Search
Total
1401 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-16140 | 1 Lab6.brit95 Project | 1 Lab6.brit95 | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| lab6.brit95 is a file server. lab6.brit95 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16139 | 1 Jikes Project | 1 Jikes | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| jikes is a file server. jikes is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. Accessible files are restricted to files with .htm and .js extensions. | |||||
| CVE-2017-16135 | 1 Serverzyy Project | 1 Serverzyy | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| serverzyy is a static file server. serverzyy is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16134 | 1 Http Static Simple Project | 1 Http Static Simple | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| http_static_simple is an http server. http_static_simple is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16133 | 1 Goserv Project | 1 Goserv | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| goserv is an http server. goserv is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16132 | 1 Simple-npm-registry Project | 1 Simple-npm-registry | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| simple-npm-registry is a local npm package cache. simple-npm-registry is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16131 | 1 Unicorn-list Project | 1 Unicorn-list | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| unicorn-list is a web framework. unicorn-list is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16130 | 1 Exxxxxxxxxxx Project | 1 Exxxxxxxxxxx | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| exxxxxxxxxxx is an Http eX Frame Google Style JavaScript Guide. exxxxxxxxxxx is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. Accessible files are restricted to those with a file extension. Files with no extension such as /etc/passwd throw an error. | |||||
| CVE-2017-16125 | 1 Rtcmulticonnection-client Project | 1 Rtcmulticonnection-client | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| rtcmulticonnection-client is a signaling implementation for RTCMultiConnection.js, a multi-session manager. rtcmulticonnection-client is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16124 | 1 Node-server-forfront Project | 1 Node-server-forfront | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| node-server-forfront is a simple static file server. node-server-forfront is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16123 | 1 Welcomyzt Project | 1 Welcomyzt | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| welcomyzt is a simple file server. welcomyzt is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16122 | 1 Cuciuci Project | 1 Cuciuci | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| cuciuci is a simple fileserver. cuciuci is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16121 | 1 Datachannel-client Project | 1 Datachannel-client | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| datachannel-client is a signaling implementation for DataChannel.js. datachannel-client is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16120 | 1 Liyujing Project | 1 Liyujing | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| liyujing is a static file server. liyujing is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16110 | 1 Weather.swlyons Project | 1 Weather.swlyons | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| weather.swlyons is a simple web server for weather updates. weather.swlyons is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16108 | 1 Gaoxiaotingtingting Project | 1 Gaoxiaotingtingting | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| gaoxiaotingtingting is an HTTP server. gaoxiaotingtingting is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16107 | 1 Pooledwebsocket Project | 1 Pooledwebsocket | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| pooledwebsocket is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16106 | 1 Tmock Project | 1 Tmock | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| tmock is a static file server. tmock is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16105 | 1 Serverwzl Project | 1 Serverwzl | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| serverwzl is a simple http server. serverwzl is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL. | |||||
| CVE-2017-16104 | 1 Citypredict.whauwiller Project | 1 Citypredict.whauwiller | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| citypredict.whauwiller is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16103 | 1 Serveryztyzt Project | 1 Serveryztyzt | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| serveryztyzt is a simple http server. serveryztyzt is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL. | |||||
| CVE-2017-16102 | 1 Serverhuwenhui Project | 1 Serverhuwenhui | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| serverhuwenhui is a simple http server. serverhuwenhui is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL. | |||||
| CVE-2017-16101 | 1 Serverwg Project | 1 Serverwg | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| serverwg is a simple http server. serverwg is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL. | |||||
| CVE-2017-16097 | 1 Tiny-http Project | 1 Tiny-http | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| tiny-http is a simple http server. tiny-http is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16096 | 1 Serveryaozeyan Project | 1 Serveryaozeyan | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| serveryaozeyan is a simple HTTP server. serveryaozeyan is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL. | |||||
| CVE-2017-16095 | 1 Serverliujiayi1 Project | 1 Serverliujiayi1 | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| serverliujiayi1 is a simple http server. serverliujiayi1 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL. | |||||
| CVE-2017-16094 | 1 Iter-http Project | 1 Iter-http | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| iter-http is a server for static files. iter-http is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16093 | 1 Cyber-js Project | 1 Cyber-js | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| cyber-js is a simple http server. A cyberjs server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16092 | 1 Sencisho Project | 1 Sencisho | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| Sencisho is a simple http server for local development. Sencisho is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL. | |||||
| CVE-2017-16091 | 1 Xtalk Project | 1 Xtalk | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| xtalk helps your browser talk to nodex, a simple web framework. xtalk is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL. | |||||
| CVE-2017-16090 | 1 Fsk-server Project | 1 Fsk-server | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| fsk-server is a simple http server. fsk-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16089 | 1 Serverlyr Project | 1 Serverlyr | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| serverlyr is a simple http server. serverlyr is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL. | |||||
| CVE-2017-16085 | 1 Tinyserver2 Project | 1 Tinyserver2 | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| tinyserver2 is a webserver for static files. tinyserver2 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL. | |||||
| CVE-2017-16084 | 1 List-n-stream Project | 1 List-n-stream | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| list-n-stream is a server for static files to list and stream local videos. list-n-stream v0.0.10 or lower is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16039 | 1 Hftp Project | 1 Hftp | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| `hftp` is a static http or ftp server `hftp` is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16037 | 1 Gomeplus-h5-proxy Project | 1 Gomeplus-h5-proxy | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| `gomeplus-h5-proxy` is vulnerable to a directory traversal issue, allowing attackers to access any file in the system by placing '../' in the URL. | |||||
| CVE-2017-16036 | 1 Badjs-sourcemap-server Project | 1 Badjs-sourcemap-server | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| `badjs-sourcemap-server` receives files sent by `badjs-sourcemap`. `badjs-sourcemap-server` is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16029 | 1 Hostr Project | 1 Hostr | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| hostr is a simple web server that serves up the contents of the current directory. There is a directory traversal vulnerability in hostr 2.3.5 and earlier that allows an attacker to read files outside the current directory by sending `../` in the url path for GET requests. | |||||
| CVE-2017-12694 | 1 Spidercontrol | 1 Scada Web Server | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| A Directory Traversal issue was discovered in SpiderControl SCADA Web Server. An attacker may be able to use a simple GET request to perform a directory traversal into system files. | |||||
| CVE-2017-13996 | 1 Loytec | 2 Lvis-3me, Lvis-3me Firmware | 2019-10-09 | 6.5 MEDIUM | 8.8 HIGH |
| A Relative Path Traversal issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The web user interface fails to prevent access to critical files that non administrative users should not have access to, which could allow an attacker to create or modify files or execute arbitrary code. | |||||
| CVE-2017-11512 | 1 Manageengine | 1 Servicedesk | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the name parameter for the download-snapshot URL. An unauthenticated remote attacker can use this vulnerability to download arbitrary files. | |||||
| CVE-2017-12263 | 1 Cisco | 1 License Manager | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the web interface of Cisco License Manager software could allow an unauthenticated, remote attacker to download and view files within the application that should be restricted, aka Directory Traversal. The issue is due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location. An exploit could allow the attacker to view application files that may contain sensitive information. Cisco Bug IDs: CSCvd83577. | |||||
| CVE-2017-0918 | 2 Debian, Gitlab | 2 Debian Linux, Gitlab | 2019-10-09 | 6.5 MEDIUM | 8.8 HIGH |
| Gitlab Community Edition version 10.3 is vulnerable to a path traversal issue in the GitLab CI runner component resulting in remote code execution. | |||||
| CVE-2017-11152 | 1 Synology | 1 Photo Station | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to write arbitrary files via the path parameter. | |||||
| CVE-2016-9484 | 1 Jqueryform | 1 Php Formmail Generator | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| The generated PHP form code does not properly validate user input folder directories, allowing a remote unauthenticated attacker to perform a path traversal and access arbitrary files on the server. The PHP FormMail Generator website does not use version numbers and is updated continuously. Any PHP form code generated by this website prior to 2016-12-06 may be vulnerable. | |||||
| CVE-2016-10331 | 1 Synology | 1 Photo Station | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in download.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to read arbitrary files via a full pathname in the id parameter. | |||||
| CVE-2016-10330 | 1 Synology | 1 Photo Station | 2019-10-09 | 4.6 MEDIUM | 7.1 HIGH |
| Directory traversal vulnerability in synophoto_dsm_user, a SUID program, as used in Synology Photo Station before 6.5.3-3226 allows local users to write to arbitrary files via unspecified vectors. | |||||
| CVE-2014-5436 | 1 Honeywell | 1 Experion Process Knowledge System | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| A directory traversal vulnerability exists in the confd.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, which could lead to possible information disclosure. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version. | |||||
| CVE-2014-10068 | 1 Hapi | 1 Inert | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| The inert directory handler in inert node module before 1.1.1 always allows files in hidden directories to be served, even when `showHidden` is false. | |||||
| CVE-2019-17311 | 1 Sugarcrm | 1 Sugarcrm | 2019-10-09 | 6.5 MEDIUM | 8.8 HIGH |
| SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the attachment function by a Regular user. | |||||