Search
Total
4706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-7424 | 1 Microfocus | 2 Enterprise Developer, Enterprise Server | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| A Path Traversal (CWE-22) vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote authenticated users to download arbitrary files from a system running the product, if this component is configured. Note esfadmingui is not enabled by default. | |||||
| CVE-2017-6758 | 1 Cisco | 1 Unified Communications Manager | 2019-10-09 | 6.8 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the web framework of Cisco Unified Communications Manager 11.5(1.10000.6) could allow an authenticated, remote attacker to access arbitrary files in the context of the web root directory structure on an affected device. The vulnerability is due to insufficient input validation by the affected software. An attacker could exploit this vulnerability by using directory traversal techniques to read files in the web root directory structure on the Cisco Unified Communications Manager filesystem. Cisco Bug IDs: CSCve13796. | |||||
| CVE-2017-6020 | 1 Lcds | 1 Laquis Scada | 2019-10-09 | 4.0 MEDIUM | 5.3 MEDIUM |
| Leao Consultoria e Desenvolvimento de Sistemas (LCDS) LTDA ME LAquis SCADA software versions prior to version 4.1.0.3237 do not neutralize external input to ensure that users are not calling for absolute path sequences outside of their privilege level. | |||||
| CVE-2017-5261 | 1 Cambiumnetworks | 10 Cnpilot E400, Cnpilot E400 Firmware, Cnpilot E410 and 7 more | 2019-10-09 | 4.0 MEDIUM | 8.8 HIGH |
| In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the 'ping' and 'traceroute' functions of the web administrative console expose a file path traversal vulnerability, accessible to all authenticated users. | |||||
| CVE-2017-3188 | 1 Dotcms | 1 Dotcms | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| The dotCMS administration panel, versions 3.7.1 and earlier, "Push Publishing" feature in Enterprise Pro is vulnerable to path traversal. When "Bundle" tar.gz archives uploaded to the Push Publishing feature are decompressed, the filenames of its contents are not properly checked, allowing for writing files to arbitrary directories on the file system. These archives may be uploaded directly via the administrator panel, or using the CSRF vulnerability (CVE-2017-3187). An unauthenticated remote attacker may perform actions with the dotCMS administrator panel with the same permissions of a victim user or execute arbitrary system commands with the permissions of the user running the dotCMS application. | |||||
| CVE-2017-2595 | 1 Redhat | 2 Enterprise Linux, Jboss Enterprise Application Platform | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| It was found that the log file viewer in Red Hat JBoss Enterprise Application 6 and 7 allows arbitrary file read to authenticated user via path traversal. | |||||
| CVE-2017-1749 | 1 Ibm | 1 Urbancode Deploy | 2019-10-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM UrbanCode Deploy 6.1 through 6.9.6.0 could allow a remote attacker to traverse directories on the system. An unauthenticated attacker could alter UCD deployments. IBM X-Force ID: 135522. | |||||
| CVE-2017-2594 | 1 Hawt | 1 Hawtio | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| hawtio before versions 2.0-beta-1, 2.0-beta-2 2.0-m1, 2.0-m2, 2.0-m3, and 1.5 is vulnerable to a path traversal that leads to a NullPointerException with a full stacktrace. An attacker could use this flaw to gather undisclosed information from within hawtio's root. | |||||
| CVE-2017-16720 | 1 Advantech | 1 Webaccess | 2019-10-09 | 10.0 HIGH | 9.8 CRITICAL |
| A Path Traversal issue was discovered in WebAccess versions 8.3.2 and earlier. An attacker has access to files within the directory structure of the target device. | |||||
| CVE-2017-15893 | 1 Synology | 1 File Station | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology File Station before 1.1.1-0099 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter. | |||||
| CVE-2017-16199 | 1 Susu-sum Project | 1 Susu-sum | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| susu-sum is a static file server. susu-sum is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16110 | 1 Weather.swlyons Project | 1 Weather.swlyons | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| weather.swlyons is a simple web server for weather updates. weather.swlyons is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16106 | 1 Tmock Project | 1 Tmock | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| tmock is a static file server. tmock is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16124 | 1 Node-server-forfront Project | 1 Node-server-forfront | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| node-server-forfront is a simple static file server. node-server-forfront is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16123 | 1 Welcomyzt Project | 1 Welcomyzt | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| welcomyzt is a simple file server. welcomyzt is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16142 | 1 Infraserver Project | 1 Infraserver | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| infraserver is a RESTful server. infraserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16092 | 1 Sencisho Project | 1 Sencisho | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| Sencisho is a simple http server for local development. Sencisho is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL. | |||||
| CVE-2017-16219 | 1 Yttivy Project | 1 Yttivy | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| yttivy is a static file server. yttivy is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16189 | 1 Sly07 Project | 1 Sly07 | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| sly07 is an API for censoring text. sly07 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16193 | 1 Mfrs Project | 1 Mfrs | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| mfrs is a static file server. mfrs is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16109 | 1 Easyquick Project | 1 Easyquick | 2019-10-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| easyquick is a simple web server. easyquick is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. Access is constrained, however, to supported file types. Requesting a file such as /etc/passwd returns a "not supported" error. | |||||
| CVE-2017-16172 | 1 Section2.madisonjbrooks12 Project | 1 Section2.madisonjbrooks12 | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| section2.madisonjbrooks12 is a simple web server. section2.madisonjbrooks12 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16180 | 1 Serverabc Project | 1 Serverabc | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| serverabc is a static file server. serverabc is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16191 | 1 Cypserver Project | 1 Cypserver | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| cypserver is a static file server. cypserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16107 | 1 Pooledwebsocket Project | 1 Pooledwebsocket | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| pooledwebsocket is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16218 | 1 Dgard8.lab6 Project | 1 Dgard8.lab6 | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| dgard8.lab6 is a static file server. dgard8.lab6 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16213 | 1 Mfrserver Project | 1 Mfrserver | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| mfrserver is a simple file server. mfrserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16211 | 1 Lessindex Project | 1 Lessindex | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| lessindex is a static file server. lessindex is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16223 | 1 Nodeaaaaa Project | 1 Nodeaaaaa | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| nodeaaaaa is a static file server. nodeaaaaa is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16222 | 1 Elding Project | 1 Elding | 2019-10-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| elding is a simple web server. elding is vulnerable to a directory traversal issue, allowing an attacker to access the filesystem by placing "../" in the url. The files accessible, however, are limited to files with a file extension. Sending a GET request to /../../../etc/passwd, for example, will return a 404 on etc/passwd/index.js. | |||||
| CVE-2017-16210 | 1 Jn Jj Server Project | 1 Jn Jj Server | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| jn_jj_server is a static file server. jn_jj_server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16179 | 1 Dasafio Project | 1 Dasafio | 2019-10-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| dasafio is a web server. dasafio is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. File access is restricted to only .html files. | |||||
| CVE-2017-16201 | 1 Zjjserver Project | 1 Zjjserver | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| zjjserver is a static file server. zjjserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16195 | 1 Pytservce Project | 1 Pytservce | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| pytservce is a static file server. pytservce is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16104 | 1 Citypredict.whauwiller Project | 1 Citypredict.whauwiller | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| citypredict.whauwiller is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16196 | 1 Quickserver Project | 1 Quickserver | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| quickserver is a simple static file server. quickserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16200 | 1 Uv-tj-demo Project | 1 Uv-tj-demo | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| uv-tj-demo is a static file server. uv-tj-demo is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16209 | 1 Enserver Project | 1 Enserver | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| enserver is a simple web server. enserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16212 | 1 Ltt Project | 1 Ltt | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| ltt is a static file server. ltt is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16187 | 1 Open-device Project | 1 Open-device | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| open-device creates a web interface for any device. open-device is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16192 | 1 Getcityapi.yoehoehne Project | 1 Getcityapi.yoehoehne | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| getcityapi.yoehoehne is a web server. getcityapi.yoehoehne is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16101 | 1 Serverwg Project | 1 Serverwg | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| serverwg is a simple http server. serverwg is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL. | |||||
| CVE-2017-16135 | 1 Serverzyy Project | 1 Serverzyy | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| serverzyy is a static file server. serverzyy is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16186 | 1 360class.jansenhm Project | 1 360class.jansenhm | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| 360class.jansenhm is a static file server. 360class.jansenhm is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16221 | 1 Yzt Project | 1 Yzt | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| yzt is a simple file server. yzt is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16214 | 1 Peiserver Project | 1 Peiserver | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| peiserver is a static file server. peiserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16215 | 1 Sgqserve Project | 1 Sgqserve | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| sgqserve is a simple file server. sgqserve is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16216 | 1 Tencent-server Project | 1 Tencent-server | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| tencent-server is a simple web server. tencent-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16166 | 1 Byucslabsix Project | 1 Byucslabsix | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| byucslabsix is an http server. byucslabsix is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16170 | 1 Liuyaserver Project | 1 Liuyaserver | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| liuyaserver is a static file server. liuyaserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||