Total
6435 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-3949 | 1 Tp-link | 2 Tl-r600vpn, Tl-r600vpn Firmware | 2024-09-17 | 7.5 High |
| An exploitable information disclosure vulnerability exists in the HTTP server functionality of the TP-Link TL-R600VPN. A specially crafted URL can cause a directory traversal, resulting in the disclosure of sensitive system files. An attacker can send either an unauthenticated or an authenticated web request to trigger this vulnerability. | ||||
| CVE-2020-36197 | 1 Qnap | 4 Music Station, Qts, Quts Hero and 1 more | 2024-09-17 | 7.1 High |
| An improper access control vulnerability has been reported to affect earlier versions of Music Station. If exploited, this vulnerability allows attackers to compromise the security of the software by gaining privileges, reading sensitive information, executing commands, evading detection, etc. This issue affects: QNAP Systems Inc. Music Station versions prior to 5.3.16 on QTS 4.5.2; versions prior to 5.2.10 on QTS 4.3.6; versions prior to 5.1.14 on QTS 4.3.3; versions prior to 5.3.16 on QuTS hero h4.5.2; versions prior to 5.3.16 on QuTScloud c4.5.4. | ||||
| CVE-2018-19748 | 1 Sdcms | 1 Sdcms | 2024-09-17 | N/A |
| app/plug/attachment/controller/admincontroller.php in SDCMS 1.6 allows reading arbitrary files via a /?m=plug&c=admin&a=index&p=attachment&root= directory traversal. The value of the root parameter must be base64 encoded (note that base64 encoding, instead of URL encoding, is very rare in a directory traversal attack vector). | ||||
| CVE-2018-5448 | 1 Medtronic | 2 2090 Carelink Programmer, 2090 Carelink Programmer Firmware | 2024-09-17 | N/A |
| All versions of the Medtronic 2090 Carelink Programmer are affected by a directory traversal vulnerability where the product's software deployment network could allow an attacker to read files on the system. | ||||
| CVE-2021-35968 | 1 Learningdigital | 1 Orca Hcm | 2024-09-17 | 4.3 Medium |
| The directory list page parameter of the Orca HCM digital learning platform fails to filter special characters properly. Remote attackers can access the system directory thru Path Traversal with users’ privileges. | ||||
| CVE-2010-2033 | 2 Joomla, Percha | 2 Joomla\!, Com Perchacategoriestree | 2024-09-17 | N/A |
| Directory traversal vulnerability in the Percha Multicategory Article (com_perchacategoriestree) component 0.6 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. | ||||
| CVE-2021-34762 | 1 Cisco | 3 Firepower Management Center Virtual Appliance, Firepower Threat Defense, Sourcefire Defense Center | 2024-09-17 | 8.1 High |
| A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to perform a directory traversal attack on an affected device. The attacker would require valid device credentials. The vulnerability is due to insufficient input validation of the HTTPS URL by the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTPS request that contains directory traversal character sequences to an affected device. A successful exploit could allow the attacker to read or write arbitrary files on the device. | ||||
| CVE-2022-25842 | 1 Alibabagroup | 1 One-java-agent | 2024-09-17 | 6.9 Medium |
| All versions of package com.alibaba.oneagent:one-java-agent-plugin are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) using a specially crafted archive that holds directory traversal filenames (e.g. ../../evil.exe). The attacker can overwrite executable files and either invoke them remotely or wait for the system or user to call them, thus achieving remote command execution on the victim’s machine. | ||||
| CVE-2018-1000882 | 1 Webidsupport | 1 Webid | 2024-09-17 | N/A |
| WeBid version up to current version 1.2.2 contains a Directory Traversal vulnerability in getthumb.php that can result in Arbitrary Image File Read. This attack appear to be exploitable via HTTP GET Request. This vulnerability appears to have been fixed in after commit 256a5f9d3eafbc477dcf77c7682446cc4b449c7f. | ||||
| CVE-2022-31255 | 2 Suse, Uyuni-project | 2 Manager Server, Uyuni | 2024-09-17 | 4.3 Medium |
| An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterprise Module for SUSE Manager Server 4.3, SUSE Manager Server 4.2 allows remote attackers to read files available to the user running the process, typically tomcat. This issue affects: SUSE Linux Enterprise Module for SUSE Manager Server 4.2 hub-xmlrpc-api-0.7-150300.3.9.2, inter-server-sync-0.2.4-150300.8.25.2, locale-formula-0.3-150300.3.3.2, py27-compat-salt-3000.3-150300.7.7.26.2, python-urlgrabber-3.10.2.1py2_3-150300.3.3.2, spacecmd-4.2.20-150300.4.30.2, spacewalk-backend-4.2.25-150300.4.32.4, spacewalk-client-tools-4.2.21-150300.4.27.3, spacewalk-java-4.2.43-150300.3.48.2, spacewalk-utils-4.2.18-150300.3.21.2, spacewalk-web-4.2.30-150300.3.30.3, susemanager-4.2.38-150300.3.44.3, susemanager-doc-indexes-4.2-150300.12.36.3, susemanager-docs_en-4.2-150300.12.36.2, susemanager-schema-4.2.25-150300.3.30.3, susemanager-sls versions prior to 4.2.28. SUSE Linux Enterprise Module for SUSE Manager Server 4.3 spacewalk-java versions prior to 4.3.39. SUSE Manager Server 4.2 release-notes-susemanager versions prior to 4.2.10. | ||||
| CVE-2018-3730 | 1 Mcstatic Project | 1 Mcstatic | 2024-09-17 | 7.5 High |
| mcstatic node module suffers from a Path Traversal vulnerability due to lack of validation of filePath, which allows a malicious user to read content of any file with known path. | ||||
| CVE-2011-4807 | 1 Phpalbum | 1 Phpalbum | 2024-09-17 | N/A |
| Directory traversal vulnerability in main.php in phpAlbum 0.4.1.16 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the var1 parameter. | ||||
| CVE-2018-3714 | 1 Node-srv Project | 1 Node-srv | 2024-09-17 | 6.5 Medium |
| node-srv node module suffers from a Path Traversal vulnerability due to lack of validation of url, which allows a malicious user to read content of any file with known path. | ||||
| CVE-2013-1082 | 1 Novell | 1 Zenworks Mobile Management | 2024-09-17 | N/A |
| Directory traversal vulnerability in DUSAP.php in Novell ZENworks Mobile Management before 2.7.1 allows remote attackers to include and execute arbitrary local files via the language parameter. | ||||
| CVE-2011-4831 | 1 David Azoulay | 1 Web File Browser | 2024-09-17 | N/A |
| Directory traversal vulnerability in webFileBrowser.php in Web File Browser 0.4b14 allows remote authenticated users to read arbitrary files via a ..%2f (encoded dot dot) in the file parameter in a download action. | ||||
| CVE-2012-2968 | 1 Caucho | 1 Resin | 2024-09-17 | N/A |
| Directory traversal vulnerability in Caucho Quercus, as distributed in Resin before 4.0.29, allows remote attackers to create files in arbitrary directories via a .. (dot dot) in a pathname within an HTTP request. | ||||
| CVE-2012-1025 | 1 Dream-multimedia-tv | 1 Enigma2 Webinterface | 2024-09-17 | N/A |
| Absolute path traversal vulnerability in file in Enigma2 Webinterface 1.6.0 through 1.6.8, 1.6rc3, and 1.7.0 allows remote attackers to read arbitrary files via a full pathname in the file parameter. | ||||
| CVE-2021-40724 | 2 Adobe, Google | 2 Acrobat Reader, Android | 2024-09-17 | 7.8 High |
| Acrobat Reader for Android versions 21.8.0 (and earlier) are affected by a Path traversal vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2014-9181 | 1 Plex | 1 Media Server | 2024-09-17 | N/A |
| Multiple directory traversal vulnerabilities in Plex Media Server before 0.9.9.3 allow remote attackers to read arbitrary files via a .. (dot dot) in the URI to (1) manage/ or (2) web/ or remote authenticated users to read arbitrary files via a .. (dot dot) in the URI to resources/. | ||||
| CVE-2018-16518 | 1 Primx | 2 Zed\!, Zed\! Free | 2024-09-17 | N/A |
| A directory traversal vulnerability with remote code execution in Prim'X Zed! FREE through 1.0 build 186 and Zed! Limited Edition through 6.1 build 2208 allows creation of arbitrary files on a user's workstation using crafted ZED! containers because the watermark loading function can place an executable file into a Startup folder. | ||||