Total
6500 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2016-1191 | 1 Cybozu | 1 Garoon | 2024-08-05 | N/A |
Directory traversal vulnerability in the Files function in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to modify settings via unspecified vectors. | ||||
CVE-2016-1212 | 1 Futomi | 1 Mp Form Mail Cgi | 2024-08-05 | N/A |
Directory traversal vulnerability in futomi MP Form Mail CGI Professional Edition 3.2.3 and earlier allows remote authenticated administrators to read arbitrary files via unspecified vectors. | ||||
CVE-2016-1145 | 1 Nec | 1 Expresscluster X | 2024-08-05 | N/A |
Directory traversal vulnerability in WebManager in NEC EXPRESSCLUSTER X through 3.3 11.31 on Windows and through 3.3 3.3.1-1 on Linux and Solaris allows remote attackers to read arbitrary files via unspecified vectors. | ||||
CVE-2016-0855 | 1 Advantech | 1 Webaccess | 2024-08-05 | N/A |
Directory traversal vulnerability in Advantech WebAccess before 8.1 allows remote attackers to list arbitrary virtual-directory files via unspecified vectors. | ||||
CVE-2016-0784 | 1 Apache | 1 Openmeetings | 2024-08-05 | N/A |
Directory traversal vulnerability in the Import/Export System Backups functionality in Apache OpenMeetings before 3.1.1 allows remote authenticated administrators to write to arbitrary files via a .. (dot dot) in a ZIP archive entry. | ||||
CVE-2016-0752 | 5 Debian, Opensuse, Redhat and 2 more | 7 Debian Linux, Leap, Opensuse and 4 more | 2024-08-05 | 7.5 High |
Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname. | ||||
CVE-2016-0709 | 1 Apache | 1 Jetspeed | 2024-08-05 | N/A |
Directory traversal vulnerability in the Import/Export function in the Portal Site Manager in Apache Jetspeed before 2.3.1 allows remote authenticated administrators to write to arbitrary files, and consequently execute arbitrary code, via a .. (dot dot) in a ZIP archive entry, as demonstrated by "../../webapps/x.jsp." | ||||
CVE-2017-1000501 | 2 Awstats, Debian | 2 Awstats, Debian Linux | 2024-08-05 | N/A |
Awstats version 7.6 and earlier is vulnerable to a path traversal flaw in the handling of the "config" and "migrate" parameters resulting in unauthenticated remote code execution. | ||||
CVE-2017-1000472 | 2 Debian, Pocoproject | 2 Debian Linux, Poco | 2024-08-05 | N/A |
The ZipCommon::isValidPath() function in Zip/src/ZipCommon.cpp in POCO C++ Libraries before 1.8 does not properly restrict the filename value in the ZIP header, which allows attackers to conduct absolute path traversal attacks during the ZIP decompression, and possibly create or overwrite arbitrary files, via a crafted ZIP file, related to a "file path injection vulnerability". | ||||
CVE-2017-1000170 | 1 Jqueryfiletree Project | 1 Jqueryfiletree | 2024-08-05 | 7.5 High |
jqueryFileTree 2.1.5 and older Directory Traversal | ||||
CVE-2017-1000115 | 3 Debian, Mercurial, Redhat | 9 Debian Linux, Mercurial, Enterprise Linux and 6 more | 2024-08-05 | N/A |
Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the repository | ||||
CVE-2017-1000026 | 1 Progress | 1 Mixlib-archive | 2024-08-05 | 7.5 High |
Chef Software's mixlib-archive versions 0.3.0 and older are vulnerable to a directory traversal attack allowing attackers to overwrite arbitrary files by using ".." in tar archive entries | ||||
CVE-2017-1000062 | 1 Kitto Project | 1 Kitto | 2024-08-05 | N/A |
kittoframework kitto 0.5.1 is vulnerable to directory traversal in the router resulting in remote code execution | ||||
CVE-2017-1000028 | 1 Oracle | 1 Glassfish Server | 2024-08-05 | N/A |
Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Traversal vulnerability, that can be exploited by issuing a specially crafted HTTP GET request. | ||||
CVE-2017-1000047 | 1 Rbenv Project | 1 Rbenv | 2024-08-05 | 9.8 Critical |
rbenv (all current versions) is vulnerable to Directory Traversal in the specification of Ruby version resulting in arbitrary code execution | ||||
CVE-2017-20181 | 1 Vocable Trainer Project | 1 Vocable Trainer | 2024-08-05 | 5.3 Medium |
A vulnerability classified as critical was found in hgzojer Vocable Trainer up to 1.3.0 on Android. This vulnerability affects unknown code of the file src/at/hgz/vocabletrainer/VocableTrainerProvider.java. The manipulation leads to path traversal. Attacking locally is a requirement. Upgrading to version 1.3.1 is able to address this issue. The name of the patch is accf6838078f8eb105cfc7865aba5c705fb68426. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-222328. | ||||
CVE-2017-20184 | 1 Gavazzionline | 1 Powersoft | 2024-08-05 | 7.5 High |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Carlo Gavazzi Powersoft up to version 2.1.1.1 allows an unauthenticated, remote attacker to download any file from the affected device. | ||||
CVE-2017-20145 | 1 Tecrail | 1 Responsive Filemanager | 2024-08-05 | 6.3 Medium |
A vulnerability was found in Tecrail Responsive Filemanger up to 9.10.x and classified as critical. The manipulation leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 9.11.0 is able to address this issue. It is recommended to upgrade the affected component. | ||||
CVE-2017-20152 | 1 Imageserve Project | 1 Imageserve | 2024-08-05 | 3.1 Low |
A vulnerability, which was classified as problematic, was found in aerouk imageserve. Affected is an unknown function of the file public/viewer.php of the component File Handler. The manipulation of the argument filelocation leads to path traversal. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is bd23c784f0e5cb12f66d15c100248449f87d72e2. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217056. | ||||
CVE-2017-1000002 | 1 Atutor | 1 Atutor | 2024-08-05 | N/A |
ATutor versions 2.2.1 and earlier are vulnerable to a directory traversal and file extension check bypass in the Course component resulting in code execution. ATutor versions 2.2.1 and earlier are vulnerable to a directory traversal vulnerability in the Course Icon component resulting in information disclosure. |