Total
6437 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-10367 | 1 Opsview | 1 Opsview | 2024-09-16 | N/A |
| In Opsview Monitor Pro (Prior to 5.1.0.162300841, prior to 5.0.2.27475, prior to 4.6.4.162391051, and 4.5.x without a certain 2016 security patch), an unauthenticated Directory Traversal vulnerability can be exploited by issuing a specially crafted HTTP GET request utilizing a simple URL encoding bypass, %252f instead of /. | ||||
| CVE-2019-12666 | 1 Cisco | 1 Ios Xe | 2024-09-16 | 6.7 Medium |
| A vulnerability in the Guest Shell of Cisco IOS XE Software could allow an authenticated, local attacker to perform directory traversal on the base Linux operating system of Cisco IOS XE Software. The vulnerability is due to incomplete validation of certain commands. An attacker could exploit this vulnerability by first accessing the Guest Shell and then entering specific commands. A successful exploit could allow the attacker to execute arbitrary code on the base Linux operating system. | ||||
| CVE-2017-16187 | 1 Open-device Project | 1 Open-device | 2024-09-16 | N/A |
| open-device creates a web interface for any device. open-device is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||||
| CVE-2021-1385 | 1 Cisco | 2 Ios, Ios Xe | 2024-09-16 | 6.5 Medium |
| A vulnerability in the Cisco IOx application hosting environment of multiple Cisco platforms could allow an authenticated, remote attacker to conduct directory traversal attacks and read and write files on the underlying operating system or host system. This vulnerability occurs because the device does not properly validate URIs in IOx API requests. An attacker could exploit this vulnerability by sending a crafted API request that contains directory traversal character sequences to an affected device. A successful exploit could allow the attacker to read or write arbitrary files on the underlying operating system. | ||||
| CVE-2018-3724 | 1 General-file-server Project | 1 General-file-server | 2024-09-16 | N/A |
| general-file-server node module suffers from a Path Traversal vulnerability due to lack of validation of currpath, which allows a malicious user to read content of any file with known path. | ||||
| CVE-2017-9030 | 1 Codextrous | 1 B2j Contact | 2024-09-16 | N/A |
| The Codextrous B2J Contact (aka b2j_contact) extension before 2.1.13 for Joomla! allows a directory traversal attack that bypasses a uniqid protection mechanism, and makes it easier to read arbitrary uploaded files. | ||||
| CVE-2017-16218 | 1 Dgard8.lab6 Project | 1 Dgard8.lab6 | 2024-09-16 | N/A |
| dgard8.lab6 is a static file server. dgard8.lab6 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||||
| CVE-2013-5692 | 1 X2engine | 1 X2crm | 2024-09-16 | N/A |
| Directory traversal vulnerability in X2Engine X2CRM before 3.5 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the file parameter to index.php/admin/translationManager. | ||||
| CVE-2009-3538 | 1 Allisclear | 1 Clear Content | 2024-09-16 | N/A |
| Directory traversal vulnerability in thumb.php in Clear Content 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2020-4934 | 3 Ibm, Linux, Microsoft | 4 Aix, Content Navigator, Linux Kernel and 1 more | 2024-09-16 | 4.3 Medium |
| IBM Content Navigator 3.0.CD could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 191752. | ||||
| CVE-2018-1002201 | 1 Jrebel | 1 Zt-zip | 2024-09-16 | 5.5 Medium |
| zt-zip before 1.13 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'. | ||||
| CVE-2021-1532 | 1 Cisco | 2 Roomos, Telepresence Collaboration Endpoint | 2024-09-16 | 6.5 Medium |
| A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an authenticated, remote attacker to read arbitrary files from the underlying operating system. This vulnerability is due to insufficient path validation of command arguments. An attacker could exploit this vulnerability by sending a crafted command request to the xAPI. A successful exploit could allow the attacker to read the contents of any file that is located on the device filesystem. | ||||
| CVE-2011-5208 | 2 Backwpup, Wordpress | 2 Backwpup, Wordpress | 2024-09-16 | N/A |
| Multiple directory traversal vulnerabilities in the BackWPup plugin before 1.4.1 for WordPress allow remote attackers to read arbitrary files via a .. (dot dot) in the wpabs parameter to (1) app/options-view_log-iframe.php or (2) app/options-runnow-iframe.php. | ||||
| CVE-2021-23514 | 1 Crowcpp | 1 Crow | 2024-09-16 | 6.5 Medium |
| This affects the package Crow before 0.3+4. It is possible to traverse directories to fetch arbitrary files from the server. | ||||
| CVE-2011-4166 | 1 Hp | 1 Managed Printing Administration | 2024-09-16 | N/A |
| Directory traversal vulnerability in the MPAUploader.Uploader.1.UploadFiles method in HP Managed Printing Administration before 2.6.4 allows remote attackers to create arbitrary files via crafted form data. | ||||
| CVE-2021-33182 | 1 Synology | 1 Diskstation Manager | 2024-09-16 | 5 Medium |
| Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in PDF Viewer component in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows remote authenticated users to read limited files via unspecified vectors. | ||||
| CVE-2021-39109 | 1 Atlassian | 1 Atlasboard | 2024-09-16 | 7.5 High |
| The renderWidgetResource resource in Atlasian Atlasboard before version 1.1.9 allows remote attackers to read arbitrary files via a path traversal vulnerability. | ||||
| CVE-2017-1749 | 1 Ibm | 1 Urbancode Deploy | 2024-09-16 | N/A |
| IBM UrbanCode Deploy 6.1 through 6.9.6.0 could allow a remote attacker to traverse directories on the system. An unauthenticated attacker could alter UCD deployments. IBM X-Force ID: 135522. | ||||
| CVE-2012-6500 | 1 Pragyan Cms Project | 1 Pragyan Cms | 2024-09-16 | N/A |
| Directory traversal vulnerability in download.lib.php in Pragyan CMS 3.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the fileget parameter in a profile action to index.php. | ||||
| CVE-2019-1620 | 1 Cisco | 1 Data Center Network Manager | 2024-09-16 | 9.8 Critical |
| A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to upload arbitrary files on an affected device. The vulnerability is due to incorrect permission settings in affected DCNM software. An attacker could exploit this vulnerability by uploading specially crafted data to the affected device. A successful exploit could allow the attacker to write arbitrary files on the filesystem and execute code with root privileges on the affected device. | ||||