Total
6435 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-0705 | 1 Lsi | 1 3ware Disk Manager | 2024-09-16 | N/A |
| Directory traversal vulnerability in LSI 3ware Disk Manager (3DM) before 2 allows remote attackers to read arbitrary files via unspecified vectors. | ||||
| CVE-2017-16179 | 1 Dasafio Project | 1 Dasafio | 2024-09-16 | N/A |
| dasafio is a web server. dasafio is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. File access is restricted to only .html files. | ||||
| CVE-2010-1374 | 2 Aol, Apple | 3 Aim, Mac Os X, Mac Os X Server | 2024-09-16 | N/A |
| Directory traversal vulnerability in iChat in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, when AIM is used, allows remote attackers to create arbitrary files via directory traversal sequences in an inline image-transfer operation. | ||||
| CVE-2019-11603 | 1 Bosch | 2 Iot Gateway Software, Prosyst Mbs Sdk | 2024-09-16 | N/A |
| A HTTP Traversal Attack in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.0.2 allows remote attackers to read files outside the http root. | ||||
| CVE-2017-16165 | 1 Calmquist.static-server Project | 1 Calmquist.static-server | 2024-09-16 | N/A |
| calmquist.static-server is a static file server. calmquist.static-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||||
| CVE-2005-1813 | 1 Futuresoft | 1 Tftp Server 2000 | 2024-09-16 | N/A |
| Directory traversal vulnerability in FutureSoft TFTP Server Evaluation Version 1.0.0.1 allows remote attackers to read arbitrary files via a TFTP GET request containing (1) "../" (dot dot slash) or (2) "..\" (dot dot backslash) sequences. | ||||
| CVE-2017-16208 | 1 Dmmcquay.lab6 Project | 1 Dmmcquay.lab6 | 2024-09-16 | N/A |
| dmmcquay.lab6 is a REST server. dmmcquay.lab6 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||||
| CVE-2018-6500 | 1 Hp | 1 Arcsight Management Center | 2024-09-16 | N/A |
| A potential Directory Traversal Security vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be remotely exploited to allow Directory Traversal. | ||||
| CVE-2021-44162 | 1 Chinasea | 1 Qb Smart Service Robot | 2024-09-16 | 7.5 High |
| Chain Sea ai chatbot system’s specific file download function has path traversal vulnerability. The function has improper filtering of special characters in URL parameters, which allows a remote attacker to download arbitrary system files without authentication. | ||||
| CVE-2020-3187 | 1 Cisco | 26 Adaptive Security Appliance Software, Asa 5505, Asa 5505 Firmware and 23 more | 2024-09-16 | 9.1 Critical |
| A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and obtain read and delete access to sensitive files on a targeted system. The vulnerability is due to a lack of proper input validation of the HTTP URL. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences. An exploit could allow the attacker to view or delete arbitrary files on the targeted system. When the device is reloaded after exploitation of this vulnerability, any files that were deleted are restored. The attacker can only view and delete files within the web services file system. This file system is enabled when the affected device is configured with either WebVPN or AnyConnect features. This vulnerability can not be used to obtain access to ASA or FTD system files or underlying operating system (OS) files. Reloading the affected device will restore all files within the web services file system. | ||||
| CVE-2013-6864 | 1 Sybase | 1 Adaptive Server Enterprise | 2024-09-16 | N/A |
| Directory traversal vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to affect confidentiality, integrity, and availability via unspecified vectors. | ||||
| CVE-2010-3097 | 1 Winfrigate | 1 Frigate 3 | 2024-09-16 | N/A |
| Directory traversal vulnerability in WinFrigate Frigate 3 FTP client 3.36 and earlier allows remote FTP servers to overwrite arbitrary files via a "..\" (dot dot backslash) in a filename. | ||||
| CVE-2020-3383 | 1 Cisco | 1 Data Center Network Manager | 2024-09-16 | 8.8 High |
| A vulnerability in the archive utility of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. The vulnerability is due to a lack of proper input validation of paths that are embedded within archive files. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to write arbitrary files in the system with the privileges of the logged-in user. | ||||
| CVE-2012-0998 | 1 Lepton-cms | 1 Lepton | 2024-09-16 | N/A |
| Directory traversal vulnerability in account/preferences.php in LEPTON before 1.1.4 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the language parameter. | ||||
| CVE-2017-16102 | 1 Serverhuwenhui Project | 1 Serverhuwenhui | 2024-09-16 | N/A |
| serverhuwenhui is a simple http server. serverhuwenhui is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL. | ||||
| CVE-2019-15266 | 1 Cisco | 1 Wireless Lan Controller Software | 2024-09-16 | 4.4 Medium |
| A vulnerability in the CLI of Cisco Wireless LAN Controller (WLC) Software could allow an authenticated, local attacker to view system files that should be restricted. This vulnerability is due to improper sanitization of user-supplied input in command-line parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location. A successful exploit could allow the attacker to view system files that may contain sensitive information. | ||||
| CVE-2011-2755 | 1 Manageengine | 1 Servicedesk Plus | 2024-09-16 | N/A |
| Directory traversal vulnerability in FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0 before Build 8012 allows remote attackers to read arbitrary files via unspecified vectors. | ||||
| CVE-2020-14523 | 1 Mitsubishielectric | 27 Cw Configurator, Fr Configurator2, Gx Works2 and 24 more | 2024-09-16 | 8.3 High |
| Multiple Mitsubishi Electric Factory Automation products have a vulnerability that allows an attacker to execute arbitrary code. | ||||
| CVE-2021-41291 | 1 Ecoa | 5 Ecs Router Controller-ecs, Ecs Router Controller-ecs Firmware, Riskbuster and 2 more | 2024-09-16 | 7.5 High |
| ECOA BAS controller suffers from a path traversal content disclosure vulnerability. Using the GET parameter in File Manager, unauthenticated attackers can remotely disclose directory content on the affected device. | ||||
| CVE-2018-1002207 | 1 Archiver Project | 1 Archiver | 2024-09-16 | N/A |
| mholt/archiver golang package before e4ef56d48eb029648b0e895bb0b6a393ef0829c3 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'. | ||||