Search
Total
4706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-0729 | 1 Lingx | 1 Page Engine Cms | 2017-08-17 | 6.8 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in Page Engine CMS 2.0 Basic and Pro allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the fPrefix parameter to (1) modules/recent_poll_include.php, (2) modules/login_include.php, and (3) modules/statistics_include.php and (4) configuration.inc.php in includes/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-6610 | 1 Ott | 1 Phpcksec | 2017-08-17 | 6.4 MEDIUM | N/A |
| Absolute path traversal vulnerability in phpcksec.php in Stefan Ott phpcksec 0.2.0 allows remote attackers to list arbitrary directories and read arbitrary files via a full pathname in the file parameter. | |||||
| CVE-2008-6126 | 1 Mozilo | 1 Mozilocms | 2017-08-17 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in moziloCMS 1.10.2 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) file parameter to download.php and the (2) page parameter to index.php, a different vector than CVE-2008-3589. | |||||
| CVE-2008-7093 | 1 Unica | 1 Affinium Campaign | 2017-08-17 | 6.8 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in Unica Affinium Campaign 7.2.1.0.55 allow remote attackers to (1) create arbitrary directories or files via a .. (dot dot) in the folder name in the new folder functionality or (2) list arbitrary files via a crafted request to Campaign/CampaignListener. | |||||
| CVE-2017-6190 | 1 Dlink | 3 Dwr-116, Dwr-116 Firmware, Dwr-116a1 | 2017-08-16 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in the web interface on the D-Link DWR-116 device with firmware before V1.05b09 allows remote attackers to read arbitrary files via a .. (dot dot) in a "GET /uir/" request. | |||||
| CVE-2017-7358 | 2 Canonical, Lightdm Project | 2 Ubuntu Linux, Lightdm | 2017-08-16 | 6.9 MEDIUM | 7.3 HIGH |
| In LightDM through 1.22.0, a directory traversal issue in debian/guest-account.sh allows local attackers to own arbitrary directory path locations and escalate privileges to root when the guest user logs out. | |||||
| CVE-2017-5869 | 1 Nuxeo | 1 Nuxeo | 2017-08-16 | 6.5 MEDIUM | 8.8 HIGH |
| Directory traversal vulnerability in the file import feature in Nuxeo Platform 6.0, 7.1, 7.2, and 7.3 allows remote authenticated users to upload and execute arbitrary JSP code via a .. (dot dot) in the X-File-Name header. | |||||
| CVE-2017-7240 | 1 Miele Professional | 2 Pg 8528, Pst10 Webserver | 2017-08-16 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Miele Professional PST10 devices. The corresponding embedded webserver "PST10 WebServer" typically listens to port 80 and is prone to a directory traversal attack; therefore, an unauthenticated attacker may be able to exploit this issue to access sensitive information to aide in subsequent attacks. A Proof of Concept is GET /../../../../../../../../../../../../etc/shadow HTTP/1.1. This affects PG8527 devices 2.02 before 2.12, PG8527 devices 2.51 before 2.61, PG8527 devices 2.52 before 2.62, PG8527 devices 2.54 before 2.64, PG8528 devices 2.02 before 2.12, PG8528 devices 2.51 before 2.61, PG8528 devices 2.52 before 2.62, PG8528 devices 2.54 before 2.64, PG8535 devices 1.00 before 1.10, PG8535 devices 1.04 before 1.14, PG8536 devices 1.10 before 1.20, and PG8536 devices 1.14 before 1.24. | |||||
| CVE-2016-1429 | 1 Cisco | 4 Rv180 Vpn Router, Rv180 Vpn Router Firmware, Rv180w Wireless-n Multifunction Vpn Router and 1 more | 2017-08-16 | 7.8 HIGH | 7.5 HIGH |
| Directory traversal vulnerability in the web interface on Cisco RV180 and RV180W devices allows remote attackers to read arbitrary files via a crafted HTTP request, aka Bug ID CSCuz43023. | |||||
| CVE-2017-6527 | 1 Dnatools | 1 Dnalims | 2017-08-16 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to a NUL-terminated directory traversal attack allowing an unauthenticated attacker to access system files readable by the web server user (by using the viewAppletFsa.cgi seqID parameter). | |||||
| CVE-2016-5332 | 1 Vmware | 1 Vrealize Log Insight | 2017-08-16 | 5.0 MEDIUM | 5.3 MEDIUM |
| Directory traversal vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.6.0 allows remote attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2017-10949 | 1 Dell | 1 Storage Manager 2016 | 2017-08-15 | 5.0 MEDIUM | 7.5 HIGH |
| Directory Traversal in Dell Storage Manager 2016 R2.1 causes Information Disclosure when the doGet method of the EmWebsiteServlet class doesn't properly validate user provided path before using it in file operations. Was ZDI-CAN-4459. | |||||
| CVE-2017-12586 | 1 Slims | 1 Akasia | 2017-08-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| SLiMS 8 Akasia through 8.3.1 has an arbitrary file reading issue because of directory traversal in the url parameter to admin/help.php. It can be exploited by remote authenticated librarian users. | |||||
| CVE-2017-8841 | 1 Peplink | 12 1350hw2 Firmware, 2500 Firmware, 380hw6 Firmware and 9 more | 2017-08-13 | 7.5 HIGH | 8.1 HIGH |
| Arbitrary file deletion exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The attack methodology is absolute path traversal in cgi-bin/MANGA/firmware_process.cgi via the upfile.path parameter. | |||||
| CVE-2016-9351 | 1 Advantech | 1 Susiaccess | 2017-08-12 | 6.0 MEDIUM | 7.0 HIGH |
| An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. The directory traversal/file upload error allows an attacker to upload and unpack a zip file. | |||||
| CVE-2008-5645 | 1 Orb Networks | 1 Orb | 2017-08-08 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in the media server in Orb Networks Orb before 2.01.0022 allows remote attackers to read arbitrary files via directory traversal sequences in an HTTP GET request. | |||||
| CVE-2008-5175 | 1 Visicommedia | 1 Aceftp | 2017-08-08 | 9.3 HIGH | N/A |
| Directory traversal vulnerability in the FTP client in AceFTP Freeware 3.80.3 and AceFTP Pro 3.80.3 allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a response to a LIST command, a related issue to CVE-2002-1345. | |||||
| CVE-2008-5207 | 1 Jonascms | 1 Jonascms | 2017-08-08 | 6.8 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in Jonascms 1.2 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the taal parameter to (1) backup.php and (2) gb_voegtoe.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-5275 | 1 Net2ftp | 1 Net2ftp | 2017-08-08 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in the (a) "Unzip archive" and (b) "Upload files and archives" functionality in net2ftp 0.96 stable and 0.97 beta allow remote attackers to create, read, or delete arbitrary files via a .. (dot dot) in a filename within a (1) TAR or (2) ZIP archive. NOTE: this can be leveraged for code execution by creating a .php file. | |||||
| CVE-2008-5301 | 1 Dovecot | 1 Dovecot | 2017-08-08 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in the ManageSieve implementation in Dovecot 1.0.15, 1.1, and 1.2 allows remote attackers to read and modify arbitrary .sieve files via a ".." (dot dot) in a script name. | |||||
| CVE-2008-5723 | 1 Cgi-rescue | 2 Kannibbs2000, Kannibbs2000i | 2017-08-08 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in CGI RESCUE KanniBBS2000 (aka KanniBBS2000i, MiniBBS2000, and MiniBBS2000i) before 1.03 allows remote attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2008-5867 | 1 Yerba | 1 Yerba | 2017-08-08 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Yerba SACphp 6.3 allows remote attackers to read arbitrary files, and possibly have other impact, via directory traversal sequences in the mod field contained in the base64-encoded SID parameter to an unspecified component. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-5943 | 1 Navboard | 1 Navboard | 2017-08-08 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in NavBoard 16 (2.6.0) allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module parameter to (1) admin_modules.php and (2) modules.php. | |||||
| CVE-2008-5997 | 1 Ocp2 | 1 Omnicom Content Platform | 2017-08-08 | 7.8 HIGH | N/A |
| Absolute path traversal vulnerability in admin/fileKontrola/browser.asp in Omnicom Content Platform (OCP) 2.0 allows remote attackers to list arbitrary directories via a full pathname in the root parameter. | |||||
| CVE-2008-4499 | 1 Php Web Explorer | 1 Php Web Explorer Lite | 2017-08-08 | 9.3 HIGH | N/A |
| Multiple directory traversal vulnerabilities in PHP Web Explorer 0.99b and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) refer parameter to main.php and the (2) file parameter to edit.php. | |||||
| CVE-2008-4040 | 1 Kyocera Mita | 1 Fs 118mfp | 2017-08-08 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in the Kyocera Command Center in Kyocera FS-118MFP allows remote attackers to read arbitrary files via a .. (dot dot) in the URI. | |||||
| CVE-2008-3776 | 1 Fujitsu | 1 Web Based Admin View | 2017-08-08 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Fujitsu Web-Based Admin View 2.1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI. | |||||
| CVE-2008-4769 | 1 Wordpress | 1 Wordpress | 2017-08-08 | 9.3 HIGH | N/A |
| Directory traversal vulnerability in the get_category_template function in wp-includes/theme.php in WordPress 2.3.3 and earlier, and 2.5, allows remote attackers to include and possibly execute arbitrary PHP files via the cat parameter in index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-3723 | 1 Phpizabi | 1 Phpizabi | 2017-08-08 | 6.3 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in PHPizabi 0.848b C1 HFP3 allows remote authenticated administrators to read arbitrary files via (1) a .. (dot dot), (2) a URL, or possibly (3) a full pathname in the id parameter in an admin.templates.edittemplate action. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-3710 | 1 Hotscripts | 1 Cyboards Php Lite | 2017-08-08 | 5.1 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in CyBoards PHP Lite 1.21 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) script_path parameter to (a) options.php and the (2) lang_code parameter to (b) copy_vip.php and (c) process_edit_board.php in adminopts/. NOTE: some of these vectors might not be vulnerabilities under proper installation. | |||||
| CVE-2008-4797 | 1 Arihiro Kurta | 1 Kantan Web Server | 2017-08-08 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Arihiro Kurata Kantan WEB Server 1.8 and earlier allows remote attackers to read arbitrary files via unknown vectors. | |||||
| CVE-2008-3677 | 1 Openfreeway | 1 Freeway | 2017-08-08 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in includes/events_application_top.php in Freeway before 1.4.2.197 allows remote attackers to include and execute arbitrary local files via unspecified vectors. | |||||
| CVE-2008-4129 | 1 Gallery | 1 Gallery | 2017-08-08 | 4.0 MEDIUM | N/A |
| Gallery before 1.5.9, and 2.x before 2.2.6, does not properly handle ZIP archives containing symbolic links, which allows remote authenticated users to conduct directory traversal attacks and read arbitrary files via vectors related to the archive upload (aka zip upload) functionality. | |||||
| CVE-2008-4437 | 1 Mozilla | 1 Bugzilla | 2017-08-08 | 7.1 HIGH | N/A |
| Directory traversal vulnerability in importxml.pl in Bugzilla before 2.22.5, and 3.x before 3.0.5, when --attach_path is enabled, allows remote attackers to read arbitrary files via an XML file with a .. (dot dot) in the data element. | |||||
| CVE-2008-4489 | 1 Atarone | 1 Atarone | 2017-08-08 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in ap-save.php in Atarone CMS 1.2.0 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the theme_chosen parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-3163 | 1 Regretless | 1 Dodos Mail | 2017-08-08 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in dodosmail.php in DodosMail 2.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the dodosmail_header_file parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-2795 | 1 Idm Computer Solutions Inc | 1 Ultraedit | 2017-08-08 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in the FTP and SFTP clients in IDM Computer Solutions Inc UltraEdit 14.00b allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) or a ..\ (dot dot backslash) in a response to a LIST command. | |||||
| CVE-2008-3333 | 1 Mantis | 1 Mantis | 2017-08-08 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in core/lang_api.php in Mantis before 1.1.2 allows remote attackers to include and execute arbitrary files via the language parameter to the user preferences page (account_prefs_update.php). | |||||
| CVE-2008-2822 | 1 3dftp | 1 3d-ftp Client | 2017-08-08 | 9.3 HIGH | N/A |
| Multiple directory traversal vulnerabilities in the FTP client in 3D-FTP Client 8.01 (8.0 build 1) allow remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a response to a (1) LIST or (2) MLSD command. | |||||
| CVE-2008-2894 | 1 Nch Software | 1 Nch Software Classic Ftp | 2017-08-08 | 9.3 HIGH | N/A |
| Directory traversal vulnerability in the FTP client in NCH Software Classic FTP 1.02 for Windows allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a response to a LIST command, a related issue to CVE-2002-1345. | |||||
| CVE-2008-2635 | 1 Barad Dur | 1 Bitkinex | 2017-08-08 | 9.3 HIGH | N/A |
| Multiple directory traversal vulnerabilities in BitKinex 2.9.3 allow remote FTP and WebDAV servers to create or overwrite arbitrary files via a .. (dot dot) in (1) a response to a LIST command from the BitKinex FTP client and (2) a response to a PROPFIND command from the BitKinex WebDAV client. NOTE: this can be leveraged for code execution by writing to a Startup folder. | |||||
| CVE-2008-3562 | 1 Chupix | 2 Chupix Cms, Cms Contact Module | 2017-08-08 | 5.1 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in the Contact module in Chupix CMS 0.1.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the mods parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-2821 | 2 Glub, Microsoft | 2 Secure Ftp, Windows Nt | 2017-08-08 | 9.3 HIGH | N/A |
| Directory traversal vulnerability in the FTP client in Glub Tech Secure FTP before 2.5.16 on Windows allows remote FTP servers to create or overwrite arbitrary files via a ..\ (dot dot backslash) in a response to a LIST command, a related issue to CVE-2002-1345. | |||||
| CVE-2008-3296 | 1 Xoops | 1 Xoops | 2017-08-08 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in modules/system/admin.php in XOOPS 2.0.18 1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the fct parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-2519 | 1 Core Ftp | 1 Core Ftp | 2017-08-08 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in Core FTP client 2.1 Build 1565 allows remote FTP servers to create or overwrite arbitrary files via .. (dot dot) sequences in responses to LIST commands, a related issue to CVE-2002-1345. NOTE: this can be leveraged for code execution by writing to a Startup folder. | |||||
| CVE-2008-2512 | 1 Symantec | 1 Backupexec System Recovery | 2017-08-08 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Symantec Backup Exec System Recovery Manager 7.x before 7.0.4 and 8.x before 8.0.2 allows remote attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2008-3312 | 1 Lemoncms | 1 Lemon Cms | 2017-08-08 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in lemon_includes/FCKeditor/editor/filemanager/browser/browser.php in Lemon CMS 1.10 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the dir parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this might be an issue in FCKeditor. | |||||
| CVE-2008-2415 | 1 Digitalhive | 1 Digitalhive | 2017-08-08 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in template/purpletech/base_include.php in DigitalHive (aka hive) 2.0 RC2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. | |||||
| CVE-2008-2403 | 1 Sun | 1 Java Asp Server | 2017-08-08 | 10.0 HIGH | N/A |
| Multiple directory traversal vulnerabilities in unspecified ASP applications in Sun Java Active Server Pages (ASP) Server before 4.0.3 allow remote attackers to read or delete arbitrary files via a .. (dot dot) in the Path parameter to the MapPath method. | |||||
| CVE-2008-2399 | 2 Fireftp, Mozilla | 2 Fireftp, Firefox | 2017-08-08 | 9.3 HIGH | N/A |
| Directory traversal vulnerability in the FireFTP add-on before 0.98.20080518 for Firefox allows remote FTP servers to create or overwrite arbitrary files via ..\ (dot dot backslash) sequences in responses to (1) MLSD and (2) LIST commands, a related issue to CVE-2002-1345. NOTE: this can be leveraged for code execution by writing to a Startup folder. | |||||