Total
6435 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2010-2334 | 1 Yamamah | 1 Yamamah | 2024-09-16 | N/A |
Directory traversal vulnerability in themes/default/download.php in Yamamah Photo Gallery 1.00, as distributed before 20100618, allows remote attackers to read arbitrary files via a .. (dot dot) in the download parameter. | ||||
CVE-2022-34430 | 1 Dell | 1 Hybrid Client | 2024-09-16 | 7.1 High |
Dell Hybrid Client below 1.8 version contains a Zip Bomb Vulnerability in UI. A guest privilege attacker could potentially exploit this vulnerability, leading to system files modification. | ||||
CVE-2022-27615 | 1 Synology | 1 Dns Server | 2024-09-16 | 7.7 High |
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in cgi component in Synology DNS Server before 2.2.2-5027 allows remote authenticated users to delete arbitrary files via unspecified vectors. | ||||
CVE-2021-23407 | 1 Elfinder.net.core Project | 1 Elfinder.net.core | 2024-09-16 | 7.5 High |
This affects the package elFinder.Net.Core from 0 and before 1.2.4. The user-controlled file name is not properly sanitized before it is used to create a file system path. | ||||
CVE-2017-10949 | 1 Dell | 1 Storage Manager 2016 | 2024-09-16 | N/A |
Directory Traversal in Dell Storage Manager 2016 R2.1 causes Information Disclosure when the doGet method of the EmWebsiteServlet class doesn't properly validate user provided path before using it in file operations. Was ZDI-CAN-4459. | ||||
CVE-2019-15004 | 1 Atlassian | 1 Jira Service Desk | 2024-09-16 | 7.5 High |
The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before 3.9.17, from 3.10.0 before 3.16.10, from 4.0.0 before 4.2.6, from 4.3.0 before 4.3.5, from 4.4.0 before 4.4.3, and from 4.5.0 before 4.5.1 allows remote attackers with portal access to view arbitrary issues in Jira Service Desk projects via a path traversal vulnerability. Note that when the 'Anyone can email the service desk or raise a request in the portal' setting is enabled, an attacker can grant themselves portal access, allowing them to exploit the vulnerability. | ||||
CVE-2018-0420 | 1 Cisco | 1 Wireless Lan Controller Software | 2024-09-16 | 6.5 Medium |
A vulnerability in the web-based interface of Cisco Wireless LAN Controller Software could allow an authenticated, remote attacker to view sensitive information. The issue is due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames and pathnames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location. A successful exploit could allow the attacker to view system files on the targeted device, which may contain sensitive information. | ||||
CVE-2020-7665 | 1 U-root | 1 U-root | 2024-09-16 | 7.5 High |
This affects all versions of package github.com/u-root/u-root/pkg/uzip. It is vulnerable to both leading and non-leading relative path traversal attacks in zip file extraction. | ||||
CVE-2017-11162 | 1 Synology | 1 Photo Station | 2024-09-16 | N/A |
Directory traversal vulnerability in synphotoio in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticated users to read arbitrary files via unspecified vectors. | ||||
CVE-2020-7790 | 1 Spatie | 1 Browsershot | 2024-09-16 | 5.3 Medium |
This affects the package spatie/browsershot from 0.0.0. By specifying a URL in the file:// protocol an attacker is able to include arbitrary files in the resultant PDF. | ||||
CVE-2007-5927 | 1 Openbase International Ltd | 1 Openbase | 2024-09-16 | N/A |
Directory traversal vulnerability in OpenBase 10.0.5 and earlier allows remote authenticated users to create files with arbitrary contents via a .. (dot dot) in the first argument to the GlobalLog stored procedure. NOTE: this can be leveraged to execute arbitrary code using CVE-2007-5926. | ||||
CVE-2018-3732 | 1 Resolve-path Project | 1 Resolve-path | 2024-09-16 | 7.5 High |
resolve-path node module before 1.4.0 suffers from a Path Traversal vulnerability due to lack of validation of paths with certain special characters, which allows a malicious user to read content of any file with known path. | ||||
CVE-2017-1087 | 1 Freebsd | 1 Freebsd | 2024-09-16 | N/A |
In FreeBSD 10.x before 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24 named paths are globally scoped, meaning a process located in one jail can read and modify the content of POSIX shared memory objects created by a process in another jail or the host system. As a result, a malicious user that has access to a jailed system is able to abuse shared memory by injecting malicious content in the shared memory region. This memory region might be executed by applications trusting the shared memory, like Squid. This issue could lead to a Denial of Service or local privilege escalation. | ||||
CVE-2017-16209 | 1 Enserver Project | 1 Enserver | 2024-09-16 | N/A |
enserver is a simple web server. enserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||||
CVE-2010-3487 | 1 Yellosoft | 1 Pinky | 2024-09-16 | N/A |
Directory traversal vulnerability in YelloSoft Pinky 1.0 for Windows allows remote attackers to read arbitrary files via a %5C (encoded backslash) in the URL. | ||||
CVE-2017-16140 | 1 Lab6.brit95 Project | 1 Lab6.brit95 | 2024-09-16 | N/A |
lab6.brit95 is a file server. lab6.brit95 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||||
CVE-2017-10933 | 1 Zte | 2 Zxdt22 Sf01, Zxdt22 Sf01 Firmware | 2024-09-16 | N/A |
All versions prior to V2.06.00.00 of ZTE ZXDT22 SF01, an monitoring system of ZTE energy product, are impacted by directory traversal vulnerability that allows remote attackers to read arbitrary files on the system via a full path name after host address. | ||||
CVE-2017-16189 | 1 Sly07 Project | 1 Sly07 | 2024-09-16 | N/A |
sly07 is an API for censoring text. sly07 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||||
CVE-2019-3580 | 1 Openrefine | 1 Openrefine | 2024-09-16 | N/A |
OpenRefine through 3.1 allows arbitrary file write because Directory Traversal can occur during the import of a crafted project file. | ||||
CVE-2020-35612 | 1 Joomla | 1 Joomla\! | 2024-09-16 | 7.5 High |
An issue was discovered in Joomla! 2.5.0 through 3.9.22. The folder parameter of mod_random_image lacked input validation, leading to a path traversal vulnerability. |