Search
Total
4706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-7007 | 1 Avaya | 1 Aura Conferencing | 2020-03-06 | 5.0 MEDIUM | 8.6 HIGH |
| A directory traversal vulnerability has been found in the Avaya Equinox Management(iView)versions R9.1.9.0 and earlier. Successful exploitation could potentially allow an unauthenticated attacker to access files that are outside the restricted directory on the remote server. | |||||
| CVE-2018-7586 | 1 Imagely | 1 Nextgen Gallery | 2020-03-05 | 5.0 MEDIUM | 7.5 HIGH |
| In the nextgen-gallery plugin before 2.2.50 for WordPress, gallery paths are not secured. | |||||
| CVE-2020-8810 | 1 Gurux | 1 Device Language Message Specification Director | 2020-03-04 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in Gurux GXDLMS Director through 8.5.1905.1301. When downloading OBIS codes, it does not verify that the downloaded files are actual OBIS codes and doesn't check for path traversal. This allows the attacker exploiting CVE-2020-8809 to send executable files and place them in an autorun directory, or to place DLLs inside the existing GXDLMS Director installation (run on next execution of GXDLMS Director). This can be used to achieve code execution even if the user doesn't have any add-ins installed. | |||||
| CVE-2017-11500 | 1 Metinfo | 1 Metinfo | 2020-03-03 | 5.0 MEDIUM | 7.5 HIGH |
| A directory traversal vulnerability exists in MetInfo 5.3.17. A remote attacker can use ..\ to delete any .zip file via the filenames parameter to /admin/system/database/filedown.php. | |||||
| CVE-2014-7951 | 1 Google | 1 Android | 2020-02-25 | 2.1 LOW | 4.6 MEDIUM |
| Directory traversal vulnerability in the Android debug bridge (aka adb) in Android 4.0.4 allows physically proximate attackers with a direct connection to the target Android device to write to arbitrary files owned by system via a .. (dot dot) in the tar archive headers. | |||||
| CVE-2015-6589 | 1 Kaseya | 1 Virtual System Administrator | 2020-02-25 | 6.5 MEDIUM | 8.8 HIGH |
| Directory traversal vulnerability in Kaseya Virtual System Administrator (VSA) 7.0.0.0 before 7.0.0.33, 8..0.0.0 before 8.0.0.23, 9.0.0.0 before 9.0.0.19, and 9.1.0.0 before 9.1.0.9 allows remote authenticated users to write to and execute arbitrary files due to insufficient restrictions in file paths to json.ashx. | |||||
| CVE-2020-9353 | 1 Smartclient | 1 Smartclient | 2020-02-24 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in SmartClient 12.0. The Remote Procedure Call (RPC) loadFile provided by the console functionality on the /tools/developerConsoleOperations.jsp (or /isomorphic/IDACall) URL is affected by unauthenticated Local File Inclusion via directory-traversal sequences in the elem XML element in the _transaction parameter. | |||||
| CVE-2020-5187 | 1 Dnnsoftware | 1 Dotnetnuke | 2020-02-24 | 6.5 MEDIUM | 8.8 HIGH |
| DNN (formerly DotNetNuke) through 9.4.4 allows Path Traversal (issue 2 of 2). | |||||
| CVE-2014-2846 | 1 Westerndigital | 1 Arkeia Virtual Appliance Firmware | 2020-02-24 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in opt/arkeia/wui/htdocs/index.php in the WD Arkeia virtual appliance (AVA) with firmware before 10.2.9 allows remote attackers to read arbitrary files and execute arbitrary PHP code via a ..././ (dot dot dot slash dot slash) in the lang Cookie parameter, as demonstrated by a request to login/doLogin. | |||||
| CVE-2014-0598 | 1 Novell | 1 Open Enterprise Server | 2020-02-24 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in iPrint in Novell Open Enterprise Server (OES) 11 SP1 before Maintenance Update 9151 on Linux has unspecified impact and remote attack vectors. | |||||
| CVE-2017-5182 | 1 Novell | 1 Open Enterprise Server | 2020-02-24 | 7.8 HIGH | 7.5 HIGH |
| Remote Manager in Open Enterprise Server (OES) allows unauthenticated remote attackers to read any arbitrary file, via a specially crafted URL, that allows complete directory traversal and total information disclosure. This vulnerability is present on all versions of OES for linux, it applies to OES2015 SP1 before Maintenance Update 11080, OES2015 before Maintenance Update 11079, OES11 SP3 before Maintenance Update 11078, OES11 SP2 before Maintenance Update 11077). | |||||
| CVE-2020-8996 | 1 Aishu | 1 Anyshare Cloud | 2020-02-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| AnyShare Cloud 6.0.9 allows authenticated directory traversal to read files, as demonstrated by the interface/downloadwithpath/downloadfile/?filepath=/etc/passwd URI. | |||||
| CVE-2014-9609 | 1 Netsweeper | 1 Netsweeper | 2020-02-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| Directory traversal vulnerability in webadmin/reporter/view_server_log.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to list directory contents via a .. (dot dot) in the log parameter in a stats action. | |||||
| CVE-2020-1853 | 1 Huawei | 1 Gaussdb 200 | 2020-02-19 | 4.0 MEDIUM | 6.5 MEDIUM |
| GaussDB 200 with version of 6.5.1 have a path traversal vulnerability. Due to insufficient input path validation, an authenticated attacker can traverse directories and download files to a specific directory. Successful exploit may cause information leakage. | |||||
| CVE-2015-3309 | 1 Etherpad | 1 Etherpad | 2020-02-19 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in node/utils/Minify.js in Etherpad 1.1.2 through 1.5.4 allows remote attackers to read arbitrary files with permissions of the user running the service via a .. (dot dot) in the path parameter of HTTP API requests. NOTE: This vulnerability is due to an incomplete fix to CVE-2015-3297. | |||||
| CVE-2020-8803 | 1 Salesagility | 1 Suitecrm | 2020-02-19 | 7.5 HIGH | 9.8 CRITICAL |
| SuiteCRM through 7.11.11 allows Directory Traversal to include arbitrary .php files within the webroot via add_to_prospect_list. | |||||
| CVE-2020-9029 | 1 Microchip | 10 Syncserver S100, Syncserver S100 Firmware, Syncserver S200 and 7 more | 2020-02-19 | 6.4 MEDIUM | 6.5 MEDIUM |
| Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to messagelog.php. | |||||
| CVE-2020-9030 | 1 Microchip | 10 Syncserver S100, Syncserver S100 Firmware, Syncserver S200 and 7 more | 2020-02-19 | 6.4 MEDIUM | 6.5 MEDIUM |
| Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to the syslog.php. | |||||
| CVE-2020-9031 | 1 Microchip | 10 Syncserver S100, Syncserver S100 Firmware, Syncserver S200 and 7 more | 2020-02-19 | 6.4 MEDIUM | 6.5 MEDIUM |
| Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to daemonlog.php. | |||||
| CVE-2020-9032 | 1 Microchip | 10 Syncserver S100, Syncserver S100 Firmware, Syncserver S200 and 7 more | 2020-02-19 | 6.4 MEDIUM | 6.5 MEDIUM |
| Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to kernlog.php. | |||||
| CVE-2020-9033 | 1 Microchip | 10 Syncserver S100, Syncserver S100 Firmware, Syncserver S200 and 7 more | 2020-02-19 | 6.4 MEDIUM | 6.5 MEDIUM |
| Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to authlog.php. | |||||
| CVE-2014-9261 | 1 Codologic | 1 Codoforum | 2020-02-18 | 5.0 MEDIUM | N/A |
| The sanitize function in Codoforum 2.5.1 does not properly implement filtering for directory traversal sequences, which allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter to index.php. | |||||
| CVE-2015-1396 | 2 Debian, Gnu | 2 Debian Linux, Patch | 2020-02-17 | 6.4 MEDIUM | 7.5 HIGH |
| A Directory Traversal vulnerability exists in the GNU patch before 2.7.4. A remote attacker can write to arbitrary files via a symlink attack in a patch file. NOTE: this issue exists because of an incomplete fix for CVE-2015-1196. | |||||
| CVE-2020-6767 | 1 Bosch | 5 Divar Ip 3000, Divar Ip 7000, Divar Ip All-in-one 5000 and 2 more | 2020-02-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| A path traversal vulnerability in the Bosch Video Management System (BVMS) FileTransferService allows an authenticated remote attacker to read arbitrary files from the Central Server. This affects Bosch BVMS versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.329 and 7.5 and older. This affects Bosch BVMS Viewer versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.329 and 7.5 and older. This affects Bosch DIVAR IP 3000, DIVAR IP 7000 and DIVAR IP all-in-one 5000 if a vulnerable BVMS version is installed. | |||||
| CVE-2020-6768 | 1 Bosch | 5 Divar Ip 3000, Divar Ip 7000, Divar Ip All-in-one 5000 and 2 more | 2020-02-12 | 5.0 MEDIUM | 7.5 HIGH |
| A path traversal vulnerability in the Bosch Video Management System (BVMS) NoTouch deployment allows an unauthenticated remote attacker to read arbitrary files from the Central Server. This affects Bosch BVMS versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.329 and 7.5 and older. This affects Bosch BVMS Viewer versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.329 and 7.5 and older. This affects Bosch DIVAR IP 3000, DIVAR IP 7000 and DIVAR IP all-in-one 5000 if a vulnerable BVMS version is installed. | |||||
| CVE-2009-5093 | 1 Php4scripte | 1 Gastebuch | 2020-02-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in gastbuch.php in Gästebuch (Gastebuch) 1.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the start parameter. | |||||
| CVE-2014-8478 | 1 Siemens | 9 Scalance X-300, Scalance X-300 Series Firmware, Scalance X-300eec and 6 more | 2020-02-10 | 7.8 HIGH | N/A |
| The web server on Siemens SCALANCE X-300 switches with firmware before 4.0 and SCALANCE X 408 switches with firmware before 4.0 allows remote attackers to cause a denial of service (reboot) via malformed HTTP requests. | |||||
| CVE-2020-5720 | 1 Mikrotik | 1 Winbox | 2020-02-10 | 4.3 MEDIUM | 5.9 MEDIUM |
| MikroTik WinBox before 3.21 is vulnerable to a path traversal vulnerability that allows creation of arbitrary files wherevere WinBox has write permissions. WinBox is vulnerable to this attack if it connects to a malicious endpoint or if an attacker mounts a man in the middle attack. | |||||
| CVE-2020-6754 | 1 Dotcms | 1 Dotcms | 2020-02-07 | 7.5 HIGH | 9.8 CRITICAL |
| dotCMS before 5.2.4 is vulnerable to directory traversal, leading to incorrect access control. It allows an attacker to read or execute files under $TOMCAT_HOME/webapps/ROOT/assets (which should be a protected directory). Additionally, attackers can upload temporary files (e.g., .jsp files) into /webapps/ROOT/assets/tmp_upload, which can lead to remote command execution (with the permissions of the user running the dotCMS application). | |||||
| CVE-2020-8641 | 1 Lotus Core Cms Project | 1 Lotus Core Cms | 2020-02-07 | 6.5 MEDIUM | 8.8 HIGH |
| Lotus Core CMS 1.0.1 allows authenticated Local File Inclusion of .php files via directory traversal in the index.php page_slug parameter. | |||||
| CVE-2020-7966 | 1 Gitlab | 1 Gitlab | 2020-02-07 | 5.0 MEDIUM | 7.5 HIGH |
| GitLab EE 11.11 and later through 12.7.2 allows Directory Traversal. | |||||
| CVE-2014-5236 | 1 Open-xchange | 1 Open-xchange Appsuite | 2020-02-06 | 5.0 MEDIUM | 7.5 HIGH |
| Multiple absolute path traversal vulnerabilities in documentconverter in Open-Xchange (OX) AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allow remote attackers to read application files via a full pathname in a crafted (1) OLE Object or (2) image in an OpenDocument text file. | |||||
| CVE-2020-8009 | 1 Motu | 21 112d, 1248, 16a and 18 more | 2020-02-06 | 5.0 MEDIUM | 7.5 HIGH |
| AVB MOTU devices through 2020-01-22 allow /.. Directory Traversal, as demonstrated by reading the /etc/passwd file. | |||||
| CVE-2019-4674 | 1 Ibm | 1 Security Identity Manager | 2020-02-06 | 4.0 MEDIUM | 4.9 MEDIUM |
| IBM Security Identity Manager 7.0.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 171510. | |||||
| CVE-2020-8545 | 1 Circl | 1 Ail Framework | 2020-02-06 | 5.0 MEDIUM | 7.5 HIGH |
| Global.py in AIL framework 2.8 allows path traversal. | |||||
| CVE-2014-8799 | 1 Dukapress | 1 Dukapress | 2020-02-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the dp_img_resize function in php/dp-functions.php in the DukaPress plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter to lib/dp_image.php. | |||||
| CVE-2018-12476 | 1 Suse | 3 Obs-service-tar Scm, Opensuse Factory, Suse Linux Enterprise Server | 2020-02-05 | 6.4 MEDIUM | 7.5 HIGH |
| Relative Path Traversal vulnerability in obs-service-tar_scm of SUSE Linux Enterprise Server 15; openSUSE Factory allows remote attackers with control over a repository to overwrite files on the machine of the local user if a malicious service is executed. This issue affects: SUSE Linux Enterprise Server 15 obs-service-tar_scm versions prior to 0.9.2.1537788075.fefaa74:. openSUSE Factory obs-service-tar_scm versions prior to 0.9.2.1537788075.fefaa74. | |||||
| CVE-2018-16836 | 1 Rubedo Project | 1 Rubedo | 2020-02-05 | 7.5 HIGH | 9.8 CRITICAL |
| Rubedo through 3.4.0 contains a Directory Traversal vulnerability in the theme component, allowing unauthenticated attackers to read and execute arbitrary files outside of the service root path, as demonstrated by a /theme/default/img/%2e%2e/..//etc/passwd URI. | |||||
| CVE-2013-6785 | 1 Supermicro | 1 Intelligent Platform Management Interface | 2020-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| Directory traversal vulnerability in url_redirect.cgi in Supermicro IPMI before SMT_X9_315 allows authenticated attackers to read arbitrary files via the url_name parameter. | |||||
| CVE-2012-6609 | 1 Polycom | 3 Hdx 8000, Hdx Video End Points, Uc Apl | 2020-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in a_getlog.cgi in Polycom HDX Video End Points before 3.0.4 and UC APL before 2.7.1.J allows remote attackers to read arbitrary files via a .. (dot dot) in the name parameter. | |||||
| CVE-2013-4861 | 1 Micasaverde | 2 Veralite, Veralite Firmware | 2020-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| Directory traversal vulnerability in cgi-bin/cmh/get_file.sh in MiCasaVerde VeraLite with firmware 1.5.408 allows remote authenticated users to read arbirary files via a .. (dot dot) in the filename parameter. | |||||
| CVE-2020-3717 | 1 Magento | 1 Magento | 2020-01-30 | 5.0 MEDIUM | 5.3 MEDIUM |
| Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a path traversal vulnerability. Successful exploitation could lead to sensitive information disclosure. | |||||
| CVE-2014-1923 | 1 Koha | 1 Koha | 2020-01-30 | 5.0 MEDIUM | 7.5 HIGH |
| Multiple directory traversal vulnerabilities in the (1) staff interface help editor (edithelp.pl) or (2) member-picupload.pl in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allow remote attackers to write to arbitrary files via unspecified vectors. | |||||
| CVE-2014-1922 | 1 Koha | 1 Koha | 2020-01-30 | 5.0 MEDIUM | 7.5 HIGH |
| Absolute path traversal vulnerability in tools/pdfViewer.pl in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allows remote attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2020-5221 | 1 Troglobit | 1 Uftpd | 2020-01-30 | 6.4 MEDIUM | 7.2 HIGH |
| In uftpd before 2.11, it is possible for an unauthenticated user to perform a directory traversal attack using multiple different FTP commands and read and write to arbitrary locations on the filesystem due to the lack of a well-written chroot jail in compose_abspath(). This has been fixed in version 2.11 | |||||
| CVE-2019-19893 | 1 Ixpdata | 1 Easyinstall | 2020-01-29 | 7.8 HIGH | 7.5 HIGH |
| In IXP EasyInstall 6.2.13723, there is Directory Traversal on TCP port 8000 via the Engine Service by an unauthenticated attacker, who can access the server's filesystem with the access rights of NT AUTHORITY\SYSTEM. | |||||
| CVE-2013-2474 | 1 Aws-dms | 1 Aws Xms | 2020-01-29 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in AWS XMS 2.5 allows remote attackers to view arbitrary files via the 'what' parameter. | |||||
| CVE-2014-8741 | 1 Lexmark | 1 Markvision Enterprise | 2020-01-29 | 10.0 HIGH | 9.8 CRITICAL |
| Directory traversal vulnerability in the GfdFileUploadServerlet servlet in Lexmark MarkVision Enterprise before 2.1 allows remote attackers to write to arbitrary files via unspecified vectors. | |||||
| CVE-2014-8742 | 1 Lexmark | 1 Markvision Enterprise | 2020-01-29 | 7.8 HIGH | 7.5 HIGH |
| Directory traversal vulnerability in the ReportDownloadServlet servlet in Lexmark MarkVision Enterprise before 2.1 allows remote attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2013-6056 | 1 Alienvault | 1 Open Source Security Information Management | 2020-01-29 | 7.8 HIGH | 7.5 HIGH |
| OSSIM before 4.3.3.1 has tele_compress.php path traversal vulnerability | |||||