Search
Total
4706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-2269 | 1 Webster | 1 Webster Http Server | 2017-07-29 | 9.4 HIGH | N/A |
| Directory traversal vulnerability in Webster HTTP Server allows remote attackers to read arbitrary files via a .. (dot dot) in the URL. | |||||
| CVE-2002-2292 | 1 Halycon Software | 1 Iasp | 2017-07-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Remote Console Applet in Halycon Software iASP 1.0.9 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP request to port 9095. | |||||
| CVE-2002-2233 | 1 Mollensoft Software | 1 Enceladus Server Suite | 2017-07-29 | 8.3 HIGH | N/A |
| Directory traversal vulnerability in Enceladus Server Suite 3.9 allows remote attackers to list arbitrary directories and possibly cause a denial of service via "@" (at) characters in a CD (CWD) command, such as (1) "@/....\", (2) "@@@/..c:\", or (3) "@/..@/..". | |||||
| CVE-2003-1345 | 1 Follett Software | 1 Webcollection Plus | 2017-07-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in s.dll in WebCollection Plus 5.00 allows remote attackers to view arbitrary files in c:\ via a full pathname in the d parameter. | |||||
| CVE-2003-1349 | 1 Thomas Krebs | 1 Niteserver Ftpd | 2017-07-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in NITE ftp-server (NiteServer) 1.83 allows remote attackers to list arbitrary directories via a "\.." (backslash dot dot) in the CD (CWD) command. | |||||
| CVE-2003-1351 | 1 Greg Billock | 1 Edittag | 2017-07-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in edittag.cgi in EditTag 1.1 allows remote attackers to read arbitrary files via a "%2F.." (encoded slash dot dot) in the file parameter. | |||||
| CVE-2003-1373 | 1 Phpbb Group | 1 Phpbb | 2017-07-29 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in auth.php for PhpBB 1.4.0 through 1.4.4 allows remote attackers to read and include arbitrary files via .. (dot dot) sequences followed by NULL (%00) characters in CGI parameters, as demonstrated using the lang parameter in prefs.php. | |||||
| CVE-2003-1380 | 1 Bisonftp | 1 Bisonftp Server 4 | 2017-07-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in BisonFTP Server 4 release 2 allows remote attackers to (1) list directories above the root via an 'ls @../' command, or (2) list files above the root via a "mget @../FILE" command. | |||||
| CVE-2003-1413 | 1 Apple | 2 Darwin Streaming Server, Quicktime Streaming Server | 2017-07-29 | 4.3 MEDIUM | N/A |
| parse_xml.cgi in Apple Darwin Streaming Server 4.1.1 allows remote attackers to determine the existence of arbitrary files by using ".." sequences in the filename parameter and comparing the resulting error messages. | |||||
| CVE-2003-1414 | 1 Apple | 2 Darwin Streaming Server, Quicktime Streaming Server | 2017-07-29 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in parse_xml.cg Apple Darwin Streaming Server 4.1.2 and Apple Quicktime Streaming Server 4.1.1 allows remote attackers to read arbitrary files via a ... (triple dot) in the filename parameter. | |||||
| CVE-2003-1430 | 3 Epic Games, Linux, Microsoft | 3 Unreal Engine, Linux Kernel, All Windows | 2017-07-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Unreal Tournament Server 436 and earlier allows remote attackers to access known files via a ".." (dot dot) in an unreal:// URL. | |||||
| CVE-2003-1427 | 1 Netgear | 1 Fm114p | 2017-07-29 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in the web configuration interface in Netgear FM114P 1.4 allows remote attackers to read arbitrary files, such as the netgear.cfg configuration file, via a hex-encoded (%2e%2e%2f) ../ (dot dot slash) in the port parameter. | |||||
| CVE-2003-1465 | 1 Phorum | 1 Phorum | 2017-07-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in download.php in Phorum 3.4 through 3.4.2 allows remote attackers to read arbitrary files. | |||||
| CVE-2003-1499 | 1 Bytehoard | 1 Bytehoard | 2017-07-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in Bytehoard 0.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the infolder parameter. | |||||
| CVE-2003-1501 | 1 Gast Arbeiter | 1 Gast Arbeiter | 2017-07-29 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in the file upload CGI of Gast Arbeiter 1.3 allows remote attackers to write arbitrary files via a .. (dot dot) in the req_file parameter. | |||||
| CVE-2003-1529 | 1 Seagull Software Systems | 1 J Walk Application Server | 2017-07-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Seagull Software Systems J Walk application server 3.2C9, and other versions before 3.3c4, allows remote attackers to read arbitrary files via a ".%252e" (encoded dot dot) in the URL. | |||||
| CVE-2004-2749 | 1 2wire | 1 Homeportal | 2017-07-29 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in wra/public/wralogin in 2Wire Gateway, possibly as used in HomePortal and other product lines, allows remote attackers to read arbitrary files via a .. (dot dot) in the return parameter. NOTE: this issue was reported as XSS, but this might be a terminology error. | |||||
| CVE-2017-2240 | 2 Apple, Hammock | 2 Mac Os X, Assetview | 2017-07-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| Directory traversal vulnerability in AssetView for MacOS Ver.9.2.0 and earlier versions allows remote attackers to read arbitrary files via "File Transfer Web Service". | |||||
| CVE-2017-1000002 | 1 Atutor | 1 Atutor | 2017-07-27 | 7.5 HIGH | 9.8 CRITICAL |
| ATutor versions 2.2.1 and earlier are vulnerable to a directory traversal and file extension check bypass in the Course component resulting in code execution. ATutor versions 2.2.1 and earlier are vulnerable to a directory traversal vulnerability in the Course Icon component resulting in information disclosure. | |||||
| CVE-2016-10106 | 1 Netgear | 8 Fvs318gv2, Fvs318gv2 Firmware, Fvs318n and 5 more | 2017-07-27 | 4.0 MEDIUM | 6.5 MEDIUM |
| Directory traversal vulnerability in scgi-bin/platform.cgi on NETGEAR FVS336Gv3, FVS318N, FVS318Gv2, and SRX5308 devices with firmware before 4.3.3-8 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the thispage parameter, as demonstrated by reading the /etc/shadow file. | |||||
| CVE-2016-10400 | 1 Atutor | 1 Atutor | 2017-07-26 | 5.0 MEDIUM | 7.5 HIGH |
| Directory Traversal exists in ATutor before 2.2.2 via the icon parameter to /mods/_core/courses/users/create_course.php. The attacker can read an arbitrary file by visiting get_course_icon.php?id= after the traversal attack. | |||||
| CVE-2017-11456 | 1 Geneko | 8 Gwr202 Gprs Router, Gwr202 Gprs Router Firmware, Gwr252 Edge Router and 5 more | 2017-07-25 | 5.0 MEDIUM | 7.5 HIGH |
| Geneko GWR routers allow directory traversal sequences starting with a /../ substring, as demonstrated by unauthenticated read access to the configuration file. | |||||
| CVE-2017-11469 | 1 Idera | 1 Uptime Infrastructure Monitor | 2017-07-24 | 5.0 MEDIUM | 7.5 HIGH |
| get2post.php in IDERA Uptime Monitor 7.8 has directory traversal in the file_name parameter. | |||||
| CVE-2017-11440 | 1 Sitecore | 1 Cms | 2017-07-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| In Sitecore 8.2, there is absolute path traversal via the shell/Applications/Layouts/IDE.aspx fi parameter and the admin/LinqScratchPad.aspx Reference parameter. | |||||
| CVE-2006-5981 | 1 Biba Software | 1 Seleniumserver Ftp Server | 2017-07-20 | 6.4 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in SeleniumServer FTP Server 1.0, and possibly earlier, allow remote attackers to list arbitrary directories, read arbitrary files, and upload arbitrary files via directory traversal sequences in the (1) DIR (LIST or NLST), (2) GET (RETR), and (3) PUT (STOR) commands. | |||||
| CVE-2006-5846 | 1 Freewebshop | 1 Freewebshop | 2017-07-20 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in FreeWebshop 2.2.2 and earlier allows remote attackers to read and include arbitrary files via a .. (dot dot) in the page parameter, a different vector than CVE-2006-5773. | |||||
| CVE-2006-5031 | 1 Cakefoundation | 1 Cakephp | 2017-07-20 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in app/webroot/js/vendors.php in Cake Software Foundation CakePHP before 1.1.8.3544 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, followed by a filename ending with "%00" and a .js filename. | |||||
| CVE-2006-4013 | 1 Symantec | 1 Brightmail Antispam | 2017-07-20 | 7.6 HIGH | N/A |
| Multiple directory traversal vulnerabilities in Symantec Brightmail AntiSpam (SBAS) before 6.0.4, when the Control Center is allowed to connect from any computer, allow remote attackers to read and overwrite certain files via directory traversal sequences in (1) DATABLOB-GET and (2) DATABLOB-SAVE requests. | |||||
| CVE-2006-1746 | 1 Tincan | 1 Phplist | 2017-07-20 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in PHPList 2.10.2 and earlier allows remote attackers to include arbitrary local files via the (1) GLOBALS[database_module] or (2) GLOBALS[language_module] parameters, which overwrite the underlying $GLOBALS variable. | |||||
| CVE-2006-1095 | 1 Apache | 1 Mod Python | 2017-07-20 | 7.2 HIGH | N/A |
| Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie. | |||||
| CVE-2006-0223 | 1 Topcmm Computing | 1 123 Flash Chat Server | 2017-07-20 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Shanghai TopCMM 123 Flash Chat Server Software 5.1 allows attackers to create or overwrite arbitrary files on the server via ".." (dot dot) sequences in the username field. | |||||
| CVE-2017-1000062 | 1 Kitto Project | 1 Kitto | 2017-07-19 | 5.0 MEDIUM | 7.5 HIGH |
| kittoframework kitto 0.5.1 is vulnerable to directory traversal in the router resulting in remote code execution | |||||
| CVE-2017-8003 | 1 Emc | 1 Data Protection Advisor | 2017-07-17 | 6.8 MEDIUM | 4.9 MEDIUM |
| EMC Data Protection Advisor prior to 6.4 contains a path traversal vulnerability. A remote authenticated high privileged user may potentially exploit this vulnerability to access unauthorized information from the underlying OS server by supplying specially crafted strings in input parameters of the application. | |||||
| CVE-2015-1579 | 1 Elegant Themes | 1 Divi | 2017-07-17 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the Elegant Themes Divi theme for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter in a revslider_show_image action to wp-admin/admin-ajax.php. NOTE: this vulnerability may be a duplicate of CVE-2014-9734. | |||||
| CVE-2017-10974 | 1 Yaws | 1 Yaws | 2017-07-14 | 5.0 MEDIUM | 7.5 HIGH |
| Yaws 1.91 allows Unauthenticated Remote File Disclosure via HTTP Directory Traversal with /%5C../ to port 8080. NOTE: this CVE is only about use of an initial /%5C sequence to defeat traversal protection mechanisms; the initial /%5C sequence was apparently not discussed in earlier research on this product. | |||||
| CVE-2015-3297 | 1 Etherpad | 1 Etherpad | 2017-07-14 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in node/utils/Minify.js in Etherpad 1.1.1 through 1.5.2 allows remote attackers to read arbitrary files by leveraging replacement of backslashes with slashes in the path parameter of HTTP API requests. | |||||
| CVE-2017-3851 | 1 Cisco | 1 Iox | 2017-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| A Directory Traversal vulnerability in the web framework code of the Cisco application-hosting framework (CAF) component of the Cisco IOx application environment could allow an unauthenticated, remote attacker to read any file from the CAF in the virtual instance running on the affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by submitting crafted requests to the CAF web interface. The impacts of a successful exploit are limited to the scope of the virtual instance and do not impact the router that is hosting Cisco IOx. Cisco IOx Releases 1.0.0.0 and 1.1.0.0 are vulnerable. Cisco Bug IDs: CSCuy52302. | |||||
| CVE-2017-6629 | 1 Cisco | 1 Unity Connection | 2017-07-11 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the ImageID parameter of Cisco Unity Connection 10.5(2) could allow an unauthenticated, remote attacker to access files in arbitrary locations on the filesystem of an affected device. The issue is due to improper sanitization of user-supplied input in HTTP POST parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location. Cisco Bug IDs: CSCvd90118. | |||||
| CVE-2005-3347 | 1 Phpgroupware | 1 Phpgroupware | 2017-07-11 | 6.8 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in index.php in phpSysInfo 2.4 and earlier, as used in phpgroupware 0.9.16 and earlier, and egrouwpware before 1.0.0.009, allow remote attackers to include arbitrary files via .. (dot dot) sequences in the (1) sensor_program parameter or the (2) _SERVER[HTTP_ACCEPT_LANGUAGE] parameter, which overwrites an internal variable, a variant of CVE-2003-0536. NOTE: due to a typo in an advisory, an issue in osh was inadvertently linked to this identifier; the proper identifier for the osh issue is CVE-2005-3346. | |||||
| CVE-2005-1925 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in Tikiwiki before 1.9.1 allow remote attackers to read arbitrary files and execute commands via (1) the suck_url parameter to tiki-editpage.php or (2) language parameter to tiki-user_preferences.php. | |||||
| CVE-2004-1927 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the map feature (tiki-map.phtml) in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to determine the existence of arbitrary files via .. (dot dot) sequences in the mapfile parameter. | |||||
| CVE-2004-1444 | 1 Roundup-tracker | 1 Roundup | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Roundup 0.6.4 and earlier allows remote attackers to view arbitrary files via .. (dot dot) sequences in an @@ command in an HTTP GET request. | |||||
| CVE-2001-1432 | 1 Cherokee | 1 Cherokee Httpd | 2017-07-11 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in Cherokee Web Server allows remote attackers to read arbitrary files via a .. (dot dot) in the URL. | |||||
| CVE-2017-6636 | 1 Cisco | 1 Prime Collaboration Provisioning | 2017-07-08 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software (prior to Release 11.1) could allow an authenticated, remote attacker to view any file on an affected system. The vulnerability exists because the affected software does not perform proper input validation of HTTP requests and fails to apply role-based access controls (RBACs) to requested HTTP URLs. An attacker could exploit this vulnerability by sending a crafted HTTP request that uses directory traversal techniques to submit a path to a desired file location on an affected system. A successful exploit could allow the attacker to view any file on the system. Cisco Bug IDs: CSCvc99604. | |||||
| CVE-2017-6652 | 1 Cisco | 1 Telepresence Ix5000 | 2017-07-08 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the web framework of the Cisco TelePresence IX5000 Series could allow an unauthenticated, remote attacker to access arbitrary files on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by using directory traversal techniques to read files within the Cisco TelePresence IX5000 Series filesystem. This vulnerability affects Cisco TelePresence IX5000 Series devices running software version 8.2.0. Cisco Bug IDs: CSCvc52325. | |||||
| CVE-2017-6704 | 1 Cisco | 1 Prime Collaboration Provisioning | 2017-07-07 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the web application in the Cisco Prime Collaboration Provisioning tool could allow an authenticated, remote attacker to perform arbitrary file downloads that could allow the attacker to read files from the underlying filesystem. More Information: CSCvc90335. Known Affected Releases: 12.1. | |||||
| CVE-2017-9097 | 1 Hoytech | 1 Antiweb | 2017-07-05 | 6.4 MEDIUM | 9.1 CRITICAL |
| In Anti-Web through 3.8.7, as used on NetBiter FGW200 devices through 3.21.2, WS100 devices through 3.30.5, EC150 devices through 1.40.0, WS200 devices through 3.30.4, EC250 devices through 1.40.0, and other products, an LFI vulnerability allows a remote attacker to read or modify files through a path traversal technique, as demonstrated by reading the password file, or using the template parameter to cgi-bin/write.cgi to write to an arbitrary file. | |||||
| CVE-2017-9829 | 1 Vivotek | 6 Network Camera Fd8164, Network Camera Fd8164 Firmware, Network Camera Fd816ba and 3 more | 2017-07-05 | 5.0 MEDIUM | 7.5 HIGH |
| '/cgi-bin/admin/downloadMedias.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable, which allows remote attackers to read any file on the camera's Linux filesystem via a crafted HTTP request containing ".." sequences. This vulnerability is already verified on VIVOTEK Network Camera IB8369/FD8164/FD816BA; most others have similar firmware that may be affected. | |||||
| CVE-2015-0557 | 2 Arj Software, Fedoraproject | 2 Arj Archiver, Fedora | 2017-07-01 | 5.8 MEDIUM | N/A |
| Open-source ARJ archiver 3.10.22 does not properly remove leading slashes from paths, which allows remote attackers to conduct absolute path traversal attacks and write to arbitrary files via multiple leading slashes in a path in an ARJ archive. | |||||
| CVE-2014-8737 | 3 Canonical, Fedoraproject, Gnu | 3 Ubuntu Linux, Fedora, Binutils | 2017-07-01 | 3.6 LOW | N/A |
| Multiple directory traversal vulnerabilities in GNU binutils 2.24 and earlier allow local users to delete arbitrary files via a .. (dot dot) or full path name in an archive to (1) strip or (2) objcopy or create arbitrary files via (3) a .. (dot dot) or full path name in an archive to ar. | |||||