Total
6435 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-16037 | 1 Gomeplus-h5-proxy Project | 1 Gomeplus-h5-proxy | 2024-09-16 | N/A |
| `gomeplus-h5-proxy` is vulnerable to a directory traversal issue, allowing attackers to access any file in the system by placing '../' in the URL. | ||||
| CVE-2013-0671 | 1 Siemens | 1 Wincc Tia Portal | 2024-09-16 | N/A |
| Directory traversal vulnerability in Siemens WinCC (TIA Portal) 11 allows remote authenticated users to read HMI web-application source code and user-defined scripts via a crafted URL. | ||||
| CVE-2021-28208 | 1 Asus | 88 Asmb9-ikvm, Asmb9-ikvm Firmware, E700 G4 and 85 more | 2024-09-16 | 4.9 Medium |
| The specific function in ASUS BMC’s firmware Web management page (Get video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files. | ||||
| CVE-2011-4001 | 1 Mawashimono | 1 Nikki | 2024-09-16 | N/A |
| Directory traversal vulnerability in HP no Mawashimono Nikki 6.6 and earlier allows remote attackers to read and modify arbitrary files via unspecified vectors. | ||||
| CVE-2007-3967 | 1 Dirlist | 1 Dirlist Php | 2024-09-16 | N/A |
| Directory traversal vulnerability in index.php in PHP Directory Lister (dirLIST) before 0.1.1 allows remote attackers to list the contents of a parent directory via a .. (dot dot) in the folder parameter. | ||||
| CVE-2022-2265 | 1 Identity And Directory Management System Project | 1 Identity And Directory Management System | 2024-09-16 | 7.5 High |
| The Identity and Directory Management System developed by Çekino Bilgi Teknolojileri before version 2.1.25 has an unauthenticated Path traversal vulnerability. This has been fixed in the version 2.1.25 | ||||
| CVE-2022-22349 | 1 Ibm | 1 Sterling External Authentication Server | 2024-09-16 | 4.3 Medium |
| IBM Sterling External Authentication Server 3.4.3.2, 6.0.2.0, and 6.0.3.0 is vulnerable to path traversals, due to not properly validating RESTAPI configuration data. An authorized user could import invalid data which could be used for an attack. IBM X-Force ID: 220144. | ||||
| CVE-2017-16201 | 1 Zjjserver Project | 1 Zjjserver | 2024-09-16 | N/A |
| zjjserver is a static file server. zjjserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||||
| CVE-2022-27498 | 1 Lansweeper | 1 Lansweeper | 2024-09-16 | 6.5 Medium |
| A directory traversal vulnerability exists in the TicketTemplateActions.aspx GetTemplateAttachment functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request to trigger this vulnerability. | ||||
| CVE-2017-16194 | 1 Picard Project | 1 Picard | 2024-09-16 | N/A |
| picard is a micro framework. picard is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||||
| CVE-2021-22857 | 1 Changjia Property Management System Project | 1 Changjia Property Management System | 2024-09-16 | 7.5 High |
| The CGE page with download function contains a Directory Traversal vulnerability. Attackers can use this loophole to download system files arbitrarily. | ||||
| CVE-2021-34594 | 1 Beckhoff | 4 Tf6100, Tf6100 Firmware, Ts6100 and 1 more | 2024-09-16 | 6.5 Medium |
| TwinCAT OPC UA Server in TF6100 and TS6100 in product versions before 4.3.48.0 or with TcOpcUaServer versions below 3.2.0.194 are prone to a relative path traversal that allow administrators to create or delete any files on the system. | ||||
| CVE-2017-14804 | 2 Opensuse, Suse | 2 Leap, Linux Enterprise Software Development Kit | 2024-09-16 | N/A |
| The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots. | ||||
| CVE-2020-8570 | 1 Kubernetes | 1 Java | 2024-09-16 | 9.1 Critical |
| Kubernetes Java client libraries in version 10.0.0 and versions prior to 9.0.1 allow writes to paths outside of the current directory when copying multiple files from a remote pod which sends a maliciously crafted archive. This can potentially overwrite any files on the system of the process executing the client code. | ||||
| CVE-2020-15703 | 1 Aptdaemon Project | 1 Aptdaemon | 2024-09-16 | 4 Medium |
| There is no input validation on the Locale property in an apt transaction. An unprivileged user can supply a full path to a writable directory, which lets aptd read a file as root. Having a symlink in place results in an error message if the file exists, and no error otherwise. This way an unprivileged user can check for the existence of any files on the system as root. | ||||
| CVE-2018-3725 | 1 Hekto Project | 1 Hekto | 2024-09-16 | 7.5 High |
| hekto node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path. | ||||
| CVE-2022-38205 | 1 Esri | 1 Portal For Arcgis | 2024-09-16 | 8.6 High |
| In some non-default installations of Esri Portal for ArcGIS versions 10.9.1 and below, a directory traversal issue may allow a remote, unauthenticated attacker to traverse the file system and lead to the disclosure of sensitive data (not customer-published content). | ||||
| CVE-2021-42857 | 1 Riverbed | 1 Steelcentral Appinternals Dynamic Sampling Agent | 2024-09-16 | 5.3 Medium |
| It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA) AgentDaServlet has directory traversal vulnerabilities at the "/api/appInternals/1.0/agent/da/pcf" API. The affected endpoint does not have any validation of the user's input that allows a malicious payload to be injected. | ||||
| CVE-2018-0722 | 1 Qnap | 2 Photo Station, Qts | 2024-09-16 | N/A |
| Path Traversal vulnerability in Photo Station versions: 5.7.2 and earlier in QTS 4.3.4, 5.4.4 and earlier in QTS 4.3.3, 5.2.8 and earlier in QTS 4.2.6 could allow remote attackers to access sensitive information on the device. | ||||
| CVE-2021-23484 | 1 Zip-local Project | 1 Zip-local | 2024-09-16 | 9.8 Critical |
| The package zip-local before 0.3.5 are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) which can lead to an extraction of a crafted file outside the intended extraction directory. | ||||