Total
6500 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2017-20105 | 1 Simplessus | 1 Simplessus | 2024-08-05 | 5.4 Medium |
A vulnerability was found in Simplessus 3.7.7. It has been rated as critical. This issue affects some unknown processing. The manipulation of the argument path with the input ..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.8.3 is able to address this issue. It is recommended to upgrade the affected component. | ||||
CVE-2017-20102 | 1 Album Lock Project | 1 Album Lock | 2024-08-05 | 4.4 Medium |
A vulnerability was found in Album Lock 4.0 and classified as critical. Affected by this issue is some unknown functionality of the file /getImage. The manipulation of the argument filePaht leads to path traversal. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. | ||||
CVE-2017-18874 | 1 Mattermost | 1 Mattermost Server | 2024-08-05 | 6.5 Medium |
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can achieve directory traversal. | ||||
CVE-2017-18912 | 1 Mattermost | 1 Mattermost Server | 2024-08-05 | 9.8 Critical |
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. It allows an attacker to specify a full pathname of a log file. | ||||
CVE-2017-18824 | 1 Netgear | 20 M4200, M4200 Firmware, M4300-12x12f and 17 more | 2024-08-05 | 3.3 Low |
Certain NETGEAR devices are affected by directory traversal. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. | ||||
CVE-2017-18636 | 1 Esafenet | 1 Cdg | 2024-08-05 | 7.5 High |
CDG through 2017-01-01 allows downloadDocument.jsp?command=download&pathAndName= directory traversal. | ||||
CVE-2017-18585 | 1 Ivycat | 1 Posts In Page | 2024-08-05 | N/A |
The posts-in-page plugin before 1.3.0 for WordPress has ic_add_posts template='../ directory traversal. | ||||
CVE-2017-18586 | 1 Insert Pages Project | 1 Insert Pages | 2024-08-05 | N/A |
The insert-pages plugin before 3.2.4 for WordPress has directory traversal via custom template paths. | ||||
CVE-2017-18448 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
cPanel before 64.0.21 allows certain file-read operations via a Serverinfo_manpage API call (SEC-252). | ||||
CVE-2017-18354 | 1 Google | 1 Rendertron | 2024-08-05 | N/A |
Rendertron 1.0.0 allows for alternative protocols such as 'file://' introducing a Local File Inclusion (LFI) bug where arbitrary files can be read by a remote attacker. | ||||
CVE-2017-17058 | 1 Automattic | 1 Woocommerce | 2024-08-05 | 7.5 High |
The WooCommerce plugin through 3.x for WordPress has a Directory Traversal Vulnerability via a /wp-content/plugins/woocommerce/templates/emails/plain/ URI, which accesses a parent directory. NOTE: a software maintainer indicates that Directory Traversal is not possible because all of the template files have "if (!defined('ABSPATH')) {exit;}" code | ||||
CVE-2017-17992 | 1 Iwcnetwork | 1 Biometric Shift Employee Management System | 2024-08-05 | N/A |
Biometric Shift Employee Management System allows Arbitrary File Download via directory traversal sequences in the index.php form_file_name parameter in a download_form action. | ||||
CVE-2017-17927 | 1 Ordermanagementscript | 1 Professional Service Script | 2024-08-05 | N/A |
PHP Scripts Mall Professional Service Script allows remote attackers to obtain sensitive full-path information via a crafted PATH_INFO to service-list/category/. | ||||
CVE-2017-17924 | 1 Ordermanagementscript | 1 Professional Service Script | 2024-08-05 | N/A |
PHP Scripts Mall Professional Service Script allows remote attackers to obtain sensitive full-path information via the id parameter to admin/review_userwise.php. | ||||
CVE-2017-17739 | 1 Brightsign | 2 4k242, 4k242 Firmware | 2024-08-05 | N/A |
The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) has directory traversal via the /storage.html rp parameter, allowing an attacker to read or write to files. | ||||
CVE-2017-17715 | 1 Telegram | 1 Telegram Messenger | 2024-08-05 | N/A |
The saveFile method in MediaController.java in the Telegram Messenger application before 2017-12-08 for Android allows directory traversal via a pathname obtained in a file-transfer request from a remote peer, as demonstrated by writing to tgnet.dat or tgnet.dat.bak. | ||||
CVE-2017-17671 | 2 Microsoft, Vbulletin | 2 Windows, Vbulletin | 2024-08-05 | 9.8 Critical |
vBulletin through 5.3.x on Windows allows remote PHP code execution because a require_once call is reachable with an unauthenticated request that can include directory traversal sequences to specify an arbitrary pathname, and because ../ traversal is blocked but ..\ traversal is not blocked. For example, an attacker can make an invalid HTTP request containing PHP code, and then make an index.php?routestring= request with enough instances of ".." to reach an Apache HTTP Server log file. | ||||
CVE-2017-17662 | 1 Yawcam | 1 Yawcam | 2024-08-05 | N/A |
Directory traversal in the HTTP server on Yawcam 0.2.6 through 0.6.0 devices allows attackers to read arbitrary files through a sequence of the form '.x./' or '....\x/' where x is a pattern composed of one or more (zero or more for the second pattern) of either \ or ..\ -- for example a '.\./', '....\/' or '...\./' sequence. For files with no extension, a single dot needs to be appended to ensure the HTTP server does not alter the request, e.g., a "GET /.\./.\./.\./.\./.\./.\./.\./windows/system32/drivers/etc/hosts." request. | ||||
CVE-2017-17309 | 1 Huawei | 2 Hg255s-10, Hg255s-10 Firmware | 2024-08-05 | N/A |
Huawei HG255s-10 V100R001C163B025SP02 has a path traversal vulnerability due to insufficient validation of the received HTTP requests, a remote attacker may access the local files on the device without authentication. | ||||
CVE-2017-17223 | 1 Huawei | 6 Espace 7910, Espace 7910 Firmware, Espace 7950 and 3 more | 2024-08-05 | N/A |
Huawei eSpace 7910 V200R003C30; eSpace 7950 V200R003C30; eSpace 8950 V200R003C00; V200R003C30 have a directory traversal vulnerability. An authenticated, remote attacker can craft specific URL to the affected products. Due to insufficient verification of the URL, successful exploit will upload and download files and cause information leak and system crash. |