Search
Total
4706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-7780 | 1 Zohocorp | 1 Manageengine Firewall Analyzer | 2017-06-30 | 4.0 MEDIUM | 6.5 MEDIUM |
| Directory traversal vulnerability in ManageEngine Firewall Analyzer before 8.0. | |||||
| CVE-2017-6681 | 1 Cisco | 1 Ultra Services Framework | 2017-06-21 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the AutoVNF VNFStagingView class of Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to execute a relative path traversal attack, enabling an attacker to read sensitive files on the system. More Information: CSCvc76662. Known Affected Releases: 21.0.0. | |||||
| CVE-2016-7825 | 1 Buffalotech | 2 Wnc01wh, Wnc01wh Firmware | 2017-06-15 | 4.0 MEDIUM | 6.5 MEDIUM |
| Directory traversal vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to read arbitrary files via specially crafted commands. | |||||
| CVE-2016-7826 | 1 Buffalotech | 2 Wnc01wh, Wnc01wh Firmware | 2017-06-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| Directory traversal vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to read arbitrary files via specially crafted POST requests. | |||||
| CVE-2015-7888 | 1 Samsung | 2 Galaxy S6 Edge, Galaxy S6 Edge Firmware | 2017-06-14 | 7.8 HIGH | 7.5 HIGH |
| Directory traversal vulnerability in the WifiHs20UtilityService on the Samsung S6 Edge LRX22G.G925VVRU1AOE2 allows remote attackers to overwrite or create arbitrary files as the system-level user via a .. (dot dot) in the name of a file, compressed into a zipped file named cred.zip, and downloaded to /sdcard/Download. | |||||
| CVE-2016-7802 | 1 Cybozu | 1 Garoon | 2017-06-13 | 4.0 MEDIUM | 6.5 MEDIUM |
| Directory traversal vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2015-5473 | 1 Samsung | 1 Syncthru 6 | 2017-06-12 | 10.0 HIGH | 9.8 CRITICAL |
| Multiple directory traversal vulnerabilities in Samsung SyncThru 6 before 1.0 allow remote attackers to delete arbitrary files via unspecified parameters to (1) upload/updateDriver or (2) upload/addDriver or to execute arbitrary code with SYSTEM privileges via unspecified parameters to (3) uploadCloning.html, (4) fileupload.html, (5) uploadFirmware.html, or (6) upload/driver. | |||||
| CVE-2014-9983 | 1 Rarlab | 1 Rar | 2017-06-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| Directory Traversal exists in RAR 4.x and 5.x because an unpack operation follows any symlinks, including symlinks contained in the archive. This allows remote attackers to write to arbitrary files via a crafted archive. | |||||
| CVE-2017-9416 | 1 Odoo | 1 Odoo | 2017-06-08 | 4.0 MEDIUM | 6.5 MEDIUM |
| Directory traversal vulnerability in tools.file_open in Odoo 8.0, 9.0, and 10.0 allows remote authenticated users to read arbitrary local files readable by the Odoo service. | |||||
| CVE-2015-0269 | 1 Contao | 1 Contao Cms | 2017-06-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| Directory traversal vulnerability in Contao before 3.2.19, and 3.4.x before 3.4.4 allows remote authenticated "back end" users to view files outside their file mounts or the document root via unspecified vectors. | |||||
| CVE-2015-5609 | 1 Image-export Project | 1 Image-export | 2017-06-08 | 6.4 MEDIUM | 9.1 CRITICAL |
| Absolute path traversal vulnerability in the Image Export plugin 1.1 for WordPress allows remote attackers to read and delete arbitrary files via a full pathname in the file parameter to download.php. | |||||
| CVE-2017-5966 | 1 Sitecore | 1 Crm | 2017-06-08 | 4.0 MEDIUM | 4.9 MEDIUM |
| Sitecore CRM 8.1 Rev 151207 allows remote authenticated administrators to read arbitrary files via an absolute path traversal attack on sitecore/shell/download.aspx with the file parameter. | |||||
| CVE-2017-9428 | 2 Bigtreecms, Microsoft | 2 Bigtree Cms, Windows | 2017-06-06 | 5.0 MEDIUM | 7.5 HIGH |
| A directory traversal vulnerability exists in core\admin\ajax\developer\extensions\file-browser.php in BigTree CMS through 4.2.18 on Windows, allowing attackers to read arbitrary files via ..\ sequences in the directory parameter. | |||||
| CVE-2017-7433 | 1 Micro Focus | 1 Vibe | 2017-06-01 | 4.0 MEDIUM | 6.5 MEDIUM |
| An absolute path traversal vulnerability (CWE-36) in Micro Focus Vibe 4.0.2 and earlier allows a remote authenticated attacker to download arbitrary files from the server by submitting a specially crafted request to the viewFile endpoint. Note that the attack can be performed without authentication if Guest access is enabled (Guest access is disabled by default). | |||||
| CVE-2015-5468 | 1 Wpshopstyling | 1 Wp E-commerce Shop Styling | 2017-06-01 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in the WP e-Commerce Shop Styling plugin before 2.6 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter to includes/download.php. | |||||
| CVE-2017-9067 | 2 Modx, Php | 2 Modx Revolution, Php | 2017-05-31 | 4.4 MEDIUM | 7.0 HIGH |
| In MODX Revolution before 2.5.7, when PHP 5.3.3 is used, an attacker is able to include and execute arbitrary files on the web server due to insufficient validation of the action parameter to setup/index.php, aka directory traversal. | |||||
| CVE-2015-5469 | 1 Mdc Youtube Downloader Project | 1 Mdc Youtube Downloader | 2017-05-31 | 5.0 MEDIUM | 7.5 HIGH |
| Absolute path traversal vulnerability in the MDC YouTube Downloader plugin 2.1.0 for WordPress allows remote attackers to read arbitrary files via a full pathname in the file parameter to includes/download.php. | |||||
| CVE-2015-4704 | 1 Download Zip Attachments Project | 1 Download Zip Attachments | 2017-05-31 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in the Download Zip Attachments plugin 1.0 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the File parameter to download.php. | |||||
| CVE-2017-8921 | 1 Flightgear | 1 Flightgear | 2017-05-26 | 5.0 MEDIUM | 7.5 HIGH |
| In FlightGear before 2017.2.1, the FGCommand interface allows overwriting any file the user has write access to, but not with arbitrary data: only with the contents of a FlightGear flightplan (XML). A resource such as a malicious third-party aircraft could exploit this to damage files belonging to the user. Both this issue and CVE-2016-9956 are directory traversal vulnerabilities in Autopilot/route_mgr.cxx - this one exists because of an incomplete fix for CVE-2016-9956. | |||||
| CVE-2017-9030 | 1 Codextrous | 1 B2j Contact | 2017-05-26 | 5.0 MEDIUM | 7.5 HIGH |
| The Codextrous B2J Contact (aka b2j_contact) extension before 2.1.13 for Joomla! allows a directory traversal attack that bypasses a uniqid protection mechanism, and makes it easier to read arbitrary uploaded files. | |||||
| CVE-2016-7982 | 1 Spip | 1 Spip | 2017-05-24 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to enumerate the files on the system via the var_url parameter in a valider_xml action. | |||||
| CVE-2017-2163 | 1 N-i-agroinformatics | 1 Soy Cms | 2017-05-23 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in SOY CMS Ver.1.8.1 to Ver.1.8.12 allows authenticated attackers to read arbitrary files via shop_id. | |||||
| CVE-2017-8868 | 1 Flatcore | 1 Flatcore-cms | 2017-05-17 | 5.0 MEDIUM | 7.5 HIGH |
| acp/core/files.browser.php in flatCore 1.4.7 allows file deletion via directory traversal in the delete parameter to acp/acp.php. The risk might be limited to requests submitted through CSRF. | |||||
| CVE-2016-10367 | 1 Opsview | 1 Opsview | 2017-05-17 | 5.0 MEDIUM | 7.5 HIGH |
| In Opsview Monitor Pro (Prior to 5.1.0.162300841, prior to 5.0.2.27475, prior to 4.6.4.162391051, and 4.5.x without a certain 2016 security patch), an unauthenticated Directory Traversal vulnerability can be exploited by issuing a specially crafted HTTP GET request utilizing a simple URL encoding bypass, %252f instead of /. | |||||
| CVE-2017-8853 | 1 Fiyo | 1 Fiyo Cms | 2017-05-17 | 6.4 MEDIUM | 7.5 HIGH |
| Fiyo CMS v2.0.7 has an arbitrary file delete vulnerability in dapur/apps/app_config/controller/backuper.php via directory traversal in the file parameter during an act=db action. | |||||
| CVE-2016-7843 | 1 Hibara Software | 3 Attachecase For Java, Attachecase Lite, Attachecase Pro | 2017-05-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| Directory traversal vulnerability in AttacheCase for Java 0.60 and earlier, AttacheCase Lite 1.4.6 and earlier, and AttacheCase Pro 1.5.7 and earlier allows remote attackers to read arbitrary files via specially crafted ATC file. | |||||
| CVE-2017-8283 | 1 Debian | 1 Dpkg | 2017-05-10 | 7.5 HIGH | 9.8 CRITICAL |
| dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source on NetBSD. | |||||
| CVE-2016-8593 | 1 Trendmicro | 1 Threat Discovery Appliance | 2017-05-10 | 6.5 MEDIUM | 8.8 HIGH |
| Directory traversal vulnerability in upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via a .. (dot dot) in the dID parameter. | |||||
| CVE-2017-8297 | 1 Simple-file-manager Project | 1 Simple-file-manager | 2017-05-10 | 7.5 HIGH | 9.8 CRITICAL |
| A path traversal vulnerability exists in simple-file-manager before 2017-04-26, affecting index.php (the sole "Simple PHP File Manager" component). | |||||
| CVE-2016-7842 | 1 Hibara | 1 Attachecase | 2017-05-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| Directory traversal vulnerability in AttacheCase 2.8.2.8 and earlier and 3.2.0.4 and earlier allows remote attackers to read arbitrary files via specially crafted ATC file. | |||||
| CVE-2017-8115 | 1 Modx | 1 Modx Revolution | 2017-05-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| Directory traversal in setup/processors/url_search.php (aka the search page of an unused processor) in MODX Revolution 2.5.7 might allow remote attackers to obtain system directory information. | |||||
| CVE-2017-2150 | 1 Booking Calendar Project | 1 Booking Calendar | 2017-05-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| Directory traversal vulnerability in Booking Calendar version 7.0 and earlier allows remote attackers to read arbitrary files via specially crafted captcha_chalange parameter. | |||||
| CVE-2017-2117 | 1 Cubecart | 1 Cubecart | 2017-05-05 | 4.0 MEDIUM | 4.9 MEDIUM |
| Directory traversal vulnerability in CubeCart versions prior to 6.1.5 allows attacker with administrator rights to read arbitrary files via unspecified vectors. | |||||
| CVE-2017-2090 | 1 Cubecart | 1 Cubecart | 2017-05-05 | 4.0 MEDIUM | 6.5 MEDIUM |
| Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2017-2098 | 1 Cubecart | 1 Cubecart | 2017-05-05 | 4.0 MEDIUM | 6.5 MEDIUM |
| Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2017-2119 | 1 Wbce | 1 Wbce Cms | 2017-05-03 | 5.0 MEDIUM | 8.6 HIGH |
| Directory traversal vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2015-7245 | 1 D-link | 2 Dvg-n5402sp, Dvg-n5402sp Firmware | 2017-04-28 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 allows remote attackers to read sensitive information via a .. (dot dot) in the errorpage parameter. | |||||
| CVE-2015-0107 | 1 Ibm | 11 Change And Configuration Management Database, Maximo Asset Management, Maximo Asset Management Essentials and 8 more | 2017-04-27 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX003, and 7.6 before 7.6.0.0 IFIX002 allow remote authenticated users to conduct directory traversal attacks via unspecified vectors. | |||||
| CVE-2015-8780 | 1 Samsung | 1 Kies | 2017-04-25 | 6.9 MEDIUM | 6.4 MEDIUM |
| Samsung wssyncmlnps before 2015-10-31 allows directory traversal in a Kies restore, aka ZipFury. | |||||
| CVE-2016-5312 | 1 Symantec | 1 Messaging Gateway | 2017-04-22 | 4.0 MEDIUM | 6.5 MEDIUM |
| Directory traversal vulnerability in the charting component in Symantec Messaging Gateway before 10.6.2 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the sn parameter to brightmail/servlet/com.ve.kavachart.servlet.ChartStream. | |||||
| CVE-2015-8283 | 1 Seawell Networks | 1 Spectrum Sdc | 2017-04-19 | 6.8 MEDIUM | 6.5 MEDIUM |
| Directory traversal vulnerability in configure_manage.php in SeaWell Networks Spectrum SDC 02.05.00. | |||||
| CVE-2017-7462 | 1 Intellinet-network | 2 Nfc-30ir, Nfc-30ir Firmware | 2017-04-18 | 7.5 HIGH | 9.8 CRITICAL |
| Intellinet NFC-30ir IP Camera has a vendor backdoor that can allow a remote attacker access to a vendor-supplied CGI script in the web directory. | |||||
| CVE-2017-7461 | 1 Intellinet-network | 2 Nfc-30ir, Nfc-30ir Firmware | 2017-04-18 | 6.8 MEDIUM | 4.9 MEDIUM |
| Directory traversal vulnerability in the web-based management site on the Intellinet NFC-30ir IP Camera with firmware LM.1.6.16.05 allows remote attackers to read arbitrary files via a request to a vendor-supplied CGI script that is used to read HTML text file, but that does not do any URI/path sanitization. | |||||
| CVE-2016-7552 | 1 Trendmicro | 1 Threat Discovery Appliance | 2017-04-17 | 10.0 HIGH | 9.8 CRITICAL |
| On the Trend Micro Threat Discovery Appliance 2.6.1062r1, directory traversal when processing a session_id cookie allows a remote, unauthenticated attacker to delete arbitrary files as root. This can be used to bypass authentication or cause a DoS. | |||||
| CVE-2015-7270 | 1 Dell | 4 Integrated Remote Access Controller 6, Integrated Remote Access Controller 7, Integrated Remote Access Controller 8 and 1 more | 2017-04-14 | 4.6 MEDIUM | 7.8 HIGH |
| Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 and 7/8 before 2.21.21.21 allows directory traversal. | |||||
| CVE-2017-7565 | 1 Splunk | 1 Hadoop Connect | 2017-04-12 | 6.5 MEDIUM | 8.8 HIGH |
| Splunk Hadoop Connect App has a path traversal vulnerability that allows remote authenticated users to execute arbitrary code, aka ERP-2041. | |||||
| CVE-2017-4980 | 1 Emc | 1 Isilon Onefs | 2017-04-10 | 5.0 MEDIUM | 7.5 HIGH |
| EMC Isilon OneFS is affected by a path traversal vulnerability that may potentially be exploited by attackers to compromise the affected system. Affected versions are 7.1.0 - 7.1.1.10, 7.2.0 - 7.2.1.3, and 8.0.0 - 8.0.0.1. | |||||
| CVE-2017-7258 | 1 Auromeera | 1 Emli | 2017-04-10 | 5.0 MEDIUM | 7.5 HIGH |
| HTTP Exploit in eMLi Portal in AuroMeera Technometrix Pvt. Ltd. eMLi allows an Attacker to View Restricted Information or (even more seriously) execute powerful commands on the web server which can lead to a full compromise of the system via Directory Path Traversal, as demonstrated by reading core-emli/Storage. The affected versions are eMLi School Management 1.0, eMLi College Campus Management 1.0, and eMLi University Management 1.0. | |||||
| CVE-2017-5899 | 1 S-nail Project | 1 S-nail | 2017-03-31 | 6.9 MEDIUM | 7.0 HIGH |
| Directory traversal vulnerability in the setuid root helper binary in S-nail (later S-mailx) before 14.8.16 allows local users to write to arbitrary files and consequently gain root privileges via a .. (dot dot) in the randstr argument. | |||||
| CVE-2016-4323 | 3 Canonical, Debian, Pidgin | 3 Ubuntu Linux, Debian Linux, Pidgin | 2017-03-30 | 5.8 MEDIUM | 3.7 LOW |
| A directory traversal exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an overwrite of files. A malicious server or someone with access to the network traffic can provide an invalid filename for a splash image triggering the vulnerability. | |||||