Total
5865 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-3725 | 1 Hekto Project | 1 Hekto | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
hekto node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path. | |||||
CVE-2018-7771 | 1 Schneider-electric | 1 U.motion Builder | 2023-12-10 | 6.0 MEDIUM | 8.0 HIGH |
The vulnerability exists within processing of editscript.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. A directory traversal vulnerability allows a caller with standard user privileges to write arbitrary php files anywhere in the web service directory tree. | |||||
CVE-2018-12036 | 1 Owasp | 1 Dependency-check | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
OWASP Dependency-Check before 3.2.0 allows attackers to write to arbitrary files via a crafted archive that holds directory traversal filenames. | |||||
CVE-2018-9921 | 1 Cmsmadesimple | 1 Cms Made Simple | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
In CMS Made Simple 2.2.7, a Directory Traversal issue makes it possible to determine the existence of files and directories outside the web-site installation directory, and determine whether a file has contents matching a specified checksum. The attack uses an admin/checksum.php?__c= request. | |||||
CVE-2018-1000161 | 1 Nmap | 1 Nmap | 2023-12-10 | 3.5 LOW | 5.7 MEDIUM |
nmap version 6.49BETA6 through 7.60, up to and including SVN revision 37147 contains a Directory Traversal vulnerability in NSE script http-fetch that can result in file overwrite as the user is running it. This attack appears to be exploitable via a victim that runs NSE script http-fetch against a malicious web site. This vulnerability appears to have been fixed in 7.7. | |||||
CVE-2017-16182 | 1 Serverxxx Project | 1 Serverxxx | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
serverxxx is a static file server. serverxxx is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
CVE-2017-16194 | 1 Picard Project | 1 Picard | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
picard is a micro framework. picard is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
CVE-2017-16122 | 1 Cuciuci Project | 1 Cuciuci | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
cuciuci is a simple fileserver. cuciuci is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
CVE-2017-16090 | 1 Fsk-server Project | 1 Fsk-server | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
fsk-server is a simple http server. fsk-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
CVE-2018-8003 | 1 Apache | 1 Ambari | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
Apache Ambari, versions 1.4.0 to 2.6.1, is susceptible to a directory traversal attack allowing an unauthenticated user to craft an HTTP request which provides read-only access to any file on the filesystem of the host the Ambari Server runs on that is accessible by the user the Ambari Server is running as. Direct network access to the Ambari Server is required to issue this request, and those Ambari Servers that are protected behind a firewall, or in a restricted network zone are at less risk of being affected by this issue. | |||||
CVE-2018-3712 | 1 Zeit | 1 Serve | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
serve node module before 6.4.9 suffers from a Path Traversal vulnerability due to not handling %2e (.) and %2f (/) and allowing them in paths, which allows a malicious user to view the contents of any directory with known path. | |||||
CVE-2017-18263 | 1 Seagate | 2 Personal Cloud, Personal Cloud Firmware | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Seagate Media Server in Seagate Personal Cloud before 4.3.18.4 has directory traversal in getPhotoPlaylistPhotos.psp via a parameter named url. | |||||
CVE-2017-16132 | 1 Simple-npm-registry Project | 1 Simple-npm-registry | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
simple-npm-registry is a local npm package cache. simple-npm-registry is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
CVE-2018-1271 | 2 Oracle, Vmware | 28 Application Testing Suite, Big Data Discovery, Communications Converged Application Server and 25 more | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack. | |||||
CVE-2016-10726 | 1 Duraspace | 1 Dspace | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The XMLUI feature in DSpace before 3.6, 4.x before 4.5, and 5.x before 5.5 allows directory traversal via the themes/ path in an attack with two or more arbitrary characters and a colon before a pathname, as demonstrated by a themes/Reference/aa:etc/passwd URI. | |||||
CVE-2018-7770 | 1 Schneider-electric | 1 U.motion | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
The vulnerability exists within processing of sendmail.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The applet allows callers to select arbitrary files to send to an arbitrary email address. | |||||
CVE-2017-9447 | 1 Parallels | 1 Remote Application Server | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
In the web interface of Parallels Remote Application Server (RAS) 15.5 Build 16140, a vulnerability exists due to improper validation of the file path when requesting a resource under the "RASHTML5Gateway" directory. A remote, unauthenticated attacker could exploit this weakness to read arbitrary files from the vulnerable system using path traversal sequences. | |||||
CVE-2017-16095 | 1 Serverliujiayi1 Project | 1 Serverliujiayi1 | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
serverliujiayi1 is a simple http server. serverliujiayi1 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL. | |||||
CVE-2017-16218 | 1 Dgard8.lab6 Project | 1 Dgard8.lab6 | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
dgard8.lab6 is a static file server. dgard8.lab6 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
CVE-2017-16131 | 1 Unicorn-list Project | 1 Unicorn-list | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
unicorn-list is a web framework. unicorn-list is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. |