Total
6435 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2021-21706 | 2 Microsoft, Php | 2 Windows, Php | 2024-09-16 | 5.3 Medium |
In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below 8.0.11, in Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when extracting a ZIP file, thus potentially causing files to be created or overwritten, subject to OS permissions. | ||||
CVE-2017-16186 | 1 360class.jansenhm Project | 1 360class.jansenhm | 2024-09-16 | N/A |
360class.jansenhm is a static file server. 360class.jansenhm is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||||
CVE-2020-5410 | 2 Redhat, Vmware | 2 Jboss Fuse, Spring Cloud Config | 2024-09-16 | 7.5 High |
Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead to a directory traversal attack. | ||||
CVE-2021-28588 | 1 Adobe | 1 Robohelp Server | 2024-09-16 | 8.8 High |
Adobe RoboHelp Server version 2019.0.9 (and earlier) is affected by a Path Traversal vulnerability when parsing a crafted HTTP POST request. An authenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. | ||||
CVE-2010-3100 | 1 Portaplus | 1 Porta\+ Ftp Client | 2024-09-16 | N/A |
Directory traversal vulnerability in Porta+ FTP Client 4.1, and possibly other versions, allows remote FTP servers to overwrite arbitrary files via a directory traversal sequences in a filename. | ||||
CVE-2002-2399 | 1 Cascadesoft | 1 W3mail | 2024-09-16 | N/A |
Directory traversal vulnerability in viewAttachment.cgi in W3Mail 1.0.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | ||||
CVE-2018-8909 | 1 Wire | 1 Wire | 2024-09-16 | N/A |
The Wire application before 2018-03-07 for Android allows attackers to write to pathnames outside of the downloads directory via a ../ in a filename of a received file, related to AssetService.scala. | ||||
CVE-2017-16149 | 1 Zwserver Project | 1 Zwserver | 2024-09-16 | N/A |
zwserver is a weather web server. zwserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||||
CVE-2010-0533 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-09-16 | N/A |
Directory traversal vulnerability in AFP Server in Apple Mac OS X before 10.6.3 allows remote attackers to list a share root's parent directory, and read and modify files in that directory, via unspecified vectors. | ||||
CVE-2019-11246 | 2 Kubernetes, Redhat | 2 Kubernetes, Openshift | 2024-09-16 | 6.5 Medium |
The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in the container is malicious, it could run any code and output unexpected, malicious results. An attacker could use this to write files to any path on the user’s machine when kubectl cp is called, limited only by the system permissions of the local user. Kubernetes affected versions include versions prior to 1.12.9, versions prior to 1.13.6, versions prior to 1.14.2, and versions 1.1, 1.2, 1.4, 1.4, 1.5, 1.6, 1.7, 1.8, 1.9, 1.10, 1.11. | ||||
CVE-2011-4800 | 1 Solarwinds | 1 Serv-u File Server | 2024-09-16 | N/A |
Directory traversal vulnerability in Serv-U FTP Server before 11.1.0.5 allows remote authenticated users to read and write arbitrary files, and list and create arbitrary directories, via a "..:/" (dot dot colon forward slash) in the (1) list, (2) put, or (3) get commands. | ||||
CVE-2020-4776 | 1 Ibm | 1 Curam Social Program Management | 2024-09-16 | 7.5 High |
A path traversal vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted file path in URL request to view arbitrary files on the system. IBM X-Force ID: 189154. | ||||
CVE-2013-7361 | 1 Sap | 2 Cm Services, Cms Services | 2024-09-16 | N/A |
Directory traversal vulnerability in SAP CMS and CM Services allows attackers to upload arbitrary files via unspecified vectors. | ||||
CVE-2022-39033 | 1 Lcnet | 1 Smart Evision | 2024-09-16 | 9.8 Critical |
Smart eVision’s file acquisition function has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication, access restricted paths to download and delete arbitrary system files to disrupt service. | ||||
CVE-2010-1059 | 1 Phpkobo | 1 Address Book Script | 2024-09-16 | N/A |
Directory traversal vulnerability in staff/app/common.inc.php in Phpkobo Address Book Script 1.09, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the LANG_CODE parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
CVE-2009-4154 | 1 Elxis | 1 Elxis Cms | 2024-09-16 | N/A |
Directory traversal vulnerability in includes/feedcreator.class.php in Elxis CMS allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter. | ||||
CVE-2017-16173 | 1 Utahcityfinder Project | 1 Utahcityfinder | 2024-09-16 | N/A |
utahcityfinder constructs lists of Utah cities with a certain prefix. utahcityfinder is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||||
CVE-2020-7757 | 1 Droppy Project | 1 Droppy | 2024-09-16 | 6.5 Medium |
This affects all versions of package droppy. It is possible to traverse directories to fetch configuration files from a droopy server. | ||||
CVE-2018-5310 | 1 Media From Ftp Project | 1 Media From Ftp | 2024-09-16 | N/A |
In the "Media from FTP" plugin before 9.85 for WordPress, Directory Traversal exists via the searchdir parameter to the wp-admin/admin.php?page=mediafromftp-search-register URI. | ||||
CVE-2021-32532 | 1 Qsan | 1 Xevo | 2024-09-16 | 7.5 High |
Path traversal vulnerability in back-end analysis function in QSAN XEVO allows remote attackers to download arbitrary files without permissions. The referred vulnerability has been solved with the updated version of QSAN XEVO v2.1.0. |