Total
6446 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-16168 | 1 Wffserve Project | 1 Wffserve | 2024-09-16 | N/A |
| wffserve is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||||
| CVE-2018-3727 | 1 626 Project | 1 626 | 2024-09-16 | 7.5 High |
| 626 node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path. | ||||
| CVE-2010-4730 | 1 Intellicom | 7 Netbiter Easyconnect Ec150, Netbiter Modbus Rtu-tcp Gateway Mb100, Netbiter Nb100 and 4 more | 2024-09-16 | N/A |
| Directory traversal vulnerability in cgi-bin/read.cgi in WebSCADA WS100 and WS200, Easy Connect EC150, Modbus RTU - TCP Gateway MB100, and Serial Ethernet Server SS100 on the IntelliCom NetBiter NB100 and NB200 platforms allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the page parameter, a different vulnerability than CVE-2009-4463. | ||||
| CVE-2017-7565 | 1 Splunk | 1 Hadoop Connect | 2024-09-16 | N/A |
| Splunk Hadoop Connect App has a path traversal vulnerability that allows remote authenticated users to execute arbitrary code, aka ERP-2041. | ||||
| CVE-2017-16216 | 1 Tencent-server Project | 1 Tencent-server | 2024-09-16 | N/A |
| tencent-server is a simple web server. tencent-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||||
| CVE-2015-1577 | 1 Yuba | 1 U5cms | 2024-09-16 | N/A |
| Directory traversal vulnerability in u5admin/deletefile.php in u5CMS before 3.9.4 allows remote attackers to write to arbitrary files via a (1) .. (dot dot) or (2) full pathname in the f parameter. | ||||
| CVE-2017-16147 | 1 Shit-server Project | 1 Shit-server | 2024-09-16 | N/A |
| shit-server is a file server. shit-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||||
| CVE-2020-14490 | 1 Openclinic Ga Project | 1 Openclinic Ga | 2024-09-16 | 8.8 High |
| OpenClinic GA 5.09.02 and 5.89.05b includes arbitrary local files specified within its parameter and executes some files, which may allow disclosure of sensitive files or the execution of malicious uploaded files. | ||||
| CVE-2022-27618 | 1 Synology | 2 Diskstation Manager, Storage Analyzer | 2024-09-16 | 6.8 Medium |
| Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Storage Analyzer before 2.1.0-0390 allows remote authenticated users to delete arbitrary files via unspecified vectors. | ||||
| CVE-2017-11512 | 1 Manageengine | 1 Servicedesk | 2024-09-16 | N/A |
| The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the name parameter for the download-snapshot URL. An unauthenticated remote attacker can use this vulnerability to download arbitrary files. | ||||
| CVE-2017-16089 | 1 Serverlyr Project | 1 Serverlyr | 2024-09-16 | N/A |
| serverlyr is a simple http server. serverlyr is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL. | ||||
| CVE-2017-16182 | 1 Serverxxx Project | 1 Serverxxx | 2024-09-16 | N/A |
| serverxxx is a static file server. serverxxx is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||||
| CVE-2021-28209 | 1 Asus | 88 Asmb9-ikvm, Asmb9-ikvm Firmware, E700 G4 and 85 more | 2024-09-16 | 4.9 Medium |
| The specific function in ASUS BMC’s firmware Web management page (Delete video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files. | ||||
| CVE-2022-27611 | 1 Synology | 1 Audio Station | 2024-09-16 | 5.4 Medium |
| Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Audio Station before 6.5.4-3367 allows remote authenticated users to delete arbitrary files via unspecified vectors. | ||||
| CVE-2014-9461 | 1 Reality66 | 1 Cart66 Lite | 2024-09-16 | N/A |
| Directory traversal vulnerability in models/Cart66.php in the Cart66 Lite plugin before 1.5.4 for WordPress allows remote authenticated users to read arbitrary files via a .. (dot dot) in the member_download action to wp-admin/admin-ajax.php. | ||||
| CVE-2017-15532 | 1 Symantec | 1 Messaging Gateway | 2024-09-16 | N/A |
| Prior to 10.6.4, Symantec Messaging Gateway may be susceptible to a path traversal attack (also known as directory traversal). These types of attacks aim to access files and directories that are stored outside the web root folder. By manipulating variables, it may be possible to access arbitrary files and directories stored on the file system including application source code or configuration and critical system files. | ||||
| CVE-2013-5554 | 1 Cisco | 1 Wide Area Application Services Mobile | 2024-09-16 | N/A |
| Directory traversal vulnerability in the web-management interface in the server in Cisco Wide Area Application Services (WAAS) Mobile before 3.5.5 allows remote attackers to upload and execute arbitrary files via a crafted POST request, aka Bug ID CSCuh69773. | ||||
| CVE-2010-3306 | 1 Salvo G. Tomaselli | 1 Weborf | 2024-09-16 | N/A |
| Directory traversal vulnerability in the modURL function in instance.c in Weborf before 0.12.3 allows remote attackers to read arbitrary files via ..%2f sequences in a URI. | ||||
| CVE-2019-9886 | 1 Eclass | 1 Eclass Ip | 2024-09-16 | 7.5 High |
| Any URLs with download_attachment.php under templates or home folders can allow arbitrary files downloaded without login in BroadLearning eClass before version ip.2.5.10.2.1. | ||||
| CVE-2022-29094 | 1 Dell | 2 Supportassist For Business Pcs, Supportassist For Home Pcs | 2024-09-16 | 7.1 High |
| Dell SupportAssist Client Consumer versions (3.10.4 and versions prior) and Dell SupportAssist Client Commercial versions (3.1.1 and versions prior) contain an arbitrary file deletion/overwrite vulnerability. Authenticated non-admin user could exploit the issue and delete or overwrite arbitrary files on the system. | ||||