Total
6432 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-4957 | 1 Novell | 1 File Reporter | 2024-09-17 | N/A |
| Absolute path traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to read arbitrary files via a /FSF/CMD request with a full pathname in a PATH element of an SRS record. | ||||
| CVE-2022-25856 | 1 Argo Events Project | 1 Argo Events | 2024-09-17 | 7.5 High |
| The package github.com/argoproj/argo-events/sensors/artifacts before 1.7.1 are vulnerable to Directory Traversal in the (g *GitArtifactReader).Read() API in git.go. This could allow arbitrary file reads if the GitArtifactReader is provided a pathname containing a symbolic link or an implicit directory name such as ... | ||||
| CVE-2010-2112 | 1 Intervations | 1 Filecopa | 2024-09-17 | N/A |
| Directory traversal vulnerability in the FTP service in FileCOPA before 5.03 allows remote attackers to read or overwrite arbitrary files via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2010-2096 | 1 Cmsqlite | 1 Cmsqlite | 2024-09-17 | N/A |
| Directory traversal vulnerability in index.php in CMSQlite 1.2 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the mod parameter. | ||||
| CVE-2020-3248 | 1 Cisco | 2 Ucs Director, Ucs Director Express For Big Data | 2024-09-17 | 9.8 Critical |
| Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | ||||
| CVE-2022-29093 | 1 Dell | 2 Supportassist For Business Pcs, Supportassist For Home Pcs | 2024-09-17 | 7.1 High |
| Dell SupportAssist Client Consumer versions (3.10.4 and versions prior) and Dell SupportAssist Client Commercial versions (3.1.1 and versions prior) contain an arbitrary file deletion vulnerability. Authenticated non-admin user could exploit the issue and delete arbitrary files on the system. | ||||
| CVE-2017-6020 | 1 Lcds | 1 Laquis Scada | 2024-09-17 | N/A |
| Leao Consultoria e Desenvolvimento de Sistemas (LCDS) LTDA ME LAquis SCADA software versions prior to version 4.1.0.3237 do not neutralize external input to ensure that users are not calling for absolute path sequences outside of their privilege level. | ||||
| CVE-2022-40742 | 1 Softnext | 1 Mail Sqr Expert | 2024-09-17 | 6.5 Medium |
| Mail SQR Expert system has a Local File Inclusion vulnerability. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary PHP file with .asp file extension under specific system paths, to access and modify partial system information but does not affect service availability. | ||||
| CVE-2017-16185 | 1 Uekw1511server Project | 1 Uekw1511server | 2024-09-17 | N/A |
| uekw1511server is a static file server. uekw1511server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||||
| CVE-2020-7684 | 1 Rollup-plugin-serve Project | 1 Rollup-plugin-serve | 2024-09-17 | 7.5 High |
| This affects all versions of package rollup-plugin-serve. There is no path sanitization in readFile operation. | ||||
| CVE-2013-4097 | 1 Ds3 | 1 Authentication Server | 2024-09-17 | N/A |
| ServerAdmin/TestDRConnection.jsp in DS3 Authentication Server allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in a -REG-E-OPEN error message. | ||||
| CVE-2018-3715 | 1 Glance Project | 1 Glance | 2024-09-17 | 6.5 Medium |
| glance node module before 3.0.4 suffers from a Path Traversal vulnerability due to lack of validation of path passed to it, which allows a malicious user to read content of any file with known path. | ||||
| CVE-2011-3500 | 1 Cogentdatahub | 1 Cogent Datahub | 2024-09-17 | N/A |
| Directory traversal vulnerability in the web server in Cogent DataHub 7.1.1.63 and earlier allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in an HTTP request. | ||||
| CVE-2017-18038 | 1 Atlassian | 1 Bitbucket | 2024-09-17 | N/A |
| The repository settings resource in Atlassian Bitbucket Server before version 5.6.0 allows remote attackers to read the first line of arbitrary files via a path traversal vulnerability through the default branch name. | ||||
| CVE-2013-1167 | 1 Cisco | 9 Asr 1001, Asr 1002, Asr 1002-x and 6 more | 2024-09-17 | N/A |
| Cisco IOS XE 3.2 through 3.4 before 3.4.2S, and 3.5, on 1000 series Aggregation Services Routers (ASR), when bridge domain interface (BDI) is enabled, allows remote attackers to cause a denial of service (card reload) via packets that are not properly handled during the processing of encapsulation, aka Bug ID CSCtt11558. | ||||
| CVE-2021-39316 | 1 Digitalzoomstudio | 1 Zoomsounds | 2024-09-17 | 7.5 High |
| The Zoomsounds plugin <= 6.45 for WordPress allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the `dzsap_download` action using directory traversal in the `link` parameter. | ||||
| CVE-2022-23971 | 1 Asus | 2 Rt-ax56u, Rt-ax56u Firmware | 2024-09-17 | 8.1 High |
| ASUS RT-AX56U’s update_PLC/PORT file has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. An unauthenticated LAN attacker can overwrite a system file by uploading another PLC/PORT file with the same file name, which results in service disruption. | ||||
| CVE-2017-16150 | 1 Wanggoujing123 Project | 1 Wanggoujing123 | 2024-09-17 | N/A |
| wanggoujing123 is a simple webserver. wanggoujing123 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||||
| CVE-2014-3626 | 1 Grails | 1 Resources | 2024-09-17 | N/A |
| The Grails Resource Plugin often has to exchange URIs for resources with other internal components. Those other components will decode any URI passed to them. To protect against directory traversal the Grails Resource Plugin did the following: normalized the URI, checked the normalized URI did not step outside the appropriate root directory (e.g. the web application root), decoded the URI and checked that this did not introduce additional /../ (and similar) sequences. A bug was introduced where the Grails Resource Plugin before 1.2.13 returned the decoded version of the URI rather than the normalized version of the URI after the directory traversal check. This exposed a double decoding vulnerability. To address this issue, the Grails Resource Plugin now repeatedly decodes the URI up to three times or until decoding no longer changes the URI. If the decode limit of 3 is exceeded the URI is rejected. A side-effect of this is that the Grails Resource Plugin is unable to serve a resource that includes a '%' character in the full path to the resource. Not all environments are vulnerable because of the differences in URL resolving in different servlet containers. Applications deployed to Tomcat 8 and Jetty 9 were found not not be vulnerable, however applications deployed to JBoss EAP 6.3 / JBoss AS 7.4 and JBoss AS 7.1 were found to be vulnerable (other JBoss versions weren't tested). In certain cases JBoss returns JBoss specific vfs protocol urls from URL resolution methods (ClassLoader.getResources). The JBoss vfs URL protocol supports resolving any file on the filesystem. This made the directory traversal possible. There may be other containers, in addition to JBoss, on which this vulnerability is exposed. | ||||
| CVE-2010-2502 | 1 Splunk | 1 Splunk | 2024-09-17 | N/A |
| Multiple directory traversal vulnerabilities in Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allow (1) remote attackers to read arbitrary files, aka SPL-31194; (2) remote authenticated users to modify arbitrary files, aka SPL-31063; or (3) have an unknown impact via redirects, aka SPL-31067. | ||||