Total
6435 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-4442 | 1 Ibm | 1 Websphere Application Server | 2024-09-16 | 4.3 Medium |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9,0 could allow a remote attacker to traverse directories on the file system. An attacker could send a specially-crafted URL request to view arbitrary files on the system but not content. IBM X-Force ID: 163226. | ||||
| CVE-2022-20775 | 1 Cisco | 83 1100-4g Integrated Services Router, 1100-4p Integrated Services Router, 1100-6g Integrated Services Router and 80 more | 2024-09-16 | 7.8 High |
| Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges. These vulnerabilities are due to improper access controls on commands within the application CLI. An attacker could exploit these vulnerabilities by running a malicious command on the application CLI. A successful exploit could allow the attacker to execute arbitrary commands as the root user. | ||||
| CVE-2020-7376 | 1 Rapid7 | 1 Metasploit | 2024-09-16 | 7.1 High |
| The Metasploit Framework module "post/osx/gather/enum_osx module" is affected by a relative path traversal vulnerability in the get_keychains method which can be exploited to write arbitrary files to arbitrary locations on the host filesystem when the module is run on a malicious host. | ||||
| CVE-2017-16106 | 1 Tmock Project | 1 Tmock | 2024-09-16 | N/A |
| tmock is a static file server. tmock is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||||
| CVE-2022-20791 | 1 Cisco | 2 Unified Communications Manager, Unified Communications Manager Im And Presence Service | 2024-09-16 | 6.5 Medium |
| A vulnerability in the database user privileges of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device. This vulnerability is due to insufficient file permission restrictions. An attacker could exploit this vulnerability by sending a crafted command from the API to the application. A successful exploit could allow the attacker to read arbitrary files on the underlying operating system of the affected device. The attacker would need valid user credentials to exploit this vulnerability. | ||||
| CVE-2018-1000817 | 1 Asset Pipeline Project | 1 Asset-pipeline | 2024-09-16 | N/A |
| Asset Pipeline Grails Plugin Asset-pipeline plugin version Prior to 2.14.1.1, 2.15.1 and 3.0.6 contains a Incorrect Access Control vulnerability in Applications deployed in Jetty that can result in Download .class files and any arbitrary file. This attack appear to be exploitable via Specially crafted GET request containing directory traversal from assets-pipeline context. This vulnerability appears to have been fixed in 2.14.1.1 (for Grails 2.x), 2.15.1 (for Grails 3 and Java 7) and 3.0.6 (for Grails 3 and Java 8). | ||||
| CVE-2011-1902 | 1 Proofpoint | 2 Messaging Security Gateway, Protection Server | 2024-09-16 | N/A |
| Directory traversal vulnerability in the web interface in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Server 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and 6.2.0 allows remote attackers to read arbitrary files via unspecified vectors. | ||||
| CVE-2021-3709 | 1 Canonical | 2 Apport, Ubuntu Linux | 2024-09-16 | 6.5 Medium |
| Function check_attachment_for_errors() in file data/general-hooks/ubuntu.py could be tricked into exposing private data via a constructed crash file. This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to 2.20.9-0ubuntu7.26; 2.20.11 versions prior to 2.20.11-0ubuntu27.20; 2.20.11 versions prior to 2.20.11-0ubuntu65.3; | ||||
| CVE-2019-3396 | 1 Atlassian | 2 Confluence, Confluence Server | 2024-09-16 | 9.8 Critical |
| The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 before 6.13.3 (the fixed version for 6.13.x), and from version 6.14.0 before 6.14.2 (the fixed version for 6.14.x), allows remote attackers to achieve path traversal and remote code execution on a Confluence Server or Data Center instance via server-side template injection. | ||||
| CVE-2018-16549 | 1 Php File Browser Script Project | 1 Php File Browser Script | 2024-09-16 | N/A |
| HScripts PHP File Browser Script v1.0 allows Directory Traversal via the index.php path parameter. | ||||
| CVE-2022-29517 | 1 Lansweeper | 1 Lansweeper | 2024-09-16 | 9.9 Critical |
| A directory traversal vulnerability exists in the HelpdeskActions.aspx edittemplate functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary file upload. An attacker can send an HTTP request to trigger this vulnerability. | ||||
| CVE-2013-4173 | 1 Xymon | 1 Xymon | 2024-09-16 | N/A |
| Directory traversal vulnerability in the trend-data daemon (xymond_rrd) in Xymon 4.x before 4.3.12 allows remote attackers to delete arbitrary files via a .. (dot dot) in the host name in a "drophost" command. | ||||
| CVE-2012-6495 | 1 Moinmo | 1 Moinmoin | 2024-09-16 | N/A |
| Multiple directory traversal vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to overwrite arbitrary files via unspecified vectors. NOTE: this can be leveraged with CVE-2012-6081 to execute arbitrary code. | ||||
| CVE-2018-19666 | 3 Microsoft, Ossec, Wazuh | 3 Windows, Ossec, Wazuh | 2024-09-16 | N/A |
| The agent in OSSEC through 3.1.0 on Windows allows local users to gain NT AUTHORITY\SYSTEM access via Directory Traversal by leveraging full access to the associated OSSEC server. | ||||
| CVE-2021-38454 | 1 Moxa | 1 Mxview | 2024-09-16 | 10 Critical |
| A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries. | ||||
| CVE-2017-16180 | 1 Serverabc Project | 1 Serverabc | 2024-09-16 | N/A |
| serverabc is a static file server. serverabc is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||||
| CVE-2018-12473 | 1 Opensuse | 1 Open Build Service | 2024-09-16 | N/A |
| A path traversal traversal vulnerability in obs-service-tar_scm of Open Build Service allows remote attackers to cause access files not in the current build. On the server itself this is prevented by confining the worker via KVM. Affected releases are openSUSE Open Build Service: versions prior to 70d1aa4cc4d7b940180553a63805c22fc62e2cf0. | ||||
| CVE-2018-1271 | 3 Oracle, Redhat, Vmware | 30 Application Testing Suite, Big Data Discovery, Communications Converged Application Server and 27 more | 2024-09-16 | 5.9 Medium |
| Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack. | ||||
| CVE-2018-1266 | 1 Cloudfoundry | 1 Capi-release | 2024-09-16 | 8.1 High |
| Cloud Foundry Cloud Controller, versions prior to 1.52.0, contains information disclosure and path traversal vulnerabilities. An authenticated malicious user can predict the location of application blobs and leverage path traversal to create a malicious application that has the ability to overwrite arbitrary files on the Cloud Controller instance. | ||||
| CVE-2017-16145 | 1 Sspa Project | 1 Sspa | 2024-09-16 | N/A |
| sspa is a server dedicated to single-page apps. sspa is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||||