Total
6437 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-30547 | 1 Wwbn | 1 Avideo | 2024-09-16 | 9.9 Critical |
| A directory traversal vulnerability exists in the unzipDirectory functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability. | ||||
| CVE-2011-4450 | 1 Wikkawiki | 1 Wikkawiki | 2024-09-16 | N/A |
| Directory traversal vulnerability in handlers/files.xml/files.xml.php in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to read or delete arbitrary files via a non-initial .. (dot dot) in the file parameter, as demonstrated by the /../../wikka.config.php pathname in a download action. | ||||
| CVE-2014-5111 | 1 Netfortris | 1 Trixbox | 2024-09-16 | N/A |
| Multiple directory traversal vulnerabilities in Fonality trixbox allow remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter to (1) home/index.php, (2) asterisk_info/asterisk_info.php, (3) repo/repo.php, or (4) endpointcfg/endpointcfg.php in maint/modules/. | ||||
| CVE-2015-7237 | 1 Mcafee | 1 Mcafee Agent | 2024-09-16 | N/A |
| Directory traversal vulnerability in the remote log viewing functionality in McAfee Agent (MA) 5.x before 5.0.2 allows remote attackers to obtain sensitive information via unspecified vectors. | ||||
| CVE-2012-5185 | 1 Olivetoast | 1 Documents Pro File Viewer | 2024-09-16 | N/A |
| Directory traversal vulnerability in the Olive Toast Documents Pro File Viewer (formerly Files HD) app before 1.11.1 for iOS allows remote attackers to read or delete files by leveraging guest access. | ||||
| CVE-2019-3737 | 1 Dell | 1 Avamar Data Migration Enabler Web Interface | 2024-09-16 | 7.5 High |
| Dell EMC Avamar ADMe Web Interface 1.0.50 and 1.0.51 are affected by an LFI vulnerability which may allow a malicious user to download arbitrary files from the affected system by sending a specially crafted request to the Web Interface application. | ||||
| CVE-2010-0348 | 1 C-3.co.jp | 1 Webcalenderc3 | 2024-09-16 | N/A |
| Directory traversal vulnerability in C3 Corp. WebCalenderC3 0.32 and earlier allows remote attackers to read arbitrary files via unknown vectors. | ||||
| CVE-2011-2474 | 1 Sybase | 1 Easerver | 2024-09-16 | N/A |
| Directory traversal vulnerability in the HTTP Server in Sybase EAServer 6.3.1 Developer Edition allows remote attackers to read arbitrary files via a /.\../\../\ sequence in a path. | ||||
| CVE-2022-1648 | 1 Pandorafms | 1 Pandora Fms | 2024-09-16 | 5.7 Medium |
| Pandora FMS v7.0NG.760 and below allows a relative path traversal in File Manager where a privileged user could upload a .php file outside the intended images directory which is restricted to execute the .php file. The impact could lead to a Remote Code Execution with running application privilege. | ||||
| CVE-2017-16085 | 1 Tinyserver2 Project | 1 Tinyserver2 | 2024-09-16 | N/A |
| tinyserver2 is a webserver for static files. tinyserver2 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL. | ||||
| CVE-2009-4053 | 1 Home Ftp Server Project | 1 Home Ftp Server | 2024-09-16 | 6.5 Medium |
| Multiple directory traversal vulnerabilities in Home FTP Server 1.10.1.139 allow remote authenticated users to (1) create arbitrary directories via directory traversal sequences in an MKD command or (2) create files with any contents in arbitrary directories via directory traversal sequences in a file upload request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2022-24278 | 1 Convert-svg Project | 1 Convert-svg | 2024-09-16 | 7.5 High |
| The package convert-svg-core before 0.6.4 are vulnerable to Directory Traversal due to improper sanitization of SVG tags. Exploiting this vulnerability is possible by using a specially crafted SVG file. | ||||
| CVE-2013-0673 | 1 Matrikonopc | 1 Matrikonopc A\&e Historian | 2024-09-16 | N/A |
| Directory traversal vulnerability in the web interface in the Health Monitor service in MatrikonOPC A&E Historian 1.0.0.0 allows remote attackers to read and delete arbitrary files via a crafted URL. | ||||
| CVE-2021-41293 | 1 Ecoa | 5 Ecs Router Controller-ecs, Ecs Router Controller-ecs Firmware, Riskbuster and 2 more | 2024-09-16 | 7.5 High |
| ECOA BAS controller suffers from a path traversal vulnerability, causing arbitrary files disclosure. Using the specific POST parameter, unauthenticated attackers can remotely disclose arbitrary files on the affected device and disclose sensitive and system information. | ||||
| CVE-2021-3960 | 1 Bitdefender | 1 Gravityzone | 2024-09-16 | 7.1 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on vulnerable instances. This issue affects Bitdefender GravityZone versions prior to 3.3.8.272 | ||||
| CVE-2021-1256 | 1 Cisco | 1 Firepower Threat Defense | 2024-09-16 | 6 Medium |
| A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to overwrite files on the file system of an affected device by using directory traversal techniques. A successful exploit could cause system instability if important system files are overwritten. This vulnerability is due to insufficient validation of user input for the file path in a specific CLI command. An attacker could exploit this vulnerability by logging in to a targeted device and issuing a specific CLI command with crafted user input. A successful exploit could allow the attacker to overwrite arbitrary files on the file system of the affected device. The attacker would need valid user credentials on the device. | ||||
| CVE-2019-1717 | 1 Cisco | 1 Video Surveillance Manager | 2024-09-16 | N/A |
| A vulnerability in the web-based management interface of Cisco Video Surveillance Manager could allow an unauthenticated, remote attacker to access sensitive information. The vulnerability is due to improper validation of parameters handled by the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to an affected component. A successful exploit could allow the attacker to download arbitrary files from the affected device, which could contain sensitive information. | ||||
| CVE-2017-16142 | 1 Infraserver Project | 1 Infraserver | 2024-09-16 | N/A |
| infraserver is a RESTful server. infraserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||||
| CVE-2018-18485 | 1 Phpshe | 1 Phpshe | 2024-09-16 | N/A |
| An issue was discovered in PHPSHE 1.7. admin.php?mod=db&act=del allows remote attackers to delete arbitrary files via directory traversal sequences in the dbname parameter. This can be leveraged to reload the product by deleting install.lock. | ||||
| CVE-2017-8853 | 1 Fiyo | 1 Fiyo Cms | 2024-09-16 | N/A |
| Fiyo CMS v2.0.7 has an arbitrary file delete vulnerability in dapur/apps/app_config/controller/backuper.php via directory traversal in the file parameter during an act=db action. | ||||