Total
6435 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-20720 | 1 Cisco | 1 Ios Xe | 2024-09-17 | 5.5 Medium |
Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory. | ||||
CVE-2020-7687 | 1 Fast-http Project | 1 Fast-http | 2024-09-17 | 7.5 High |
This affects all versions of package fast-http. There is no path sanitization in the path provided at fs.readFile in index.js. | ||||
CVE-2022-20725 | 1 Cisco | 67 800m Integrated Services Router, 807 Industrial Integrated Services Router, 812 3g Integrated Services Router and 64 more | 2024-09-17 | 5.5 Medium |
Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory. | ||||
CVE-2022-23082 | 1 Mend | 1 Curekit | 2024-09-17 | 7.5 High |
In CureKit versions v1.0.1 through v1.1.3 are vulnerable to path traversal as the function isFileOutsideDir fails to sanitize the user input which may lead to path traversal. | ||||
CVE-2018-7654 | 1 3cx | 1 3cx | 2024-09-17 | N/A |
On 3CX 15.5.6354.2 devices, the parameter "file" in the request "/api/RecordingList/download?file=" allows full access to files on the server via path traversal. | ||||
CVE-2013-1469 | 1 Piwigo | 1 Piwigo | 2024-09-17 | N/A |
Directory traversal vulnerability in install.php in Piwigo before 2.4.7 allows remote attackers to read and delete arbitrary files via a .. (dot dot) in the dl parameter. | ||||
CVE-2017-16166 | 1 Byucslabsix Project | 1 Byucslabsix | 2024-09-17 | N/A |
byucslabsix is an http server. byucslabsix is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||||
CVE-2017-1723 | 1 Ibm | 3 Qradar Incident Forensics, Qradar Network Insights, Qradar Security Information And Event Manager | 2024-09-17 | N/A |
IBM Security QRadar SIEM 7.2 and 7.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 134812. | ||||
CVE-2013-4093 | 1 Imperva | 1 Securesphere | 2024-09-17 | N/A |
The SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows remote attackers to obtain sensitive information via (1) a direct request to dwr/call/plaincall/AsyncOperationsContainer.getOperationState.dwr, which reveals the installation path in the s0.filePath field, or (2) a T/keyManagement request to plain/settings.html, which reveals a temporary path in an error message. | ||||
CVE-2021-21514 | 1 Dell | 1 Openmanage Server Administrator | 2024-09-17 | 4.9 Medium |
Dell EMC OpenManage Server Administrator (OMSA) versions 9.5 and prior contain a path traversal vulnerability. A remote user with admin privileges could potentially exploit this vulnerability to view arbitrary files on the target system by sending a specially crafted URL request. | ||||
CVE-2014-2864 | 1 Paperthin | 1 Commonspot Content Server | 2024-09-17 | N/A |
Multiple directory traversal vulnerabilities in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allow remote attackers to have an unspecified impact via a filename parameter containing directory traversal sequences. | ||||
CVE-2019-11822 | 1 Synology | 1 Photo Station | 2024-09-17 | 4.3 Medium |
Relative path traversal vulnerability in SYNO.PhotoStation.File in Synology Photo Station before 6.8.11-3489 and before 6.3-2977 allows remote attackers to upload arbitrary files via the uploadphoto parameter. | ||||
CVE-2021-43555 | 1 Myscada | 1 Mydesigner | 2024-09-17 | 7.3 High |
mySCADA myDESIGNER Versions 8.20.0 and prior fails to properly validate contents of an imported project file, which may make the product vulnerable to a path traversal payload. This vulnerability may allow an attacker to plant files on the file system in arbitrary locations or overwrite existing files, resulting in remote code execution. | ||||
CVE-2022-20822 | 1 Cisco | 1 Identity Services Engine | 2024-09-17 | 7.1 High |
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to read and delete files on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains certain character sequences to an affected system. A successful exploit could allow the attacker to read or delete specific files on the device that their configured administrative level should not have access to. Cisco plans to release software updates that address this vulnerability. | ||||
CVE-2017-16152 | 1 Static-html-server Project | 1 Static-html-server | 2024-09-17 | N/A |
static-html-server is a static file server. static-html-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||||
CVE-2021-20517 | 1 Ibm | 1 Websphere Application Server Nd | 2024-09-17 | 8.8 High |
IBM WebSphere Application Server Network Deployment 8.5 and 9.0 could allow a remote authenticated attacker to traverse directories. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to read and delete arbitrary files on the system. IBM X-Force ID: 198435. | ||||
CVE-2020-3241 | 1 Cisco | 1 Ucs Director | 2024-09-17 | 6.5 Medium |
A vulnerability in the orchestration tasks of Cisco UCS Director could allow an authenticated, remote attacker to perform a path traversal attack on an affected device. The vulnerability is due to insufficient validation of user-supplied input on the web-based management interface. An attacker could exploit this vulnerability by creating a task with specific configuration parameters. A successful exploit could allow the attacker to overwrite arbitrary files in the file system of an affected device. | ||||
CVE-2021-32516 | 1 Qsan | 1 Storage Manager | 2024-09-17 | 7.5 High |
Path traversal vulnerability in share_link in QSAN Storage Manager allows remote attackers to download arbitrary files. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3. | ||||
CVE-2023-45686 | 1 Southrivertech | 1 Titan Mfp Server | 2024-09-17 | 7.2 High |
Insufficient path validation when writing a file via WebDAV in South River Technologies' Titan MFT and Titan SFTP servers on Linux allows an authenticated attacker to write a file to any location on the filesystem via path traversal | ||||
CVE-2016-6795 | 1 Apache | 1 Struts | 2024-09-17 | N/A |
In the Convention plugin in Apache Struts 2.3.x before 2.3.31, and 2.5.x before 2.5.5, it is possible to prepare a special URL which will be used for path traversal and execution of arbitrary code on server side. |