Total
6435 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2020-36321 | 1 Vaadin | 2 Flow, Vaadin | 2024-09-17 | 5.9 Medium |
Improper URL validation in development mode handler in com.vaadin:flow-server versions 2.0.0 through 2.4.1 (Vaadin 14.0.0 through 14.4.2), and 3.0 prior to 5.0 (Vaadin 15 prior to 18) allows attacker to request arbitrary files stored outside of intended frontend resources folder. | ||||
CVE-2018-0464 | 1 Cisco | 1 Prime Data Center Network Manager | 2024-09-17 | N/A |
A vulnerability in Cisco Data Center Network Manager software could allow an authenticated, remote attacker to conduct directory traversal attacks and gain access to sensitive files on the targeted system. The vulnerability is due to improper validation of user requests within the management interface. An attacker could exploit this vulnerability by sending malicious requests containing directory traversal character sequences within the management interface. An exploit could allow the attacker to view or create arbitrary files on the targeted system. | ||||
CVE-2018-17899 | 1 Lcds | 1 Laquis Scada | 2024-09-17 | N/A |
LAquis SCADA Versions 4.1.0.3870 and prior has a path traversal vulnerability, which may allow remote code execution. | ||||
CVE-2022-38120 | 1 Upspowercom | 1 Upsmon Pro | 2024-09-17 | 6.5 Medium |
UPSMON PRO’s has a path traversal vulnerability. A remote attacker with general user privilege can exploit this vulnerability to bypass authentication and access arbitrary system files. | ||||
CVE-2017-16744 | 1 Tridium | 2 Niagara, Niagara Ax Framework | 2024-09-17 | N/A |
A path traversal vulnerability in Tridium Niagara AX Versions 3.8 and prior and Niagara 4 systems Versions 4.4 and prior installed on Microsoft Windows Systems can be exploited by leveraging valid platform (administrator) credentials. | ||||
CVE-2021-38460 | 1 Moxa | 1 Mxview | 2024-09-17 | 7.5 High |
A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries. | ||||
CVE-2018-12909 | 1 Webgrind Project | 1 Webgrind | 2024-09-17 | N/A |
Webgrind 1.5 relies on user input to display a file, which lets anyone view files from the local filesystem (that the webserver user has access to) via an index.php?op=fileviewer&file= URI. NOTE: the vendor indicates that the product is not intended for a "publicly accessible environment. | ||||
CVE-2017-16196 | 1 Quickserver Project | 1 Quickserver | 2024-09-17 | N/A |
quickserver is a simple static file server. quickserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||||
CVE-2018-14573 | 1 Trms | 1 Tightrope Media Carousel Digital Signage | 2024-09-17 | N/A |
A Local File Inclusion (LFI) vulnerability exists in the Web Interface API of TightRope Media Carousel Digital Signage before 7.3.5. The RenderingFetch API allows for the downloading of arbitrary files through the use of directory traversal sequences, aka CSL-1683. | ||||
CVE-2020-3365 | 1 Cisco | 1 Enterprise Network Function Virtualization Infrastructure | 2024-09-17 | 4.3 Medium |
A vulnerability in the directory permissions of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to perform a directory traversal attack on a limited set of restricted directories. The vulnerability is due to a flaw in the logic that governs directory permissions. An attacker could exploit this vulnerability by using capabilities that are not controlled by the role-based access control (RBAC) mechanisms of the software. A successful exploit could allow the attacker to overwrite files on an affected device. | ||||
CVE-2017-16178 | 1 Intsol-package Project | 1 Intsol-package | 2024-09-17 | N/A |
intsol-package is a file server. intsol-package is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||||
CVE-2018-18869 | 1 Phome | 1 Empirecms | 2024-09-17 | N/A |
EmpireCMS V7.5 allows remote attackers to upload and execute arbitrary code via ..%2F directory traversal in a .php filename in the upload/e/admin/ecmscom.php path parameter. | ||||
CVE-2013-6127 | 1 Wellintech | 1 Kingview | 2024-09-17 | N/A |
The SUPERGRIDLib.SuperGrid ActiveX control in SuperGrid.ocx before 65.30.30000.10002 in WellinTech KingView before 6.53 does not properly restrict ReplaceDBFile method calls, which allows remote attackers to create or overwrite arbitrary files, and subsequently execute arbitrary programs, via the two pathname arguments, as demonstrated by a directory traversal attack. | ||||
CVE-2018-8712 | 1 Webmin | 1 Webmin | 2024-09-17 | N/A |
An issue was discovered in Webmin 1.840 and 1.880 when the default Yes setting of "Can view any file as a log file" is enabled. As a result of weak default configuration settings, limited users have full access rights to the underlying Unix system files, allowing the user to read sensitive data from the local system (using Local File Include) such as the '/etc/shadow' file via a "GET /syslog/save_log.cgi?view=1&file=/etc/shadow" request. | ||||
CVE-2021-23357 | 1 Tyk | 1 Tyk | 2024-09-17 | 3.3 Low |
All versions of package github.com/tyktechnologies/tyk/gateway are vulnerable to Directory Traversal via the handleAddOrUpdateApi function. This function is able to delete arbitrary JSON files on the disk where Tyk is running via the management API. The APIID is provided by the user and this value is then used to create a file on disk. If there is a file found with the same name then it will be deleted and then re-created with the contents of the API creation request. | ||||
CVE-2019-7403 | 1 Phpmywind | 1 Phpmywind | 2024-09-17 | N/A |
An issue was discovered in PHPMyWind 5.5. It allows remote attackers to delete arbitrary folders via an admin/database_backup.php?action=import&dopost=deldir&tbname=../ URI. | ||||
CVE-2013-5534 | 1 Cisco | 1 Unity Connection | 2024-09-17 | N/A |
Directory traversal vulnerability in the attachment service in the Voice Message Web Service (aka VMWS or Cisco Unity Web Service) in Cisco Unity Connection allows remote authenticated users to create files, and consequently execute arbitrary JSP code, via a crafted pathname for a file that is not a valid audio file, aka Bug ID CSCuj22948. | ||||
CVE-2017-9270 | 1 Opensuse | 1 Cryptctl | 2024-09-17 | N/A |
In cryptctl before version 2.0 a malicious server could send RPC requests that could overwrite files outside of the cryptctl key database. | ||||
CVE-2017-16155 | 1 Fast-http-cli Project | 1 Fast-http-cli | 2024-09-17 | N/A |
fast-http-cli is the command line interface for fast-http, a simple web server. fast-http-cli is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||||
CVE-2020-3130 | 1 Cisco | 1 Unity Connection | 2024-09-17 | 6.5 Medium |
A vulnerability in the web management interface of Cisco Unity Connection could allow an authenticated remote attacker to overwrite files on the underlying filesystem. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web management interface. A successful exploit could allow the attacker to overwrite files on the underlying filesystem of an affected system. Valid administrator credentials are required to access the system. |