Total
6435 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-4384 | 1 Ibm | 1 Campaign | 2024-09-17 | 4.3 Medium |
| IBM Campaign 9.1.2 and 10.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 162172. | ||||
| CVE-2017-16120 | 1 Liyujing Project | 1 Liyujing | 2024-09-17 | N/A |
| liyujing is a static file server. liyujing is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||||
| CVE-2021-21586 | 1 Dell | 1 Wyse Management Suite | 2024-09-17 | 8.1 High |
| Wyse Management Suite versions 3.2 and earlier contain an absolute path traversal vulnerability. A remote authenticated malicious user could exploit this vulnerability in order to read arbitrary files on the system. | ||||
| CVE-2012-4701 | 1 Tridium | 1 Niagara Ax | 2024-09-17 | N/A |
| Directory traversal vulnerability in Tridium Niagara AX 3.5, 3.6, and 3.7 allows remote attackers to read sensitive files, and consequently execute arbitrary code, by leveraging (1) valid credentials or (2) the guest feature. | ||||
| CVE-2018-0405 | 1 Cisco | 4 Rv180w, Rv180w Firmware, Rv220w and 1 more | 2024-09-17 | N/A |
| A vulnerability in the web framework code for Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall could allow an unauthenticated, remote attacker to conduct a directory path traversal attack on a targeted device. The issue is due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location. | ||||
| CVE-2016-10528 | 1 Restafary Project | 1 Restafary | 2024-09-17 | N/A |
| restafary is a REpresentful State Transfer API for Creating, Reading, Using, Deleting files on a server from the web. Restafary before 1.6.1 is able to set up a root path, which should only allow it to run inside of that root path it specified. | ||||
| CVE-2012-5969 | 1 Huawei | 2 E585, E585u-82 | 2024-09-17 | N/A |
| Multiple directory traversal vulnerabilities on the Huawei E585 device allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the PATH_INFO of an sdcard/ request or (2) modify arbitrary files via a .. (dot dot) in the req_page parameter to en/sms.cgi. | ||||
| CVE-2019-13408 | 2 Androvideo, Geovision | 6 Vd 1, Vd 1 Firmware, Gv-vd8700 and 3 more | 2024-09-17 | 7.5 High |
| A relative path traversal vulnerability found in Advan VD-1 firmware versions up to 230. It allows attackers to download arbitrary files via url cgibin/ExportSettings.cgi?Download=filepath, without any authentication. | ||||
| CVE-2012-3337 | 1 Ibm | 1 Infosphere Guardium | 2024-09-17 | 5.3 Medium |
| IBM InfoSphere Guardium 8.0, 8.01, and 8.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to download arbitrary files on the system. IBM X-Force ID: 78284. | ||||
| CVE-2017-16212 | 1 Ltt Project | 1 Ltt | 2024-09-17 | N/A |
| ltt is a static file server. ltt is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||||
| CVE-2017-9829 | 1 Vivotek | 6 Network Camera Fd8164, Network Camera Fd8164 Firmware, Network Camera Fd816ba and 3 more | 2024-09-17 | N/A |
| '/cgi-bin/admin/downloadMedias.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable, which allows remote attackers to read any file on the camera's Linux filesystem via a crafted HTTP request containing ".." sequences. This vulnerability is already verified on VIVOTEK Network Camera IB8369/FD8164/FD816BA; most others have similar firmware that may be affected. | ||||
| CVE-2018-1000997 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-09-17 | N/A |
| A path traversal vulnerability exists in the Stapler web framework used by Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/org/kohsuke/stapler/Facet.java, groovy/src/main/java/org/kohsuke/stapler/jelly/groovy/GroovyFacet.java, jelly/src/main/java/org/kohsuke/stapler/jelly/JellyFacet.java, jruby/src/main/java/org/kohsuke/stapler/jelly/jruby/JRubyFacet.java, jsp/src/main/java/org/kohsuke/stapler/jsp/JSPFacet.java that allows attackers to render routable objects using any view in Jenkins, exposing internal information about those objects not intended to be viewed, such as their toString() representation. | ||||
| CVE-2013-3504 | 1 Gwos | 1 Groundwork Monitor | 2024-09-17 | N/A |
| Directory traversal vulnerability in monarch.cgi in the MONARCH component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to overwrite arbitrary files by leveraging access to the nagios account. | ||||
| CVE-2018-18990 | 1 Lcds | 1 Laquis Scada | 2024-09-17 | N/A |
| LCDS Laquis SCADA prior to version 4.1.0.4150 allows a user-supplied path in file operations prior to proper validation. An attacker can leverage this vulnerability to disclose sensitive information under the context of the web server process. | ||||
| CVE-2017-16095 | 1 Serverliujiayi1 Project | 1 Serverliujiayi1 | 2024-09-17 | N/A |
| serverliujiayi1 is a simple http server. serverliujiayi1 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL. | ||||
| CVE-2017-16175 | 1 Ewgaddis.lab6 Project | 1 Ewgaddis.lab6 | 2024-09-17 | N/A |
| ewgaddis.lab6 is a file server. ewgaddis.lab6 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||||
| CVE-2011-5127 | 2 Bluecoat, Microsoft | 2 Reporter, Windows | 2024-09-17 | N/A |
| Directory traversal vulnerability in Blue Coat Reporter 9.x before 9.2.4.13, 9.2.5.x before 9.2.5.1, and 9.3 before 9.3.1.2 on Windows allows remote attackers to read arbitrary files, and consequently execute arbitrary code, via an unspecified HTTP request. | ||||
| CVE-2018-10589 | 1 Advantech | 4 Webaccess, Webaccess\/nms, Webaccess Dashboard and 1 more | 2024-09-17 | N/A |
| In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a path transversal vulnerability has been identified, which may allow an attacker to execute arbitrary code. | ||||
| CVE-2019-1765 | 1 Cisco | 8 Ip Conference Phone 8832, Ip Conference Phone 8832 Firmware, Ip Phone 8800 and 5 more | 2024-09-17 | N/A |
| A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an authenticated, remote attacker to write arbitrary files to the filesystem. The vulnerability is due to insufficient input validation and file-level permissions. An attacker could exploit this vulnerability by uploading invalid files to an affected device. A successful exploit could allow the attacker to write files in arbitrary locations on the filesystem. This vulnerability affects Cisco IP Phone 8800 Series products running a SIP Software release prior to 11.0(5) for Wireless IP Phone 8821 and 8821-EX; and 12.5(1)SR1 for the IP Conference Phone 8832 and the rest of the IP Phone 8800 Series. | ||||
| CVE-2022-1661 | 1 Keysight | 4 N6841a Rf, N6841a Rf Firmware, N6854a and 1 more | 2024-09-17 | 7.5 High |
| The affected products are vulnerable to directory traversal, which may allow an attacker to obtain arbitrary operating system files. | ||||