Total
6435 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-33005 | 1 Myscada | 1 Mypro | 2024-09-17 | 7.5 High |
| mySCADA myPRO versions prior to 8.20.0 allows an unauthenticated remote attacker to upload arbitrary files to arbitrary directories. | ||||
| CVE-2017-16148 | 1 Serve46 Project | 1 Serve46 | 2024-09-17 | N/A |
| serve46 is a static file server. serve46 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||||
| CVE-2008-4454 | 1 Mysql Quick Admin | 1 Mysql Quick Admin | 2024-09-17 | N/A |
| Directory traversal vulnerability in EKINdesigns MySQL Quick Admin 1.5.5 allows remote attackers to read and execute arbitrary files via a .. (dot dot) in the lang parameter to actions.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2010-3102 | 1 3dftp | 1 3d-ftp Client | 2024-09-17 | N/A |
| Directory traversal vulnerability in SiteDesigner Technologies, Inc. 3D-FTP Client 9.0 build 2, and probably earlier versions, allows remote FTP servers to write arbitrary files via a "..\" (dot dot backslash) in a filename. | ||||
| CVE-2020-12146 | 1 Silver-peak | 1 Unity Orchestrator | 2024-09-17 | 6.6 Medium |
| In Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+, an authenticated user can access, modify, and delete restricted files on the Orchestrator server using the/debugFiles REST API. | ||||
| CVE-2017-16097 | 1 Tiny-http Project | 1 Tiny-http | 2024-09-17 | N/A |
| tiny-http is a simple http server. tiny-http is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||||
| CVE-2012-5972 | 1 Specview | 1 Specview | 2024-09-17 | N/A |
| Directory traversal vulnerability in the web server in SpecView 2.5 build 853 and earlier allows remote attackers to read arbitrary files via a ... (dot dot dot) in a URI. | ||||
| CVE-2020-3143 | 1 Cisco | 42 Ex60, Ex60 Firmware, Ex90 and 39 more | 2024-09-17 | 7.2 High |
| A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence Collaboration Endpoint (CE) Software, Cisco TelePresence Codec (TC) Software, and Cisco RoomOS Software could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. The vulnerability is due to insufficient validation of user-supplied input to the xAPI of the affected software. An attacker could exploit this vulnerability by sending a crafted request to the xAPI. A successful exploit could allow the attacker to read and write arbitrary files in the system. To exploit this vulnerability, an attacker would need either an In-Room Control or administrator account. | ||||
| CVE-2021-38399 | 1 Honeywell | 8 Application Control Environment, Application Control Environment Firmware, C200 and 5 more | 2024-09-17 | 7.5 High |
| Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to relative path traversal, which may allow an attacker access to unauthorized files and directories. | ||||
| CVE-2020-2504 | 1 Qnap | 1 Qes | 2024-09-17 | 5.8 Medium |
| If exploited, this absolute path traversal vulnerability could allow attackers to traverse files in File Station. QNAP has already fixed these issues in QES 2.1.1 Build 20201006 and later. | ||||
| CVE-2013-5648 | 1 Id | 2 Id-software, Libdigidoc | 2024-09-17 | N/A |
| Absolute path traversal vulnerability in the handleStartDataFile function in DigiDocSAXParser.c in libdigidoc 3.6.0.0, as used in ID-software before 3.7.2 and other products, allows remote attackers to overwrite arbitrary files via a filename beginning with / (slash) or \ (backslash) in a DDOC file. | ||||
| CVE-2010-1063 | 1 Phpkobo | 1 Free Real Estate Contact Form Script | 2024-09-17 | N/A |
| Multiple directory traversal vulnerabilities in Phpkobo Free Real Estate Contact Form 1.09, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the LANG_CODE parameter to (1) codelib/cfg/common.inc.php, (2) form/app/common.inc.php, and (3) staff/app/common.inc.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2010-1298 | 1 Pulsecms | 1 Pulse Cms | 2024-09-17 | N/A |
| Directory traversal vulnerability in view.php in Pulse CMS 1.2.2 allows remote attackers to read arbitrary files via directory traversal sequences in the f parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2018-8889 | 1 Blackberry | 1 Enterprise Mobility Server | 2024-09-17 | N/A |
| A directory traversal vulnerability in the Connect Service of the BlackBerry Enterprise Mobility Server (BEMS) 2.8.17.29 and earlier could allow an attacker to retrieve arbitrary files in the context of a BEMS administrator account. | ||||
| CVE-2022-32573 | 1 Lansweeper | 1 Lansweeper | 2024-09-17 | 9.9 Critical |
| A directory traversal vulnerability exists in the AssetActions.aspx addDoc functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary file upload. An attacker can send an HTTP request to trigger this vulnerability. | ||||
| CVE-2021-20511 | 2 Docker, Ibm | 2 Docker, Security Verify Access | 2024-09-17 | 4.9 Medium |
| IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 198300. | ||||
| CVE-2022-20816 | 1 Cisco | 1 Unified Communications Manager | 2024-09-17 | 6.5 Medium |
| A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to delete arbitrary files from an affected system. This vulnerability exists because the affected software does not properly validate HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow the attacker to delete arbitrary files from the affected system. | ||||
| CVE-2012-4616 | 1 Emc | 1 Data Protection Advisor | 2024-09-17 | N/A |
| Directory traversal vulnerability in the Web UI in EMC Data Protection Advisor (DPA) 5.6 through SP1, 5.7 through SP1, and 5.8 through SP4 allows remote attackers to read arbitrary files via unspecified vectors. | ||||
| CVE-2019-12704 | 1 Cisco | 4 Spa112, Spa112 Firmware, Spa122 and 1 more | 2024-09-17 | 6.5 Medium |
| A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to view the contents of arbitrary files on an affected device. The vulnerability is due to improper input validation in the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to retrieve the contents of arbitrary files on the device, possibly resulting in the disclosure of sensitive information. | ||||
| CVE-2011-4640 | 1 Spamtitan | 1 Webtitan | 2024-09-17 | N/A |
| Directory traversal vulnerability in logs-x.php in SpamTitan WebTitan before 3.60 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the fname parameter in a view action. | ||||