Total
6445 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2021-35962 | 1 Secom | 2 Door Access Control, Personnel Attendance System | 2024-09-16 | 7.5 High |
Specific page parameters in Dr. ID Door Access Control and Personnel Attendance Management system does not filter special characters. Remote attackers can apply Path Traversal means to download credential files from the system without permission. | ||||
CVE-2015-2243 | 1 Webshophun | 1 Webshop Hun | 2024-09-16 | N/A |
Directory traversal vulnerability in Webshop hun 1.062S allows remote attackers to have unspecified impact via directory traversal sequences in the mappa parameter to index.php. | ||||
CVE-2017-16188 | 1 Reecerver Project | 1 Reecerver | 2024-09-16 | N/A |
reecerver is a web server. reecerver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||||
CVE-2021-28584 | 1 Magento | 1 Magento | 2024-09-16 | 5.4 Medium |
Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are affected by a Path Traversal vulnerability when creating a store with child theme.Successful exploitation could lead to arbitrary file system write by an authenticated attacker. Access to the admin console is required for successful exploitation. | ||||
CVE-2019-4582 | 1 Ibm | 1 Maximo Asset Management | 2024-09-16 | 4.3 Medium |
IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 167288. | ||||
CVE-2021-1617 | 1 Cisco | 1 Intersight Virtual Appliance | 2024-09-16 | 6.5 Medium |
Multiple vulnerabilities in the web-based management interface of Cisco Intersight Virtual Appliance could allow an authenticated, remote attacker to conduct a path traversal or command injection attack on an affected system. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by using the web-based management interface to do one or both of the following: Execute a command using crafted input Upload a file that has been altered using path traversal techniques A successful exploit could allow the attacker to read and write arbitrary files or execute arbitrary commands as root on an affected system. For more information about these vulnerabilities, see the Details section of this advisory. | ||||
CVE-2022-25249 | 1 Ptc | 2 Axeda Agent, Axeda Desktop Server | 2024-09-16 | 7.5 High |
When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) (disregarding Axeda agent v6.9.2 and v6.9.3) is vulnerable to directory traversal, which could allow a remote unauthenticated attacker to obtain file system read access via web server.. | ||||
CVE-2018-1204 | 1 Dell | 1 Emc Isilon Onefs | 2024-09-16 | N/A |
Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a path traversal vulnerability in the isi_phone_home tool. A malicious compadmin may potentially exploit this vulnerability to execute arbitrary code with root privileges. | ||||
CVE-2017-15895 | 1 Synology | 1 Router Manager | 2024-09-16 | N/A |
Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology Router Manager (SRM) before 1.1.5-6542-4 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter. | ||||
CVE-2021-34701 | 1 Cisco | 3 Unified Communications Manager, Unified Communications Manager Im And Presence Service, Unity Connection | 2024-09-16 | 4.3 Medium |
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), and Cisco Unity Connection could allow an authenticated, remote attacker to access sensitive data on an affected device. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to access sensitive files on the affected system. | ||||
CVE-2020-29494 | 1 Dell | 2 Emc Avamar Server, Emc Integrated Data Protection Appliance | 2024-09-16 | 8.7 High |
Dell EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a Path Traversal Vulnerability in PDM. A remote user could potentially exploit this vulnerability, to gain unauthorized write access to the arbitrary files stored on the server filesystem, causing deletion of arbitrary files. | ||||
CVE-2020-7681 | 1 Indo-mars | 1 Marscode | 2024-09-16 | 7.5 High |
This affects all versions of package marscode. There is no path sanitization in the path provided at fs.readFile in index.js. | ||||
CVE-2013-0332 | 1 Zoneminder | 1 Zoneminder | 2024-09-16 | N/A |
Multiple directory traversal vulnerabilities in ZoneMinder 1.24.x before 1.24.4 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) view, (2) request, or (3) action parameter. | ||||
CVE-2021-32507 | 1 Qsan | 1 Storage Manager | 2024-09-16 | 6.5 Medium |
Absolute Path Traversal vulnerability in FileDownload in QSAN Storage Manager allows remote authenticated attackers download arbitrary files via the Url path parameter. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3. | ||||
CVE-2017-16171 | 1 Hcbserver Project | 1 Hcbserver | 2024-09-16 | N/A |
hcbserver is a static file server. hcbserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||||
CVE-2018-1000857 | 1 Open-systems | 1 Log-user-session | 2024-09-16 | 8.8 High |
log-user-session version 0.7 and earlier contains a Directory Traversal vulnerability in Main SUID-binary /usr/local/bin/log-user-session that can result in User to root privilege escalation. This attack appear to be exploitable via Malicious unprivileged user executes the vulnerable binary/(remote) environment variable manipulation similar shell-shock also possible. | ||||
CVE-2018-1770 | 1 Ibm | 1 Websphere Application Server | 2024-09-16 | N/A |
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 148686. | ||||
CVE-2020-7669 | 1 U-root | 1 U-root | 2024-09-16 | 7.5 High |
This affects all versions of package github.com/u-root/u-root/pkg/tarutil. It is vulnerable to both leading and non-leading relative path traversal attacks in tar file extraction. | ||||
CVE-2021-23415 | 1 Elfinder.aspnet Project | 1 Elfinder.aspnet | 2024-09-16 | 7.5 High |
This affects the package elFinder.AspNet before 1.1.1. The user-controlled file name is not properly sanitized before it is used to create a file system path. | ||||
CVE-2017-12938 | 1 Rarlab | 1 Unrar | 2024-09-16 | N/A |
UnRAR before 5.5.7 allows remote attackers to bypass a directory-traversal protection mechanism via vectors involving a symlink to the . directory, a symlink to the .. directory, and a regular file. |