Total
6437 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2017-18263 | 1 Seagate | 2 Personal Cloud, Personal Cloud Firmware | 2024-09-16 | N/A |
Seagate Media Server in Seagate Personal Cloud before 4.3.18.4 has directory traversal in getPhotoPlaylistPhotos.psp via a parameter named url. | ||||
CVE-2018-20566 | 1 Douco | 1 Douphp | 2024-09-16 | N/A |
An issue was discovered in DouCo DouPHP 1.5 20181221. It allows full path disclosure in "Smarty error: unable to read resource" error messages for a crafted installation page. | ||||
CVE-2010-4931 | 1 Php-fusion | 1 Php-fusion | 2024-09-16 | N/A |
Directory traversal vulnerability in maincore.php in PHP-Fusion allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the folder_level parameter. NOTE: this issue has been disputed by a reliable third party | ||||
CVE-2014-4507 | 1 Theforeman | 1 Foreman | 2024-09-16 | N/A |
Directory traversal vulnerability in Smart-Proxy in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the dst parameter to tftp/fetch_boot_file. | ||||
CVE-2020-3597 | 1 Cisco | 1 Nexus Data Broker | 2024-09-16 | 5.4 Medium |
A vulnerability in the configuration restore feature of Cisco Nexus Data Broker software could allow an unauthenticated, remote attacker to perform a directory traversal attack on an affected device. The vulnerability is due to insufficient validation of configuration backup files. An attacker could exploit this vulnerability by persuading an administrator to restore a crafted configuration backup file. A successful exploit could allow the attacker to overwrite arbitrary files that are accessible through the affected software on an affected device. | ||||
CVE-2018-9459 | 1 Google | 1 Android | 2024-09-16 | N/A |
In Attachment of Attachment.java and getFilePath of EmlAttachmentProvider.java, there is a possible Elevation of Privilege due to a path traversal error. This could lead to a remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-66230183. | ||||
CVE-2017-16195 | 1 Pytservce Project | 1 Pytservce | 2024-09-16 | N/A |
pytservce is a static file server. pytservce is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||||
CVE-2017-16122 | 1 Cuciuci Project | 1 Cuciuci | 2024-09-16 | N/A |
cuciuci is a simple fileserver. cuciuci is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||||
CVE-2018-1744 | 1 Ibm | 1 Security Key Lifecycle Manager | 2024-09-16 | N/A |
IBM Security Key Lifecycle Manager 2.5, 2.6, 2.7, and 3.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 148423. | ||||
CVE-2022-27610 | 1 Synology | 1 Diskstation Manager | 2024-09-16 | 6.5 Medium |
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25423 allows remote authenticated users to delete arbitrary files via unspecified vectors. | ||||
CVE-2010-3203 | 2 Joomla, Xmlswf | 2 Joomla\!, Com Picsell | 2024-09-16 | N/A |
Directory traversal vulnerability in the PicSell (com_picsell) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the dflink parameter in a prevsell dwnfree action to index.php. | ||||
CVE-2017-7974 | 1 Schneider-electric | 1 U.motion Builder | 2024-09-16 | N/A |
A path traversal information disclosure vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can execute arbitrary code and exfiltrate files. | ||||
CVE-2022-2119 | 1 Offis | 1 Dcmtk | 2024-09-16 | 7.5 High |
OFFIS DCMTK's (All versions prior to 3.6.7) service class provider (SCP) is vulnerable to path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled names. This could allow remote code execution. | ||||
CVE-2018-7771 | 1 Schneider-electric | 1 U.motion Builder | 2024-09-16 | N/A |
The vulnerability exists within processing of editscript.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. A directory traversal vulnerability allows a caller with standard user privileges to write arbitrary php files anywhere in the web service directory tree. | ||||
CVE-2022-28127 | 1 Robustel | 2 R1510, R1510 Firmware | 2024-09-16 | 9.1 Critical |
A data removal vulnerability exists in the web_server /action/remove/ API functionality of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary file deletion. An attacker can send a sequence of requests to trigger this vulnerability. | ||||
CVE-2009-0766 | 1 Bookelves | 1 Kipper | 2024-09-16 | N/A |
Directory traversal vulnerability in default.php in Kipper 2.01 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the configfile parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
CVE-2021-29087 | 1 Synology | 2 Diskstation Manager, Diskstation Manager Unified Controller | 2024-09-16 | 7.5 High |
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to write arbitrary files via unspecified vectors. | ||||
CVE-2023-21415 | 1 Axis | 5 Axis Os, Axis Os 2016, Axis Os 2018 and 2 more | 2024-09-16 | 6.5 Medium |
Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API overlay_del.cgi is vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. | ||||
CVE-2022-1518 | 1 Illumina | 8 Iseq 100, Local Run Manager, Miniseq and 5 more | 2024-09-16 | 10 Critical |
LRM contains a directory traversal vulnerability that can allow a malicious actor to upload outside the intended directory structure. | ||||
CVE-2017-2706 | 1 Huawei | 2 Mate 9, Mate 9 Firmware | 2024-09-16 | N/A |
Mate 9 smartphones with software MHA-AL00AC00B125 have a directory traversal vulnerability in Push module. Since the system does not verify the file name during decompression, system directories are traversed. It could be exploited to cause the attacker to replace files and impact the service. |