Total
6500 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2017-14719 | 1 Wordpress | 1 Wordpress | 2024-08-05 | N/A |
Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components. | ||||
CVE-2017-14754 | 1 Opentext | 1 Document Sciences Xpression | 2024-08-05 | N/A |
OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to Arbitrary File Read: /xAdmin/html/cm_datasource_group_xsd.jsp, parameter: xsd_datasource_schema_file filename. In order for this vulnerability to be exploited, an attacker must authenticate to the application first. | ||||
CVE-2017-14722 | 1 Wordpress | 1 Wordpress | 2024-08-05 | N/A |
Before version 4.8.2, WordPress allowed a Directory Traversal attack in the Customizer component via a crafted theme filename. | ||||
CVE-2017-14695 | 1 Saltstack | 1 Salt | 2024-08-05 | N/A |
Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-12791. | ||||
CVE-2017-14614 | 1 Gridgain | 1 Gridgain | 2024-08-05 | N/A |
Directory traversal vulnerability in the Visor GUI Console in GridGain before 1.7.16, 1.8.x before 1.8.12, 1.9.x before 1.9.7, and 8.x before 8.1.5 allows remote authenticated users to read arbitrary files on remote cluster nodes via a crafted path. | ||||
CVE-2017-14537 | 1 Netfortris | 1 Trixbox | 2024-08-05 | 6.5 Medium |
trixbox 2.8.0.4 has path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter to /maint/modules/home/index.php. | ||||
CVE-2017-14513 | 1 Metinfo | 1 Metinfo | 2024-08-05 | N/A |
Directory traversal vulnerability in MetInfo 5.3.17 allows remote attackers to read information from any ini format file via the f_filename parameter in a fingerprintdo action to admin/app/physical/physical.php. | ||||
CVE-2017-14196 | 1 Squiz | 1 Matrix | 2024-08-05 | N/A |
An issue was discovered in Squiz Matrix from 5.3 through to 5.3.6.1 and 5.4.1.3. An information disclosure caused by a Path Traversal issue in the 'File Bridge' plugin allowed the existence of files outside of the bridged path to be confirmed. | ||||
CVE-2017-14120 | 2 Debian, Rarlab | 2 Debian Linux, Unrar | 2024-08-05 | 7.5 High |
unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a directory traversal vulnerability for RAR v2 archives: pathnames of the form ../[filename] are unpacked into the upper directory. | ||||
CVE-2017-13982 | 1 Hp | 1 Bsm Platform Application Performance Management System Health | 2024-08-05 | N/A |
A directory traversal vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows users to upload unrestricted files. | ||||
CVE-2017-13985 | 1 Hp | 1 Bsm Platform Application Performance Management System Health | 2024-08-05 | N/A |
An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to traverse directory leading to disclosure of information. | ||||
CVE-2017-13996 | 1 Loytec | 2 Lvis-3me, Lvis-3me Firmware | 2024-08-05 | N/A |
A Relative Path Traversal issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The web user interface fails to prevent access to critical files that non administrative users should not have access to, which could allow an attacker to create or modify files or execute arbitrary code. | ||||
CVE-2017-13780 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2024-08-05 | N/A |
The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows directory traversal attacks for reading arbitrary files via the module/admin_conf/download.php file parameter. | ||||
CVE-2017-12943 | 1 Dlink | 2 Dir-600 B1, Dir-600 B1 Firmware | 2024-08-05 | 9.8 Critical |
D-Link DIR-600 Rev Bx devices with v2.x firmware allow remote attackers to read passwords via a model/__show_info.php?REQUIRE_FILE= absolute path traversal attack, as demonstrated by discovering the admin password. | ||||
CVE-2017-12791 | 1 Saltstack | 1 Salt | 2024-08-05 | N/A |
Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.11.7 and 2017.7.x before 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. | ||||
CVE-2017-12815 | 1 Bomgar | 1 Remote Support | 2024-08-05 | N/A |
Analysis of the Bomgar Remote Support Portal JavaStart.jar Applet 52790 and earlier revealed that it is vulnerable to a path traversal vulnerability. The archive can be downloaded from a given Bomgar Remote Support Portal deployment at https://domain/api/content/JavaStart.jar and is callable from an arbitrary website using <object> and/or <appletHTML> tags. Successful exploitation results in file creation/modification/deletion in the operating system and with privileges of the user that ran the Java applet. | ||||
CVE-2017-12694 | 1 Spidercontrol | 1 Scada Web Server | 2024-08-05 | N/A |
A Directory Traversal issue was discovered in SpiderControl SCADA Web Server. An attacker may be able to use a simple GET request to perform a directory traversal into system files. | ||||
CVE-2017-12637 | 1 Sap | 1 Netweaver Application Server Java | 2024-08-05 | 7.5 High |
Directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS in SAP NetWeaver Application Server Java 7.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the query string, as exploited in the wild in August 2017, aka SAP Security Note 2486657. | ||||
CVE-2017-12285 | 1 Cisco | 1 Prime Network Analysis Module | 2024-08-05 | N/A |
A vulnerability in the web interface of Cisco Network Analysis Module Software could allow an unauthenticated, remote attacker to delete arbitrary files from an affected system, aka Directory Traversal. The vulnerability exists because the affected software does not perform proper input validation of HTTP requests that it receives and the software does not apply role-based access controls (RBACs) to requested HTTP URLs. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow the attacker to delete arbitrary files from the affected system. Cisco Bug IDs: CSCvf41365. | ||||
CVE-2017-12263 | 1 Cisco | 1 License Manager | 2024-08-05 | N/A |
A vulnerability in the web interface of Cisco License Manager software could allow an unauthenticated, remote attacker to download and view files within the application that should be restricted, aka Directory Traversal. The issue is due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location. An exploit could allow the attacker to view application files that may contain sensitive information. Cisco Bug IDs: CSCvd83577. |