| CVE-2017-11500 | 1 Metinfo | 1 Metinfo | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| A directory traversal vulnerability exists in MetInfo 5.3.17. A remote attacker can use ..\ to delete any .zip file via the filenames parameter to /admin/system/database/filedown.php. | |||||
| CVE-2015-8352 | 1 Zen-cart | 1 Zen Cart | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| Directory traversal vulnerability in Zen Cart 1.5.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the act parameter to ajax.php. | |||||
| CVE-2016-4313 | 1 Extplorer | 1 Extplorer | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| Directory traversal vulnerability in unzip/extract feature in eXtplorer 2.1.9 allows remote attackers to execute arbitrary files via a .. (dot dot) in an archive file. | |||||
| CVE-2017-8007 | 1 Dell | 4 Emc M\&r, Emc Storage Monitoring And Reporting, Emc Vipr Srm and 1 more | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Webservice Gateway is affected by a directory traversal vulnerability. Attackers with knowledge of Webservice Gateway credentials could potentially exploit this vulnerability to access unauthorized information, and modify or delete data, by supplying specially crafted strings in input parameters of the web service call. | |||||
| CVE-2017-8283 | 1 Debian | 1 Dpkg | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source on NetBSD. | |||||
| CVE-2011-5325 | 3 Busybox, Canonical, Debian | 3 Busybox, Ubuntu Linux, Debian Linux | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in the BusyBox implementation of tar before 1.22.0 v5 allows remote attackers to point to files outside the current working directory via a symlink. | |||||
| CVE-2017-5182 | 1 Novell | 1 Open Enterprise Server | 2025-04-20 | 7.8 HIGH | 7.5 HIGH |
| Remote Manager in Open Enterprise Server (OES) allows unauthenticated remote attackers to read any arbitrary file, via a specially crafted URL, that allows complete directory traversal and total information disclosure. This vulnerability is present on all versions of OES for linux, it applies to OES2015 SP1 before Maintenance Update 11080, OES2015 before Maintenance Update 11079, OES11 SP3 before Maintenance Update 11078, OES11 SP2 before Maintenance Update 11077). | |||||