Total
6435 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2018-3744 | 1 Html-pages Project | 1 Html-pages | 2024-09-16 | 9.8 Critical |
The html-pages node module contains a path traversal vulnerabilities that allows an attacker to read any file from the server with cURL. | ||||
CVE-2022-27617 | 1 Synology | 2 Calendar, Diskstation Manager | 2024-09-16 | 5 Medium |
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Calendar before 2.3.4-0631 allows remote authenticated users to download arbitrary files via unspecified vectors. | ||||
CVE-2009-4192 | 1 Interspire | 1 Knowledge Manager | 2024-09-16 | N/A |
Directory traversal vulnerability in dialog/file_manager.php in Interspire Knowledge Manager 5 allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
CVE-2011-2757 | 1 Manageengine | 1 Servicedesk Plus | 2024-09-16 | N/A |
Directory traversal vulnerability in FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0.0.12 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the FILENAME parameter. NOTE: this might overlap the US-CERT VU#543310 issue. | ||||
CVE-2017-16199 | 1 Susu-sum Project | 1 Susu-sum | 2024-09-16 | N/A |
susu-sum is a static file server. susu-sum is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||||
CVE-2022-20954 | 1 Cisco | 2 Roomos, Telepresence Collaboration Endpoint | 2024-09-16 | 5.5 Medium |
Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | ||||
CVE-2017-16210 | 1 Jn Jj Server Project | 1 Jn Jj Server | 2024-09-16 | N/A |
jn_jj_server is a static file server. jn_jj_server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||||
CVE-2014-2313 | 2 Atlassian, Microsoft | 2 Jira, Windows | 2024-09-16 | N/A |
Directory traversal vulnerability in the Importers plugin in Atlassian JIRA before 6.0.5 allows remote attackers to create arbitrary files via unspecified vectors. | ||||
CVE-2021-23520 | 1 Juce | 1 Juce | 2024-09-16 | 5.5 Medium |
The package juce-framework/juce before 6.1.5 are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) via the ZipFile::uncompressEntry function in juce_ZipFile.cpp. This vulnerability is triggered when the archive is extracted upon calling uncompressTo() on a ZipFile object. | ||||
CVE-2022-27620 | 1 Synology | 2 Diskstation Manager, Sso Server | 2024-09-16 | 6.8 Medium |
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology SSO Server before 2.2.3-0331 allows remote authenticated users to read arbitrary files via unspecified vectors. | ||||
CVE-2018-6660 | 1 Mcafee | 1 Epolicy Orchestrator | 2024-09-16 | N/A |
Directory Traversal vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 and 5.9.0 allows administrators to use Windows alternate data streams, which could be used to bypass the file extensions, via not properly validating the path when exporting a particular XML file. | ||||
CVE-2022-39034 | 1 Lcnet | 1 Smart Evision | 2024-09-16 | 6.5 Medium |
Smart eVision has a path traversal vulnerability in the Report API function due to insufficient filtering for special characters in URLs. A remote attacker with general user privilege can exploit this vulnerability to bypass authentication, access restricted paths and download system files. | ||||
CVE-2012-2293 | 1 Emc | 2 Rsa Archer Egrc, Rsa Archer Smartsuite | 2024-09-16 | N/A |
Directory traversal vulnerability in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allows remote authenticated users to upload files, and consequently execute arbitrary code, via a relative path. | ||||
CVE-2020-5405 | 1 Vmware | 1 Spring Cloud Config | 2024-09-16 | 6.5 Medium |
Spring Cloud Config, versions 2.2.x prior to 2.2.2, versions 2.1.x prior to 2.1.7, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead a directory traversal attack. | ||||
CVE-2022-35216 | 1 Omicard Edm Project | 1 Omicard Edm | 2024-09-16 | 7.5 High |
OMICARD EDM’s mail image relay function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to by-pass authentication and access arbitrary system files. | ||||
CVE-2022-20677 | 1 Cisco | 62 1100-4g Integrated Services Router, 1100-6g Integrated Services Router, 1101 Integrated Services Router and 59 more | 2024-09-16 | 5.5 Medium |
Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory. | ||||
CVE-2018-1000659 | 1 Limesurvey | 1 Limesurvey | 2024-09-16 | N/A |
LimeSurvey version 3.14.4 and earlier contains a directory traversal in file upload that allows upload of webshell vulnerability in file upload functionality that can result in remote code execution as authenticated user. This attack appear to be exploitable via An authenticated user can upload a specially crafted zip file to get remote code execution. This vulnerability appears to have been fixed in after commit 72a02ebaaf95a80e26127ee7ee2b123cccce05a7 / version 3.14.4. | ||||
CVE-2021-42787 | 1 Riverbed | 1 Steelcentral Appinternals Dynamic Sampling Agent | 2024-09-16 | 9.4 Critical |
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA) AgentConfigurationServlet has directory traversal vulnerabilities at the "/api/appInternals/1.0/agent/configuration" API. The affected endpoint does not have any input validation of the user's input that allows a malicious payload to be injected. | ||||
CVE-2009-0615 | 1 Cisco | 2 Application Control Engine Device Manager, Application Networking Manager | 2024-09-16 | N/A |
Directory traversal vulnerability in Cisco Application Networking Manager (ANM) before 2.0 and Application Control Engine (ACE) Device Manager before A3(2.1) allows remote authenticated users to read or modify arbitrary files via unspecified vectors, related to "invalid directory permissions." | ||||
CVE-2017-14384 | 1 Dell | 1 Storage Manager | 2024-09-16 | N/A |
In Dell Storage Manager versions earlier than 16.3.20, the EMConfigMigration service is affected by a directory traversal vulnerability. A remote malicious user could potentially exploit this vulnerability to read unauthorized files by supplying specially crafted strings in input parameters of the application. A malicious user cannot delete or modify any files via this vulnerability. |