Total
6435 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2010-4715 | 1 Novell | 1 Groupwise | 2024-09-17 | N/A |
| Multiple directory traversal vulnerabilities in the (1) WebAccess Agent and (2) Document Viewer Agent components in Novell GroupWise before 8.02HP allow remote attackers to read arbitrary files via unspecified vectors. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2013-1645 | 1 Open-xchange | 1 Open-xchange Server | 2024-09-17 | N/A |
| Directory traversal vulnerability in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the publication template path. | ||||
| CVE-2019-1818 | 1 Cisco | 2 Evolved Programmable Network Manager, Prime Infrastructure | 2024-09-17 | 6.5 Medium |
| A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager software could allow an authenticated, remote attacker to download and view files within the application that should be restricted. This vulnerability is due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location. A successful exploit could allow the attacker to view application files that may contain sensitive information. | ||||
| CVE-2019-4178 | 1 Ibm | 1 Cognos Analytics | 2024-09-17 | N/A |
| IBM Cognos Analytics 11 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to write or view arbitrary files on the system. IBM X-Force ID: 158919. | ||||
| CVE-2020-8568 | 1 Kubernetes | 1 Secrets Store Csi Driver | 2024-09-17 | 5.8 Medium |
| Kubernetes Secrets Store CSI Driver versions v0.0.15 and v0.0.16 allow an attacker who can modify a SecretProviderClassPodStatus/Status resource the ability to write content to the host filesystem and sync file contents to Kubernetes Secrets. This includes paths under var/lib/kubelet/pods that contain other Kubernetes Secrets. | ||||
| CVE-2017-9965 | 1 Schneider-electric | 1 Pelco Videoxpert | 2024-09-17 | N/A |
| An exposure of sensitive information vulnerability exists in Schneider Electric's Pelco VideoXpert Enterprise versions 2.0 and prior. Using a directory traversal attack, an unauthorized person can view web server files. | ||||
| CVE-2014-4941 | 1 Cross-rss Plugin Project | 1 Wp-cross-rss | 2024-09-17 | N/A |
| Absolute path traversal vulnerability in Cross-RSS (wp-cross-rss) plugin 1.7 for WordPress allows remote attackers to read arbitrary files via a full pathname in the rss parameter to proxy.php. | ||||
| CVE-2003-1335 | 1 Kai Blankenhorn Bitfolge | 1 Simple And Nice Index File | 2024-09-17 | N/A |
| Directory traversal vulnerability in Kai Blankenhorn Bitfolge simple and nice index file (aka snif) before 1.2.5 allows remote attackers to download files from locations above the snif directory. | ||||
| CVE-2018-19181 | 1 Yunucms | 1 Yunucms | 2024-09-17 | N/A |
| statics/ueditor/php/vendor/Local.class.php in YUNUCMS 1.1.5 allows arbitrary file deletion via the statics/ueditor/php/controller.php?action=remove key parameter, as demonstrated by using directory traversal to delete the install.lock file. | ||||
| CVE-2017-2693 | 1 Huawei | 16 G8, G8 Firmware, Honor 6 and 13 more | 2024-09-17 | N/A |
| ALE-L02C635B140 and earlier versions,ALE-L02C636B140 and earlier versions,ALE-L21C10B150 and earlier versions,ALE-L21C185B200 and earlier versions,ALE-L21C432B214 and earlier versions,ALE-L21C464B150 and earlier versions,ALE-L21C636B200 and earlier versions,ALE-L23C605B190 and earlier versions,ALE-TL00C01B250 and earlier versions,ALE-UL00C00B250 and earlier versions,MT7-L09C605B325 and earlier versions,MT7-L09C900B339 and earlier versions,MT7-TL10C900B339 and earlier versions,CRR-CL00C92B172 and earlier versions,CRR-L09C432B180 and earlier versions,CRR-TL00C01B172 and earlier versions,CRR-UL00C00B172 and earlier versions,CRR-UL20C432B171 and earlier versions,GRA-CL00C92B230 and earlier versions,GRA-L09C432B222 and earlier versions,GRA-TL00C01B230SP01 and earlier versions,GRA-UL00C00B230 and earlier versions,GRA-UL00C10B201 and earlier versions,GRA-UL00C432B220 and earlier versions,H60-L04C10B523 and earlier versions,H60-L04C185B523 and earlier versions,H60-L04C636B527 and earlier versions,H60-L04C900B530 and earlier versions,PLK-AL10C00B220 and earlier versions,PLK-AL10C92B220 and earlier versions,PLK-CL00C92B220 and earlier versions,PLK-L01C10B140 and earlier versions,PLK-L01C185B130 and earlier versions,PLK-L01C432B187 and earlier versions,PLK-L01C432B190 and earlier versions,PLK-L01C432B190 and earlier versions,PLK-L01C636B130 and earlier versions,PLK-TL00C01B220 and earlier versions,PLK-TL01HC01B220 and earlier versions,PLK-UL00C17B220 and earlier versions,ATH-AL00C00B210 and earlier versions,ATH-AL00C92B200 and earlier versions,ATH-CL00C92B210 and earlier versions,ATH-TL00C01B210 and earlier versions,ATH-TL00HC01B210 and earlier versions,ATH-UL00C00B210 and earlier versions,RIO-AL00C00B220 and earlier versions,RIO-CL00C92B220 and earlier versions,RIO-TL00C01B220 and earlier versions,RIO-UL00C00B220 and earlier versions have a path traversal vulnerability. An attacker may exploit it to decompress malicious files into a target path. | ||||
| CVE-2009-3912 | 1 Tftgallery | 1 Tftgallery | 2024-09-17 | N/A |
| Directory traversal vulnerability in index.php in TFTgallery 0.13 allows remote attackers to read arbitrary files via a ..%2F (encoded dot dot slash) in the album parameter. | ||||
| CVE-2017-16096 | 1 Serveryaozeyan Project | 1 Serveryaozeyan | 2024-09-17 | N/A |
| serveryaozeyan is a simple HTTP server. serveryaozeyan is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL. | ||||
| CVE-2013-1156 | 1 Cisco | 1 Prime Central For Hosted Collaboration Solution | 2024-09-17 | N/A |
| Directory traversal vulnerability in Cisco Prime Central for Hosted Collaboration Solution allows remote attackers to read arbitrary files via a crafted URL, aka Bug ID CSCud51034. | ||||
| CVE-2017-16093 | 1 Cyber-js Project | 1 Cyber-js | 2024-09-17 | N/A |
| cyber-js is a simple http server. A cyberjs server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||||
| CVE-2014-4306 | 1 Webtitan | 1 Webtitan | 2024-09-17 | N/A |
| Directory traversal vulnerability in logs-x.php in WebTitan before 4.04 allows remote attackers to read arbitrary files via a .. (dot dot) in the logfile parameter in a download action. | ||||
| CVE-2022-31475 | 1 Givewp | 1 Givewp | 2024-09-17 | 5.5 Medium |
| Authenticated (custom plugin role) Arbitrary File Read via Export function vulnerability in GiveWP's GiveWP plugin <= 2.20.2 at WordPress. | ||||
| CVE-2021-3907 | 2 Cloudflare, Debian | 2 Octorpki, Debian Linux | 2024-09-17 | 7.4 High |
| OctoRPKI does not escape a URI with a filename containing "..", this allows a repository to create a file, (ex. rsync://example.org/repo/../../etc/cron.daily/evil.roa), which would then be written to disk outside the base cache folder. This could allow for remote code execution on the host machine OctoRPKI is running on. | ||||
| CVE-2020-12499 | 1 Phoenixcontact | 1 Plcnext Engineer | 2024-09-17 | 8.2 High |
| In PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and earlier an improper path sanitation vulnerability exists on import of project files. | ||||
| CVE-2018-12036 | 1 Owasp | 1 Dependency-check | 2024-09-17 | N/A |
| OWASP Dependency-Check before 3.2.0 allows attackers to write to arbitrary files via a crafted archive that holds directory traversal filenames. | ||||
| CVE-2019-9611 | 1 Ofcms Project | 1 Ofcms | 2024-09-17 | N/A |
| An issue was discovered in OFCMS before 1.1.3. It allows admin/cms/template/getTemplates.html?res_path=res directory traversal, with ../ in the dir parameter, to write arbitrary content (in the file_content parameter) into an arbitrary file (specified by the file_name parameter). This is related to the save function in TemplateController.java. | ||||