Total
6444 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2010-0676 | 2 Joomla, Weberr | 2 Joomla\!, Com Rwcards | 2024-09-16 | N/A |
| Directory traversal vulnerability in index.php in the RWCards (com_rwcards) component 3.0.18 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter. | ||||
| CVE-2017-16156 | 1 Myprolyz Project | 1 Myprolyz | 2024-09-16 | N/A |
| myprolyz is a static file server. myprolyz is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||||
| CVE-2019-11249 | 2 Kubernetes, Redhat | 3 Kubernetes, Openshift, Openshift Container Platform | 2024-09-16 | 6.5 Medium |
| The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in the container is malicious, it could run any code and output unexpected, malicious results. An attacker could use this to write files to any path on the user’s machine when kubectl cp is called, limited only by the system permissions of the local user. Kubernetes affected versions include versions prior to 1.13.9, versions prior to 1.14.5, versions prior to 1.15.2, and versions 1.1, 1.2, 1.4, 1.4, 1.5, 1.6, 1.7, 1.8, 1.9, 1.10, 1.11, 1.12. | ||||
| CVE-2012-4356 | 1 Sielcosistemi | 2 Winlog Lite, Winlog Pro | 2024-09-16 | N/A |
| Multiple directory traversal vulnerabilities in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 allow remote attackers to read arbitrary files via port-46824 TCP packets specifying a file-open operation with opcode 0x78 and a .. (dot dot) in a pathname, followed by a file-read operation with opcode (1) 0x96, (2) 0x97, or (3) 0x98. | ||||
| CVE-2019-9610 | 1 Ofcms Project | 1 Ofcms | 2024-09-16 | N/A |
| An issue was discovered in OFCMS before 1.1.3. It has admin/cms/template/getTemplates.html?res_path=res&up_dir=../ directory traversal, related to the getTemplates function in TemplateController.java. | ||||
| CVE-2019-4423 | 1 Ibm | 1 Sterling File Gateway | 2024-09-16 | 5.3 Medium |
| IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 162769. | ||||
| CVE-2018-1618 | 1 Ibm | 1 Security Privileged Identity Manager | 2024-09-16 | N/A |
| IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 144343. | ||||
| CVE-2018-1000208 | 1 Modx | 1 Modx Revolution | 2024-09-16 | N/A |
| MODX Revolution version <=2.6.4 contains a Directory Traversal vulnerability in /core/model/modx/modmanagerrequest.class.php that can result in remove files. This attack appear to be exploitable via web request via security/login processor. This vulnerability appears to have been fixed in pull 13980. | ||||
| CVE-2022-38421 | 1 Adobe | 1 Coldfusion | 2024-09-16 | 7.2 High |
| Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, but does require administrator privileges. | ||||
| CVE-2019-1819 | 1 Cisco | 2 Evolved Programmable Network Manager, Prime Infrastructure | 2024-09-16 | 6.5 Medium |
| A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager software could allow an authenticated, remote attacker to download and view files within the application that should be restricted. This vulnerability is due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location. A successful exploit could allow the attacker to view application files that may contain sensitive information. | ||||
| CVE-2015-7603 | 1 Konicaminolta | 1 Ftp Utility | 2024-09-16 | N/A |
| Directory traversal vulnerability in Konica Minolta FTP Utility 1.0 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in a RETR command. | ||||
| CVE-2020-6767 | 1 Bosch | 5 Divar Ip 3000, Divar Ip 7000, Divar Ip All-in-one 5000 and 2 more | 2024-09-16 | 7.7 High |
| A path traversal vulnerability in the Bosch Video Management System (BVMS) FileTransferService allows an authenticated remote attacker to read arbitrary files from the Central Server. This affects Bosch BVMS versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.329 and 7.5 and older. This affects Bosch BVMS Viewer versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.329 and 7.5 and older. This affects Bosch DIVAR IP 3000, DIVAR IP 7000 and DIVAR IP all-in-one 5000 if a vulnerable BVMS version is installed. | ||||
| CVE-2017-16083 | 1 Node-simple-router | 1 Node-simple-router | 2024-09-16 | N/A |
| node-simple-router is a minimalistic router for Node. node-simple-router is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL. | ||||
| CVE-2017-16143 | 1 Commentapp.stetsonwood Project | 1 Commentapp.stetsonwood | 2024-09-16 | N/A |
| commentapp.stetsonwood is an http server. commentapp.stetsonwood is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||||
| CVE-2017-16107 | 1 Pooledwebsocket Project | 1 Pooledwebsocket | 2024-09-16 | N/A |
| pooledwebsocket is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||||
| CVE-2009-2222 | 1 Php.s3 | 1 Php-i-board | 2024-09-16 | N/A |
| Directory traversal vulnerability in PHP-I-BOARD 1.2 and earlier allows remote attackers to read arbitrary files via directory traversal sequences in unspecified vectors, probably related to mail. | ||||
| CVE-2021-21102 | 2 Adobe, Microsoft | 2 Illustrator, Windows | 2024-09-16 | 8.8 High |
| Adobe Illustrator version 25.2 (and earlier) is affected by a Path Traversal vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2011-4036 | 1 Schneider-electric | 3 Citecthistorian, Citectscada Reports, Vijeo Historian | 2024-09-16 | N/A |
| Directory traversal vulnerability in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier allows remote attackers to read arbitrary files via unspecified vectors. | ||||
| CVE-2022-20953 | 1 Cisco | 2 Roomos, Telepresence Collaboration Endpoint | 2024-09-16 | 5.5 Medium |
| Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | ||||
| CVE-2018-18593 | 1 Hp | 1 Ucmdb Configuration Manager | 2024-09-16 | N/A |
| Remote Directory Traversal and Remote Disclosure of Privileged Information in UCMDB Configuration Management Service, version 10.22, 10.22 CUP1, 10.22 CUP2, 10.22 CUP3, 10.22 CUP4, 10.22 CUP5, 10.22 CUP6, 10.22 CUP7, 10.33, 10.33 CUP1, 10.33 CUP2, 10.33 CUP3, 2018.02, 2018.05, 2018.08, 2018.11. The vulnerabilities could allow Remote Directory Traversal and Remote Disclosure of Privileged Information | ||||