Total
6500 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2017-12188 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Rhel Extras Rt | 2024-08-05 | 7.8 High |
arch/x86/kvm/mmu.c in the Linux kernel through 4.13.5, when nested virtualisation is used, does not properly traverse guest pagetable entries to resolve a guest virtual address, which allows L1 guest OS users to execute arbitrary code on the host OS or cause a denial of service (incorrect index during page walking, and host OS crash), aka an "MMU potential stack buffer overrun." | ||||
CVE-2017-11723 | 1 Xinha | 1 Xinha | 2024-08-05 | N/A |
Directory traversal vulnerability in plugins/ImageManager/backend.php in Xinha 0.96, as used in Jojo 4.4.0, allows remote attackers to delete any folder via directory traversal sequences in the deld parameter. | ||||
CVE-2017-9833 | 1 Boa | 1 Boa | 2024-08-05 | 7.5 High |
/cgi-bin/wapopen in Boa 0.94.14rc21 allows the injection of "../.." using the FILECAMERA variable (sent by GET) to read files with root privileges. NOTE: multiple third parties report that this is a system-integrator issue (e.g., a vulnerability on one type of camera) because Boa does not include any wapopen program or any code to read a FILECAMERA variable. | ||||
CVE-2017-11658 | 1 Wp-rocket | 1 Wp-rocket | 2024-08-05 | N/A |
In the WP Rocket plugin 2.9.3 for WordPress, the Local File Inclusion mitigation technique is to trim traversal characters (..) -- however, this is insufficient to stop remote attacks and can be bypassed by using 0x00 bytes, as demonstrated by a .%00.../.%00.../ attack. | ||||
CVE-2017-11589 | 1 Cisco | 2 Residential Gateway, Residential Gateway Firmware | 2024-08-05 | N/A |
On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00.00.03.45.4E and DDR2201v1 ADSL2+ Residential Gateway DDR2201v1-NA-AnnexA-FCC-V00.00.03.28.3 devices, there is no access control for info.html, wancfg.cmd, rtroutecfg.cmd, arpview.cmd, cpuview.cmd, memoryview.cmd, statswan.cmd, statsatm.cmd, scsrvcntr.cmd, scacccntr.cmd, logview.cmd, voicesipview.cmd, usbview.cmd, wlmacflt.cmd, wlwds.cmd, wlstationlist.cmd, HPNAShow.cmd, HPNAView.cmd, qoscls.cmd, qosqueue.cmd, portmap.cmd, scmacflt.cmd, scinflt.cmd, scoutflt.cmd, certlocal.cmd, or certca.cmd. | ||||
CVE-2017-11630 | 1 Fiyo | 1 Fiyo Cms | 2024-08-05 | N/A |
dapur\apps\app_config\controller\backuper.php in Fiyo CMS 2.0.7 allows remote attackers to delete arbitrary files via directory traversal sequences in the file parameter in a type=database request, a different vulnerability than CVE-2017-8853. | ||||
CVE-2017-11587 | 1 Cisco | 2 Residential Gateway, Residential Gateway Firmware | 2024-08-05 | N/A |
On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00.00.03.45.4E and DDR2201v1 ADSL2+ Residential Gateway DDR2201v1-NA-AnnexA-FCC-V00.00.03.28.3 devices, there is directory traversal in the filename parameter to the /download.conf URI. | ||||
CVE-2017-11469 | 1 Idera | 1 Uptime Infrastructure Monitor | 2024-08-05 | N/A |
get2post.php in IDERA Uptime Monitor 7.8 has directory traversal in the file_name parameter. | ||||
CVE-2017-11440 | 1 Sitecore | 1 Cms | 2024-08-05 | N/A |
In Sitecore 8.2, there is absolute path traversal via the shell/Applications/Layouts/IDE.aspx fi parameter and the admin/LinqScratchPad.aspx Reference parameter. | ||||
CVE-2017-11348 | 1 Octopus | 2 Octopus Deploy, Octopus Server | 2024-08-05 | N/A |
In Octopus Deploy 3.x before 3.15.4, an authenticated user with PackagePush permission to upload packages could upload a maliciously crafted NuGet package, potentially overwriting other packages or modifying system files. This is a directory traversal in the PackageId value. | ||||
CVE-2017-11389 | 1 Trendmicro | 1 Control Manager | 2024-08-05 | N/A |
Directory traversal vulnerability in Trend Micro Control Manager 6.0 allows remote code execution by attackers able to drop arbitrary files in a web-facing directory. Formerly ZDI-CAN-4684. | ||||
CVE-2017-10993 | 1 Contao | 1 Contao Cms | 2024-08-05 | N/A |
Contao before 3.5.28 and 4.x before 4.4.1 allows remote attackers to include and execute arbitrary local PHP files via a crafted parameter in a URL, aka Directory Traversal. | ||||
CVE-2017-10974 | 1 Yaws | 1 Yaws | 2024-08-05 | N/A |
Yaws 1.91 allows Unauthenticated Remote File Disclosure via HTTP Directory Traversal with /%5C../ to port 8080. NOTE: this CVE is only about use of an initial /%5C sequence to defeat traversal protection mechanisms; the initial /%5C sequence was apparently not discussed in earlier research on this product. | ||||
CVE-2024-1142 | 2024-08-05 | 5.4 Medium | ||
Path Traversal in Sonatype IQ Server from version 143 allows remote authenticated attackers to overwrite or delete files via a specially crafted request. Version 171 fixes this issue. | ||||
CVE-2017-10940 | 1 Joyent | 1 Triton Datacenter | 2024-08-05 | N/A |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Joyent Smart Data Center prior to agentsshar@1.0.0-release-20160901-20160901T051624Z-g3fd5adf (e469cf49-4de3-4658-8419-ab42837916ad). An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the docker API. The process does not properly validate user-supplied data which can allow for the upload of arbitrary files. An attacker can leverage this vulnerability to execute arbitrary code under the context of root. Was ZDI-CAN-3853. | ||||
CVE-2017-10841 | 1 Webcalendar Project | 1 Webcalendar | 2024-08-05 | N/A |
Directory traversal vulnerability in WebCalendar 1.2.7 and earlier allows authenticated attackers to read arbitrary files via unspecified vectors. | ||||
CVE-2017-10861 | 1 Qualitysoft | 1 Qnd Advance\/standard | 2024-08-05 | N/A |
Directory traversal vulnerability in QND Advance/Standard allows an attacker to read arbitrary files via a specially crafted command. | ||||
CVE-2017-10907 | 1 Spiqe | 1 Onethird Cms Show Off | 2024-08-05 | N/A |
Directory traversal vulnerability in OneThird CMS Show Off v1.85 and earlier. Show Off v1.85 en and earlier allows an attacker to read arbitrary files via unspecified vectors. | ||||
CVE-2017-10834 | 1 Nippon-antenna | 2 Scr02hd, Scr02hd Firmware | 2024-08-05 | N/A |
Directory traversal vulnerability in "Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier allows authenticated attackers to read arbitrary files via unspecified vectors. | ||||
CVE-2017-10708 | 1 Apport Project | 1 Apport | 2024-08-05 | N/A |
An issue was discovered in Apport through 2.20.x. In apport/report.py, Apport sets the ExecutablePath field and it then uses the path to run package specific hooks without protecting against path traversal. This allows remote attackers to execute arbitrary code via a crafted .crash file. |