Total
6443 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2010-0801 | 2 Autartica, Joomla | 2 Com Autartitarot, Joomla\! | 2024-09-16 | N/A |
| Directory traversal vulnerability in the AutartiTarot (com_autartitarot) component 1.0.3 for Joomla! allows remote authenticated users, with "Public Back-end" group permissions, to read arbitrary files via directory traversal sequences in the controller parameter in an edit task to administrator/index.php. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2013-0150 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2024-09-16 | N/A |
| Directory traversal vulnerability in an unspecified signed Java applet in the client-side components in F5 BIG-IP APM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, FirePass 6.0.0 through 6.1.0 and 7.0.0, and other products "when APM is provisioned," allows remote attackers to upload and execute arbitrary files via a .. (dot dot) in the filename parameter. | ||||
| CVE-2013-6827 | 1 Pineapp | 1 Mail-secure | 2024-09-16 | N/A |
| Absolute path traversal vulnerability in admin/viewmsg.php in PineApp Mail-SeCure allows remote attackers to read arbitrary files via a full pathname in the msg parameter. | ||||
| CVE-2022-26049 | 1 Diffplug | 1 Goomph | 2024-09-16 | 5.3 Medium |
| This affects the package com.diffplug.gradle:goomph before 3.37.2. It allows a malicious zip file to potentially break out of the expected destination directory, writing contents into arbitrary locations on the file system. Overwriting certain files/directories could allow an attacker to achieve remote code execution on a target system by exploiting this vulnerability. **Note:** This could have allowed a malicious zip file to extract itself into an arbitrary directory. The only file that Goomph extracts is the p2 bootstrapper and eclipse metadata files hosted at eclipse.org, which are not malicious, so the only way this vulnerability could have affected you is if you had set a custom bootstrap zip, and that zip was malicious. | ||||
| CVE-2022-34373 | 1 Dell | 1 Command \| Integration Suite For System Center | 2024-09-16 | 7.3 High |
| Dell Command | Integration Suite for System Center, versions prior to 6.2.0, contains arbitrary file write vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability in order to perform an arbitrary write as system. | ||||
| CVE-2018-1847 | 1 Ibm | 1 Financial Transaction Manager For Multiplatform | 2024-09-16 | 6.5 Medium |
| IBM Financial Transaction Manager (FTM) for Multi-Platform (MP) v2.0.0.0 through 2.0.0.5, v2.1.0.0 through 2.1.0.4, v2.1.1.0 through 2.1.1.4, and v3.0.0.0 through 3.0.0.8 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 150946. | ||||
| CVE-2011-4810 | 1 Whmcs | 1 Whmcompletesolution | 2024-09-16 | N/A |
| Multiple directory traversal vulnerabilities in WHMCompleteSolution (WHMCS) 3.x and 4.x allow remote attackers to read arbitrary files via the templatefile parameter to (1) submitticket.php and (2) downloads.php, and (3) the report parameter to admin/reports.php. | ||||
| CVE-2010-1082 | 1 Openinferno | 1 Oi.blogs | 2024-09-16 | N/A |
| Multiple directory traversal vulnerabilities in OI.Blogs 1.0.0, when magic_quotes_gpc is disabled, allow remote attackers to read arbitrary files via directory traversal sequences in the (1) theme parameter to loadStyles.php and the (2) scripts parameter to javascript/loadScripts.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2017-16141 | 1 Lab6drewfusbyu Project | 1 Lab6drewfusbyu | 2024-09-16 | N/A |
| lab6drewfusbyu is an http server. lab6drewfusbyu is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||||
| CVE-2020-7686 | 1 Rollup-plugin-dev-server Project | 1 Rollup-plugin-dev-server | 2024-09-16 | 7.5 High |
| This affects all versions of package rollup-plugin-dev-server. There is no path sanitization in readFile operation inside the readFileFromContentBase function. | ||||
| CVE-2018-1002205 | 1 Dotnetzip.semverd Project | 1 Dotnetzip.semverd | 2024-09-16 | N/A |
| DotNetZip.Semvered before 1.11.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'. | ||||
| CVE-2018-18890 | 1 1234n | 1 Minicms | 2024-09-16 | N/A |
| MiniCMS 1.10 allows full path disclosure via /mc-admin/post.php?state=delete&delete= with an invalid filename. | ||||
| CVE-2020-3247 | 1 Cisco | 2 Ucs Director, Ucs Director Express For Big Data | 2024-09-16 | 9.8 Critical |
| Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | ||||
| CVE-2019-4252 | 1 Ibm | 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more | 2024-09-16 | 7.5 High |
| IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 159883. | ||||
| CVE-2020-8567 | 3 Google, Hashicorp, Microsoft | 3 Secret Manager Provider For Secret Store Csi Driver, Vault Provider For Secrets Store Csi Driver, Azure Key Vault Provider For Secrets Store Csi Driver | 2024-09-16 | 4.9 Medium |
| Kubernetes Secrets Store CSI Driver Vault Plugin prior to v0.0.6, Azure Plugin prior to v0.0.10, and GCP Plugin prior to v0.2.0 allow an attacker who can create specially-crafted SecretProviderClass objects to write to arbitrary file paths on the host filesystem, including /var/lib/kubelet/pods. | ||||
| CVE-2022-26068 | 1 Pistache Project | 1 Pistache | 2024-09-16 | 6.5 Medium |
| This affects the package pistacheio/pistache before 0.0.3.20220425. It is possible to traverse directories to fetch arbitrary files from the server. | ||||
| CVE-2009-4383 | 1 Rocomotion | 1 P Forum | 2024-09-16 | N/A |
| Directory traversal vulnerability in Pforum.php in Rocomotion P forum before 1.28 allows remote attackers to read arbitrary files via directory traversal sequences in unspecified vectors. | ||||
| CVE-2022-20790 | 1 Cisco | 1 Unified Communications Manager | 2024-09-16 | 6.5 Medium |
| A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to read arbitrary files from the underlying operating system. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to access sensitive files on the underlying operating system. | ||||
| CVE-2017-16124 | 1 Node-server-forfront Project | 1 Node-server-forfront | 2024-09-16 | N/A |
| node-server-forfront is a simple static file server. node-server-forfront is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||||
| CVE-2010-0676 | 2 Joomla, Weberr | 2 Joomla\!, Com Rwcards | 2024-09-16 | N/A |
| Directory traversal vulnerability in index.php in the RWCards (com_rwcards) component 3.0.18 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter. | ||||