Total
6432 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2012-1671 | 1 Nicolas Tormo | 1 Phppaleo | 2024-09-17 | N/A |
Directory traversal vulnerability in index.php in phpPaleo 4.8b155 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter. | ||||
CVE-2002-2229 | 1 Sapio Design Ltd | 1 Webreflex | 2024-09-17 | N/A |
Directory traversal vulnerability in Sapio Design Ltd. WebReflex 1.53 allows remote attackers to read arbitrary files via a .. in an HTTP request. | ||||
CVE-2021-28172 | 1 Deltaflow Project | 1 Deltaflow | 2024-09-17 | 7.5 High |
There is a Path Traversal vulnerability in the file download function of Vangene deltaFlow E-platform. Remote attackers can access credential data with this leakage. | ||||
CVE-2008-3939 | 1 Avtech | 1 Pager Enterprise | 2024-09-17 | N/A |
Directory traversal vulnerability in the web interface in AVTECH PageR Enterprise before 5.0.7 allows remote attackers to read arbitrary files via directory traversal sequences in the URI. | ||||
CVE-2012-4958 | 1 Novell | 1 File Reporter | 2024-09-17 | N/A |
Directory traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to read arbitrary files via a 126 /FSF/CMD request with a .. (dot dot) in a FILE element of an FSFUI record. | ||||
CVE-2013-3654 | 1 Lockon | 1 Ec-cube | 2024-09-17 | N/A |
Directory traversal vulnerability in LOCKON EC-CUBE 2.12.0 through 2.12.4 allows remote attackers to read arbitrary image files via vectors related to data/class/SC_CheckError.php and data/class/SC_FormParam.php, a different vulnerability than CVE-2013-3650. | ||||
CVE-2022-20718 | 1 Cisco | 1 Ios Xe | 2024-09-17 | 5.5 Medium |
Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory. | ||||
CVE-2021-41294 | 1 Ecoa | 5 Ecs Router Controller-ecs, Ecs Router Controller-ecs Firmware, Riskbuster and 2 more | 2024-09-17 | 9.1 Critical |
ECOA BAS controller suffers from a path traversal vulnerability, causing arbitrary files deletion. Using the specific GET parameter, unauthenticated attackers can remotely delete arbitrary files on the affected device and cause denial of service scenario. | ||||
CVE-2022-2139 | 1 Advantech | 1 Iview | 2024-09-17 | 6.5 Medium |
The affected product is vulnerable to directory traversal, which may allow an attacker to access unauthorized files and execute arbitrary code. | ||||
CVE-2018-3713 | 1 Angular-http-server Project | 1 Angular-http-server | 2024-09-17 | 6.5 Medium |
angular-http-server node module suffers from a Path Traversal vulnerability due to lack of validation of possibleFilename, which allows a malicious user to read content of any file with known path. | ||||
CVE-2017-12586 | 1 Slims | 1 Akasia | 2024-09-17 | N/A |
SLiMS 8 Akasia through 8.3.1 has an arbitrary file reading issue because of directory traversal in the url parameter to admin/help.php. It can be exploited by remote authenticated librarian users. | ||||
CVE-2009-3792 | 1 Adobe | 1 Flash Media Server | 2024-09-17 | N/A |
Directory traversal vulnerability in Adobe Flash Media Server (FMS) before 3.5.3 allows attackers to load arbitrary DLL files via unspecified vectors. | ||||
CVE-2014-3975 | 1 Auracms | 1 Auracms | 2024-09-17 | N/A |
Absolute path traversal vulnerability in filemanager.php in AuraCMS 3.0 allows remote attackers to list a directory via a full pathname in the viewdir parameter. | ||||
CVE-2012-1467 | 1 Pkp | 1 Open Journal Systems | 2024-09-17 | N/A |
Multiple directory traversal vulnerabilities in the iBrowser plugin library, as used in Open Journal Systems before 2.3.7, allow remote authenticated users to (1) delete or (2) rename arbitrary files via a .. (dot dot) in the param parameter to lib/pkp/lib/tinymce/jscripts/tiny_mce/plugins/ibrowser/scripts/rfiles.php. | ||||
CVE-2017-14514 | 1 Tenda | 2 W15e, W15e Firmware | 2024-09-17 | N/A |
Directory Traversal on Tenda W15E devices before 15.11.0.14 allows remote attackers to read unencrypted files via a crafted URL. | ||||
CVE-2017-7675 | 1 Apache | 1 Tomcat | 2024-09-17 | N/A |
The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M21 and 8.5.0 to 8.5.15 bypassed a number of security checks that prevented directory traversal attacks. It was therefore possible to bypass security constraints using a specially crafted URL. | ||||
CVE-2014-5187 | 1 Tom M8te Plugin Project | 1 Tom-m8te Plugin | 2024-09-17 | N/A |
Directory traversal vulnerability in the Tom M8te (tom-m8te) plugin 1.5.3 for WordPress allows remote attackers to read arbitrary files via the file parameter to tom-download-file.php. | ||||
CVE-2017-16181 | 1 Wintiwebdev Project | 1 Wintiwebdev | 2024-09-17 | N/A |
wintiwebdev is a static file server. wintiwebdev is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||||
CVE-2012-3380 | 1 Wargio | 1 Naxsi | 2024-09-17 | N/A |
Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Naxsi module before 0.46-1 for Nginx allows local users to read arbitrary files via unspecified vectors. | ||||
CVE-2017-16222 | 1 Elding Project | 1 Elding | 2024-09-17 | N/A |
elding is a simple web server. elding is vulnerable to a directory traversal issue, allowing an attacker to access the filesystem by placing "../" in the url. The files accessible, however, are limited to files with a file extension. Sending a GET request to /../../../etc/passwd, for example, will return a 404 on etc/passwd/index.js. |