Search
Total
4706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-16155 | 1 Fast-http-cli Project | 1 Fast-http-cli | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| fast-http-cli is the command line interface for fast-http, a simple web server. fast-http-cli is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16157 | 1 Censorify.tanisjr Project | 1 Censorify.tanisjr | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| censorify.tanisjr is a simple web server and API RESTful service. censorify.tanisjr is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16164 | 1 Desafio Project | 1 Desafio | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| desafio is a simple web server. desafio is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url, but is limited to accessing only .html files. | |||||
| CVE-2017-16143 | 1 Commentapp.stetsonwood Project | 1 Commentapp.stetsonwood | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| commentapp.stetsonwood is an http server. commentapp.stetsonwood is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16135 | 1 Serverzyy Project | 1 Serverzyy | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| serverzyy is a static file server. serverzyy is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16139 | 1 Jikes Project | 1 Jikes | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| jikes is a file server. jikes is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. Accessible files are restricted to files with .htm and .js extensions. | |||||
| CVE-2017-16140 | 1 Lab6.brit95 Project | 1 Lab6.brit95 | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| lab6.brit95 is a file server. lab6.brit95 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16144 | 1 Myserver.alexcthomas18 Project | 1 Myserver.alexcthomas18 | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| myserver.alexcthomas18 is a file server. myserver.alexcthomas18 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16154 | 1 Earlybird Project | 1 Earlybird | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| earlybird is a web server module for early development. earlybird is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16201 | 1 Zjjserver Project | 1 Zjjserver | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| zjjserver is a static file server. zjjserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16133 | 1 Goserv Project | 1 Goserv | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| goserv is an http server. goserv is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16131 | 1 Unicorn-list Project | 1 Unicorn-list | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| unicorn-list is a web framework. unicorn-list is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16172 | 1 Section2.madisonjbrooks12 Project | 1 Section2.madisonjbrooks12 | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| section2.madisonjbrooks12 is a simple web server. section2.madisonjbrooks12 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16134 | 1 Http Static Simple Project | 1 Http Static Simple | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| http_static_simple is an http server. http_static_simple is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16177 | 1 Chatbyvista Project | 1 Chatbyvista | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| chatbyvista is a file server. chatbyvista is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16169 | 1 Looppake Project | 1 Looppake | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| looppake is a simple http server. looppake is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16168 | 1 Wffserve Project | 1 Wffserve | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| wffserve is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16145 | 1 Sspa Project | 1 Sspa | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| sspa is a server dedicated to single-page apps. sspa is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16173 | 1 Utahcityfinder Project | 1 Utahcityfinder | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| utahcityfinder constructs lists of Utah cities with a certain prefix. utahcityfinder is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16165 | 1 Calmquist.static-server Project | 1 Calmquist.static-server | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| calmquist.static-server is a static file server. calmquist.static-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16171 | 1 Hcbserver Project | 1 Hcbserver | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| hcbserver is a static file server. hcbserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16123 | 1 Welcomyzt Project | 1 Welcomyzt | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| welcomyzt is a simple file server. welcomyzt is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16175 | 1 Ewgaddis.lab6 Project | 1 Ewgaddis.lab6 | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| ewgaddis.lab6 is a file server. ewgaddis.lab6 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16130 | 1 Exxxxxxxxxxx Project | 1 Exxxxxxxxxxx | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| exxxxxxxxxxx is an Http eX Frame Google Style JavaScript Guide. exxxxxxxxxxx is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. Accessible files are restricted to those with a file extension. Files with no extension such as /etc/passwd throw an error. | |||||
| CVE-2017-16156 | 1 Myprolyz Project | 1 Myprolyz | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| myprolyz is a static file server. myprolyz is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16174 | 1 Whispercast Project | 1 Whispercast | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| whispercast is a file server. whispercast is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16125 | 1 Rtcmulticonnection-client Project | 1 Rtcmulticonnection-client | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| rtcmulticonnection-client is a signaling implementation for RTCMultiConnection.js, a multi-session manager. rtcmulticonnection-client is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-13996 | 1 Loytec | 2 Lvis-3me, Lvis-3me Firmware | 2019-10-09 | 6.5 MEDIUM | 8.8 HIGH |
| A Relative Path Traversal issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The web user interface fails to prevent access to critical files that non administrative users should not have access to, which could allow an attacker to create or modify files or execute arbitrary code. | |||||
| CVE-2017-12694 | 1 Spidercontrol | 1 Scada Web Server | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| A Directory Traversal issue was discovered in SpiderControl SCADA Web Server. An attacker may be able to use a simple GET request to perform a directory traversal into system files. | |||||
| CVE-2017-12285 | 1 Cisco | 1 Prime Network Analysis Module | 2019-10-09 | 6.4 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the web interface of Cisco Network Analysis Module Software could allow an unauthenticated, remote attacker to delete arbitrary files from an affected system, aka Directory Traversal. The vulnerability exists because the affected software does not perform proper input validation of HTTP requests that it receives and the software does not apply role-based access controls (RBACs) to requested HTTP URLs. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow the attacker to delete arbitrary files from the affected system. Cisco Bug IDs: CSCvf41365. | |||||
| CVE-2017-12263 | 1 Cisco | 1 License Manager | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the web interface of Cisco License Manager software could allow an unauthenticated, remote attacker to download and view files within the application that should be restricted, aka Directory Traversal. The issue is due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location. An exploit could allow the attacker to view application files that may contain sensitive information. Cisco Bug IDs: CSCvd83577. | |||||
| CVE-2017-12074 | 1 Synology | 1 Dns Server | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| Directory traversal vulnerability in the SYNO.DNSServer.Zone.MasterZoneConf in Synology DNS Server before 2.2.1-3042 allows remote authenticated attackers to write arbitrary files via the domain_name parameter. | |||||
| CVE-2017-11512 | 1 Manageengine | 1 Servicedesk | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the name parameter for the download-snapshot URL. An unauthenticated remote attacker can use this vulnerability to download arbitrary files. | |||||
| CVE-2017-11152 | 1 Synology | 1 Photo Station | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to write arbitrary files via the path parameter. | |||||
| CVE-2017-11162 | 1 Synology | 1 Photo Station | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| Directory traversal vulnerability in synphotoio in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticated users to read arbitrary files via unspecified vectors. | |||||
| CVE-2017-0930 | 1 Augustine Project | 1 Augustine | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| augustine node module suffers from a Path Traversal vulnerability due to lack of validation of url, which allows a malicious user to read content of any file with known path. | |||||
| CVE-2017-0918 | 2 Debian, Gitlab | 2 Debian Linux, Gitlab | 2019-10-09 | 6.5 MEDIUM | 8.8 HIGH |
| Gitlab Community Edition version 10.3 is vulnerable to a path traversal issue in the GitLab CI runner component resulting in remote code execution. | |||||
| CVE-2016-9484 | 1 Jqueryform | 1 Php Formmail Generator | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| The generated PHP form code does not properly validate user input folder directories, allowing a remote unauthenticated attacker to perform a path traversal and access arbitrary files on the server. The PHP FormMail Generator website does not use version numbers and is updated continuously. Any PHP form code generated by this website prior to 2016-12-06 may be vulnerable. | |||||
| CVE-2016-7041 | 1 Redhat | 2 Jboss Brms, Jboss Drools | 2019-10-09 | 6.8 MEDIUM | 6.5 MEDIUM |
| Drools Workbench contains a path traversal vulnerability. The vulnerability allows a remote, authenticated attacker to bypass the directory restrictions and retrieve arbitrary files from the affected host. | |||||
| CVE-2016-10561 | 1 Bitty Project | 1 Bitty | 2019-10-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| Bitty is a development web server tool that functions similar to `python -m SimpleHTTPServer`. Version 0.2.10 has a directory traversal vulnerability that is exploitable via the URL path in GET requests. | |||||
| CVE-2016-10528 | 1 Restafary Project | 1 Restafary | 2019-10-09 | 4.0 MEDIUM | 4.9 MEDIUM |
| restafary is a REpresentful State Transfer API for Creating, Reading, Using, Deleting files on a server from the web. Restafary before 1.6.1 is able to set up a root path, which should only allow it to run inside of that root path it specified. | |||||
| CVE-2016-10331 | 1 Synology | 1 Photo Station | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in download.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to read arbitrary files via a full pathname in the id parameter. | |||||
| CVE-2016-10330 | 1 Synology | 1 Photo Station | 2019-10-09 | 4.6 MEDIUM | 7.1 HIGH |
| Directory traversal vulnerability in synophoto_dsm_user, a SUID program, as used in Synology Photo Station before 6.5.3-3226 allows local users to write to arbitrary files via unspecified vectors. | |||||
| CVE-2014-5436 | 1 Honeywell | 1 Experion Process Knowledge System | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| A directory traversal vulnerability exists in the confd.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, which could lead to possible information disclosure. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version. | |||||
| CVE-2014-2611 | 1 Hp | 1 Executive Scorecard | 2019-10-09 | 9.0 HIGH | N/A |
| Directory traversal vulnerability in the fndwar web application in HP Executive Scorecard 9.40 and 9.41 allows remote authenticated users to execute arbitrary code, or obtain sensitive information or delete data, via unspecified vectors, aka ZDI-CAN-2120. | |||||
| CVE-2014-10068 | 1 Hapi | 1 Inert | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| The inert directory handler in inert node module before 1.1.1 always allows files in hidden directories to be served, even when `showHidden` is false. | |||||
| CVE-2011-4168 | 1 Hp | 1 Managed Printing Administration | 2019-10-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in hpmpa/jobDelivery/Default.asp in HP Managed Printing Administration before 2.6.4 allows remote attackers to create arbitrary files via crafted form data. | |||||
| CVE-2011-4166 | 1 Hp | 1 Managed Printing Administration | 2019-10-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in the MPAUploader.Uploader.1.UploadFiles method in HP Managed Printing Administration before 2.6.4 allows remote attackers to create arbitrary files via crafted form data. | |||||
| CVE-2009-4000 | 1 Hp | 1 Power Manager | 2019-10-09 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to overwrite arbitrary files, and execute arbitrary code, via directory traversal sequences in the fileName parameter. | |||||
| CVE-2019-17311 | 1 Sugarcrm | 1 Sugarcrm | 2019-10-09 | 6.5 MEDIUM | 8.8 HIGH |
| SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the attachment function by a Regular user. | |||||