Total
6435 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-41682 | 1 Fortinet | 1 Fortisandbox | 2024-09-16 | 7.9 High |
| A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiSandbox version 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 2.5.0 through 2.5.2 and 2.4.1 and 2.4.0 allows attacker to denial of service via crafted http requests. | ||||
| CVE-2017-16184 | 1 Scott-blanch-weather-app Project | 1 Scott-blanch-weather-app | 2024-09-16 | N/A |
| scott-blanch-weather-app is a sample Node.js app using Express 4. scott-blanch-weather-app is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||||
| CVE-2017-16090 | 1 Fsk-server Project | 1 Fsk-server | 2024-09-16 | N/A |
| fsk-server is a simple http server. fsk-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||||
| CVE-2020-7666 | 1 U-root | 1 U-root | 2024-09-16 | 7.5 High |
| This affects all versions of package github.com/u-root/u-root/pkg/cpio. It is vulnerable to leading, non-leading relative path traversal attacks and symlink based (relative and absolute) path traversal attacks in cpio file extraction. | ||||
| CVE-2017-11152 | 1 Synology | 1 Photo Station | 2024-09-16 | N/A |
| Directory traversal vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to write arbitrary files via the path parameter. | ||||
| CVE-2010-2035 | 2 Joomla, Percha | 2 Joomla\!, Com Perchagallery | 2024-09-16 | N/A |
| Directory traversal vulnerability in the Percha Gallery (com_perchagallery) component 1.6 Beta for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. | ||||
| CVE-2009-4056 | 1 Betsy | 1 Betsy Cms | 2024-09-16 | N/A |
| Directory traversal vulnerability in admin/popup.php in Betsy CMS 3.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the popup parameter. | ||||
| CVE-2017-7424 | 1 Microfocus | 2 Enterprise Developer, Enterprise Server | 2024-09-16 | N/A |
| A Path Traversal (CWE-22) vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote authenticated users to download arbitrary files from a system running the product, if this component is configured. Note esfadmingui is not enabled by default. | ||||
| CVE-2017-9964 | 1 Schneider-electric | 1 Pelco Videoxpert | 2024-09-16 | N/A |
| A Path Traversal issue was discovered in Schneider Electric Pelco VideoXpert Enterprise all versions prior to 2.1. By sniffing communications, an unauthorized person can execute a directory traversal attack resulting in authentication bypass or session hijack. | ||||
| CVE-2012-0996 | 1 11in1 | 1 11in1 | 2024-09-16 | N/A |
| Multiple directory traversal vulnerabilities in 11in1 1.2.1 stable 12-31-2011 allow remote attackers to read arbitrary files via a .. (dot dot) in the class parameter to (1) index.php or (2) admin/index.php. | ||||
| CVE-2018-14806 | 1 Advantech | 1 Webaccess | 2024-09-16 | N/A |
| Advantech WebAccess 8.3.1 and earlier has a path traversal vulnerability which may allow an attacker to execute arbitrary code. | ||||
| CVE-2018-4861 | 1 Siemens | 2 Scalance M875, Scalance M875 Firmware | 2024-09-16 | N/A |
| A vulnerability has been identified in SCALANCE M875 (All versions). An authenticated remote attacker with access to the web interface (443/tcp), could potentially read and download arbitrary files from the device's file system. Successful exploitation requires that the attacker has network access to the web interface. The attacker must be authenticated as administrative user to exploit the security vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | ||||
| CVE-2017-9067 | 2 Modx, Php | 2 Modx Revolution, Php | 2024-09-16 | N/A |
| In MODX Revolution before 2.5.7, when PHP 5.3.3 is used, an attacker is able to include and execute arbitrary files on the web server due to insufficient validation of the action parameter to setup/index.php, aka directory traversal. | ||||
| CVE-2017-11500 | 1 Metinfo | 1 Metinfo | 2024-09-16 | 7.5 High |
| A directory traversal vulnerability exists in MetInfo 5.3.17. A remote attacker can use ..\ to delete any .zip file via the filenames parameter to /admin/system/database/filedown.php. | ||||
| CVE-2017-16153 | 1 Gaoxuyan Project | 1 Gaoxuyan | 2024-09-16 | N/A |
| gaoxuyan is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||||
| CVE-2022-38196 | 1 Esri | 1 Arcgis Server | 2024-09-16 | 6.5 Medium |
| Esri ArcGIS Server versions 10.9.1 and prior have a path traversal vulnerability that may result in a denial of service by allowing a remote, authenticated attacker to overwrite internal ArcGIS Server directory. | ||||
| CVE-2017-18037 | 1 Atlassian | 1 Bitbucket | 2024-09-16 | N/A |
| The git repository tag rest resource in Atlassian Bitbucket Server from version 3.7.0 before 4.14.11 (the fixed version for 4.14.x), from version 5.0.0 before 5.0.9 (the fixed version for 5.0.x), from version 5.1.0 before 5.1.8 (the fixed version for 5.1.x), from version 5.2.0 before 5.2.6 (the fixed version for 5.2.x), from version 5.3.0 before 5.3.4 (the fixed version for 5.3.x), from version 5.4.0 before 5.4.2 (the fixed version for 5.4.x), from version 5.5.0 before 5.5.1 (the fixed version for 5.5.x) and before 5.6.0 allows remote attackers to read arbitrary files via a path traversal vulnerability through the name of a git tag. | ||||
| CVE-2018-1002203 | 1 Unzipper Project | 1 Unzipper | 2024-09-16 | N/A |
| unzipper npm library before 0.8.13 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'. | ||||
| CVE-2018-14795 | 1 Emerson | 1 Deltav | 2024-09-16 | N/A |
| DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable due to improper path validation which may allow an attacker to replace executable files. | ||||
| CVE-2018-11762 | 1 Apache | 1 Tika | 2024-09-16 | N/A |
| In Apache Tika 0.9 to 1.18, in a rare edge case where a user does not specify an extract directory on the commandline (--extract-dir=) and the input file has an embedded file with an absolute path, such as "C:/evil.bat", tika-app would overwrite that file. | ||||