Total
6435 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2020-7762 | 1 Jsreport | 1 Jsreport-chrome-pdf | 2024-09-17 | 6.5 Medium |
This affects the package jsreport-chrome-pdf before 1.10.0. | ||||
CVE-2022-26675 | 1 Aenrich | 1 A\+hrd | 2024-09-17 | 7.5 High |
aEnrich a+HRD has inadequate filtering for special characters in URLs. An unauthenticated remote attacker can bypass authentication and perform path traversal attacks to access arbitrary files under website root directory. | ||||
CVE-2012-4867 | 1 Vtiger | 1 Vtiger Crm | 2024-09-17 | N/A |
Directory traversal vulnerability in modules/com_vtiger_workflow/sortfieldsjson.php in vtiger CRM 5.1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the module_name parameter. | ||||
CVE-2022-22685 | 1 Synology | 1 Webdav Server | 2024-09-17 | 8.7 High |
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology WebDAV Server before 2.4.0-0062 allows remote authenticated users to delete arbitrary files via unspecified vectors. | ||||
CVE-2010-3099 | 1 Smartftp | 1 Smartftp | 2024-09-17 | N/A |
Directory traversal vulnerability in SmartSoft Ltd SmartFTP Client 4.0.1124.0, and possibly other versions before 4.0 Build 1133, allows remote FTP servers to overwrite arbitrary files via a "..\" (dot dot backslash) in a filename. NOTE: some of these details are obtained from third party information. | ||||
CVE-2018-20769 | 1 Xerox | 58 Workcentre 3655, Workcentre 3655 Firmware, Workcentre 3655i and 55 more | 2024-09-17 | N/A |
An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. There is a Local File Inclusion vulnerability. | ||||
CVE-2018-7764 | 1 Schneider-electric | 1 U.motion Builder | 2024-09-17 | N/A |
The vulnerability exists within runscript.php applet in Schneider Electric U.motion Builder software versions prior to v1.3.4. There is a directory traversal vulnerability in the processing of the 's' parameter of the applet. | ||||
CVE-2004-2750 | 1 Jbrowser | 1 Jbrowser | 2024-09-17 | N/A |
Directory traversal vulnerability in browser.php in JBrowser 1.0 through 2.1 allows remote attackers to read arbitrary files via the directory parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
CVE-2017-16191 | 1 Cypserver Project | 1 Cypserver | 2024-09-17 | N/A |
cypserver is a static file server. cypserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||||
CVE-2022-34378 | 1 Dell | 1 Emc Powerscale Onefs | 2024-09-17 | 5.5 Medium |
Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3, contain a relative path traversal vulnerability. A low privileged local attacker could potentially exploit this vulnerability, leading to denial of service. | ||||
CVE-2022-23970 | 1 Asus | 2 Rt-ax56u, Rt-ax56u Firmware | 2024-09-17 | 8.1 High |
ASUS RT-AX56U’s update_json function has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. An unauthenticated LAN attacker can overwrite a system file by uploading another file with the same file name, which results in service disruption. | ||||
CVE-2013-3626 | 1 Attachmate | 1 Verastream Host Integrator | 2024-09-17 | N/A |
Directory traversal vulnerability in the Session Server in Attachmate Verastream Host Integrator (VHI) 6.0 through 7.5 SP 1 HF 1 allows remote attackers to upload and execute arbitrary files via a crafted message. | ||||
CVE-2017-16170 | 1 Liuyaserver Project | 1 Liuyaserver | 2024-09-17 | N/A |
liuyaserver is a static file server. liuyaserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||||
CVE-2022-38424 | 1 Adobe | 1 Coldfusion | 2024-09-17 | 7.2 High |
Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in arbitrary file system write. Exploitation of this issue does not require user interaction, but does require administrator privileges. | ||||
CVE-2010-3104 | 1 Deskshare | 1 Auto Ftp Manager | 2024-09-17 | N/A |
Directory traversal vulnerability in DeskShare AutoFTP Manager 4.31, and probably earlier versions, allows remote FTP servers to write arbitrary files via a "..\" (dot dot backslash) in a filename. | ||||
CVE-2019-1621 | 1 Cisco | 1 Data Center Network Manager | 2024-09-17 | 7.5 High |
A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to gain access to sensitive files on an affected device. The vulnerability is due to incorrect permissions settings on affected DCNM software. An attacker could exploit this vulnerability by connecting to the web-based management interface of an affected device and requesting specific URLs. A successful exploit could allow the attacker to download arbitrary files from the underlying filesystem of the affected device. | ||||
CVE-2009-4374 | 1 Alienvault | 1 Open Source Security Information Management | 2024-09-17 | N/A |
Directory traversal vulnerability in repository/repository_attachment.php in AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to upload files into arbitrary directories via a .. (dot dot) in the id_document parameter. | ||||
CVE-2022-20724 | 1 Cisco | 4 Cgr1000 Compute Module, Ic3000 Industrial Compute Gateway, Ios and 1 more | 2024-09-17 | 5.5 Medium |
Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory. | ||||
CVE-2022-27621 | 1 Synology | 2 Diskstation Manager, Usb Copy | 2024-09-17 | 5.5 Medium |
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology USB Copy before 2.2.0-1086 allows remote authenticated users to read or write arbitrary files via unspecified vectors. | ||||
CVE-2018-1261 | 1 Vmware | 1 Spring Integration Zip | 2024-09-17 | 4.7 Medium |
Spring-integration-zip versions prior to 1.0.1 exposes an arbitrary file write vulnerability, which can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z) that holds path traversal filenames. So when the filename gets concatenated to the target extraction directory, the final path ends up outside of the target folder. |