Total
6435 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-16104 | 1 Citypredict.whauwiller Project | 1 Citypredict.whauwiller | 2024-09-17 | N/A |
| citypredict.whauwiller is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||||
| CVE-2018-9851 | 1 Gxlcms | 1 Gxlcms Qy | 2024-09-17 | N/A |
| In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\TplAction.class.php allows remote attackers to read any file via a modified pathname in an Admin-Tpl request, as demonstrated by use of '|' instead of '/' as a directory separator, in conjunction with a ".." sequence. | ||||
| CVE-2011-3315 | 1 Cisco | 4 Unified Ccx, Unified Communications Manager, Unified Ip Interactive Voice Response and 1 more | 2024-09-17 | N/A |
| Directory traversal vulnerability in Cisco Unified Communications Manager (CUCM) 5.x and 6.x before 6.1(5)SU2, 7.x before 7.1(5b)SU2, and 8.x before 8.0(3), and Cisco Unified Contact Center Express (aka Unified CCX or UCCX) and Cisco Unified IP Interactive Voice Response (Unified IP-IVR) before 6.0(1)SR1ES8, 7.0(x) before 7.0(2)ES1, 8.0(x) through 8.0(2)SU3, and 8.5(x) before 8.5(1)SU2, allows remote attackers to read arbitrary files via a crafted URL, aka Bug IDs CSCth09343 and CSCts44049. | ||||
| CVE-2017-16877 | 1 Zeit | 1 Next.js | 2024-09-17 | N/A |
| ZEIT Next.js before 2.4.1 has directory traversal under the /_next and /static request namespace, allowing attackers to obtain sensitive information. | ||||
| CVE-2022-25848 | 1 Static-dev-server Project | 1 Static-dev-server | 2024-09-17 | 7.5 High |
| This affects all versions of package static-dev-server. This is because when paths from users to the root directory are joined, the assets for the path accessed are relative to that of the root directory. | ||||
| CVE-2017-16177 | 1 Chatbyvista Project | 1 Chatbyvista | 2024-09-17 | N/A |
| chatbyvista is a file server. chatbyvista is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||||
| CVE-2017-16176 | 1 Jansenstuffpleasework Project | 1 Jansenstuffpleasework | 2024-09-17 | N/A |
| jansenstuffpleasework is a file server. jansenstuffpleasework is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||||
| CVE-2022-39058 | 1 Changingtec | 1 Rava Certificate Validation System | 2024-09-17 | 7.5 High |
| RAVA certification validation system has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and access arbitrary system files. | ||||
| CVE-2017-16110 | 1 Weather.swlyons Project | 1 Weather.swlyons | 2024-09-17 | N/A |
| weather.swlyons is a simple web server for weather updates. weather.swlyons is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||||
| CVE-2017-16217 | 1 Webrtc-experiment | 1 Fbr-client | 2024-09-17 | N/A |
| fbr-client sends files through sockets via socket.io and webRTC. fbr-client is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||||
| CVE-2022-25931 | 1 Easy-static-server Project | 1 Easy-static-server | 2024-09-17 | 7.5 High |
| All versions of package easy-static-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code. | ||||
| CVE-2022-20811 | 1 Cisco | 2 Roomos, Telepresence Collaboration Endpoint | 2024-09-17 | 5.5 Medium |
| Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | ||||
| CVE-2022-22679 | 1 Synology | 1 Diskstation Manager | 2024-09-17 | 6.5 Medium |
| Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in support service management in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote authenticated users to write arbitrary files via unspecified vectors. | ||||
| CVE-2021-43988 | 1 Fanuc | 1 Roboguide | 2024-09-17 | 6.1 Medium |
| The affected product is vulnerable to a network-based attack by threat actors utilizing crafted naming conventions of files to gain unauthorized access rights. | ||||
| CVE-2022-34836 | 1 Abb | 1 Zenon | 2024-09-17 | 5.9 Medium |
| Relative Path Traversal vulnerability in ABB Zenon 8.20 allows the user to access files on the Zenon system and user also can add own log messages and e.g., flood the log entries. An attacker who successfully exploit the vulnerability could access the Zenon runtime activities such as the start and stop of various activity and the last error code etc. | ||||
| CVE-2018-3734 | 1 Stattic Project | 1 Stattic | 2024-09-17 | 7.5 High |
| stattic node module suffers from a Path Traversal vulnerability due to lack of validation of path, which allows a malicious user to read content of any file with known path. | ||||
| CVE-2007-6736 | 1 G.rodola | 1 Pyftpdlib | 2024-09-17 | N/A |
| Multiple directory traversal vulnerabilities in FTPServer.py in pyftpdlib before 0.2.0 allow remote authenticated users to access arbitrary files and directories via a .. (dot dot) in a (1) LIST, (2) STOR, or (3) RETR command. | ||||
| CVE-2022-25347 | 1 Deltaww | 1 Diaenergie | 2024-09-17 | 9.8 Critical |
| Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to path traversal attacks, which may allow an attacker to write arbitrary files to locations on the file system. | ||||
| CVE-2019-1820 | 1 Cisco | 2 Evolved Programmable Network Manager, Prime Infrastructure | 2024-09-17 | 6.5 Medium |
| A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager software could allow an authenticated, remote attacker to download and view files within the application that should be restricted. This vulnerability is due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location. A successful exploit could allow the attacker to view application files that may contain sensitive information. | ||||
| CVE-2020-7664 | 1 Compression And Archive Extensions Project | 1 Compression And Archive Extensions Zip Project | 2024-09-17 | 7.5 High |
| In all versions of the package github.com/unknwon/cae/zip, the ExtractTo function doesn't securely escape file paths in zip archives which include leading or non-leading "..". This allows an attacker to add or replace files system-wide. | ||||