Total
6435 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-1359 | 1 Cambiumnetworks | 1 Cnmaestro | 2024-09-17 | 5.7 Medium |
| The affected On-Premise cnMaestro is vulnerable to an arbitrary file-write through improper limitation of a pathname to a restricted directory inside a specific route. If an attacker supplied path traversal charters (../) as part of a filename, the server will save the file where the attacker chooses. This could allow an attacker to write any data to any file in the server. | ||||
| CVE-2020-4711 | 1 Ibm | 1 Spectrum Protect Plus | 2024-09-17 | 6.5 Medium |
| IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 187501. | ||||
| CVE-2019-4674 | 1 Ibm | 1 Security Identity Manager | 2024-09-17 | 4.9 Medium |
| IBM Security Identity Manager 7.0.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 171510. | ||||
| CVE-2020-24406 | 1 Magento | 1 Magento | 2024-09-17 | 3.7 Low |
| When in maintenance mode, Magento version 2.4.0 and 2.3.4 (and earlier) are affected by an information disclosure vulnerability that could expose the installation path during build deployments. This information could be helpful to attackers if they are able to identify other exploitable vulnerabilities in the environment. | ||||
| CVE-2017-16103 | 1 Serveryztyzt Project | 1 Serveryztyzt | 2024-09-17 | N/A |
| serveryztyzt is a simple http server. serveryztyzt is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL. | ||||
| CVE-2012-6665 | 1 Phpmoneybooks | 1 Phpmoneybooks | 2024-09-17 | N/A |
| Directory traversal vulnerability in index.php in phpMoneyBooks 1.0.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, a different vulnerability than CVE-2012-1669. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this issue might have been fixed in 1.0.3. | ||||
| CVE-2013-1084 | 1 Novell | 1 Zenworks Configuration Management | 2024-09-17 | N/A |
| Directory traversal vulnerability in the GetFle method in the umaninv service in Novell ZENworks Configuration Management (ZCM) 11.2.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the Filename parameter in a GetFile action to zenworks-unmaninv/. | ||||
| CVE-2018-9850 | 1 Gxlcms | 1 Gxlcms Qy | 2024-09-17 | N/A |
| In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\DataAction.class.php allows remote attackers to delete any file via directory traversal sequences in the id parameter of an Admin-Data-del request. | ||||
| CVE-2012-5344 | 1 Kepler Lam | 1 Iptools | 2024-09-17 | N/A |
| Directory traversal vulnerability in the WebServer (Thttpd.bat) in IpTools (aka Tiny TCP/IP server) 0.1.4 allows remote attackers to read arbitrary files via a .. (dot dot) in a HTTP request. | ||||
| CVE-2022-27844 | 1 Wpvivid | 1 Migration\, Backup\, Staging | 2024-09-17 | 2.7 Low |
| Arbitrary File Read vulnerability in WPvivid Team Migration, Backup, Staging – WPvivid (WordPress plugin) versions <= 0.9.70 | ||||
| CVE-2020-3452 | 1 Cisco | 14 Adaptive Security Appliance Software, Asa 5505, Asa 5510 and 11 more | 2024-09-17 | 7.5 High |
| A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and read sensitive files on a targeted system. The vulnerability is due to a lack of proper input validation of URLs in HTTP requests processed by an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences to an affected device. A successful exploit could allow the attacker to view arbitrary files within the web services file system on the targeted device. The web services file system is enabled when the affected device is configured with either WebVPN or AnyConnect features. This vulnerability cannot be used to obtain access to ASA or FTD system files or underlying operating system (OS) files. | ||||
| CVE-2018-3733 | 1 Crud-file-server Project | 1 Crud-file-server | 2024-09-17 | 7.5 High |
| crud-file-server node module before 0.9.0 suffers from a Path Traversal vulnerability due to incorrect validation of url, which allows a malicious user to read content of any file with known path. | ||||
| CVE-2019-15980 | 1 Cisco | 1 Data Center Network Manager | 2024-09-17 | 7.2 High |
| Multiple vulnerabilities in the REST and SOAP API endpoints and the Application Framework feature of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. To exploit these vulnerabilities, an attacker would need administrative privileges on the DCNM application. For more information about these vulnerabilities, see the Details section of this advisory. Note: The severity of these vulnerabilities is aggravated by the vulnerabilities described in the Cisco Data Center Network Manager Authentication Bypass Vulnerabilities advisory, published simultaneously with this one. | ||||
| CVE-2022-40608 | 1 Ibm | 1 Spectrum Protect Plus | 2024-09-17 | 7.5 High |
| IBM Spectrum Protect Plus 10.1.6 through 10.1.11 Microsoft File Systems restore operation can download any file on the target machine by manipulating the URL with a directory traversal attack. This results in the restore operation gaining access to files which the operator should not have access to. IBM X-Force ID: 235873. | ||||
| CVE-2011-0426 | 1 Vmware | 2 Vcenter, Virtualcenter | 2024-09-17 | N/A |
| Directory traversal vulnerability in vCenter Server in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1, and VMware VirtualCenter 2.5 before Update 6a, allows remote attackers to read arbitrary files via unspecified vectors. | ||||
| CVE-2008-2840 | 1 Exerocms | 1 Exero Cms | 2024-09-17 | N/A |
| Multiple directory traversal vulnerabilities in Exero CMS 1.0.0 and 1.0.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the theme parameter to (1) custompage.php, (2) errors/404.php, (3) members/memberslist.php, (4) members/profile.php, (5) news/fullview.php, (6) news/index.php, (7) nopermission.php, (8) usercp/avatar.php, or (9) usercp/editpassword.php in themes/Default/. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2011-1900 | 1 Indusoft | 1 Web Studio | 2024-09-17 | N/A |
| Directory traversal vulnerability in NTWebServer in InduSoft Web Studio 6.1 and 7.x before 7.0+Patch 1 allows remote attackers to execute arbitrary code via an invalid request. | ||||
| CVE-2012-5386 | 1 Nicolas Tormo | 1 Phppaleo | 2024-09-17 | N/A |
| Directory traversal vulnerability in index.php in phpPaleo 4.8b180 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the phppaleo4_lang cookie, a different vulnerability than CVE-2012-1671. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2012-5380 | 1 Ruby-lang | 1 Ruby | 2024-09-17 | 6.7 Medium |
| Untrusted search path vulnerability in the installation functionality in Ruby 1.9.3-p194, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the C:\Ruby193\bin directory, which may be added to the PATH system environment variable by an administrator, as demonstrated by a Trojan horse wlbsctrl.dll file used by the "IKE and AuthIP IPsec Keying Modules" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview. NOTE: CVE disputes this issue because the unsafe PATH is established only by a separate administrative action that is not a default part of the Ruby installation | ||||
| CVE-2022-22054 | 1 Asus | 2 Rt-ax56u, Rt-ax56u Firmware | 2024-09-17 | 6.5 Medium |
| ASUS RT-AX56U’s login function contains a path traversal vulnerability due to its inadequate filtering for special characters in URL parameters, which allows an unauthenticated local area network attacker to access restricted system paths and download arbitrary files. | ||||