Total
5865 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-16179 | 1 Dasafio Project | 1 Dasafio | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
dasafio is a web server. dasafio is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. File access is restricted to only .html files. | |||||
CVE-2017-16121 | 1 Datachannel-client Project | 1 Datachannel-client | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
datachannel-client is a signaling implementation for DataChannel.js. datachannel-client is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
CVE-2018-13034 | 1 Jester Project | 1 Jester | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
Directory traversal in Jester web framework 0.2.0 allows remote attackers to fetch files in arbitrary locations via "..%f" sequences. | |||||
CVE-2016-10528 | 1 Restafary Project | 1 Restafary | 2023-12-10 | 4.0 MEDIUM | 4.9 MEDIUM |
restafary is a REpresentful State Transfer API for Creating, Reading, Using, Deleting files on a server from the web. Restafary before 1.6.1 is able to set up a root path, which should only allow it to run inside of that root path it specified. | |||||
CVE-2017-16103 | 1 Serveryztyzt Project | 1 Serveryztyzt | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
serveryztyzt is a simple http server. serveryztyzt is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL. | |||||
CVE-2018-3730 | 1 Mcstatic Project | 1 Mcstatic | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
mcstatic node module suffers from a Path Traversal vulnerability due to lack of validation of filePath, which allows a malicious user to read content of any file with known path. | |||||
CVE-2017-16036 | 1 Badjs-sourcemap-server Project | 1 Badjs-sourcemap-server | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
`badjs-sourcemap-server` receives files sent by `badjs-sourcemap`. `badjs-sourcemap-server` is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
CVE-2017-16158 | 1 Dcserver Project | 1 Dcserver | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
dcserver is a static file server. dcserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
CVE-2018-6914 | 4 Canonical, Debian, Redhat and 1 more | 4 Ubuntu Linux, Debian Linux, Enterprise Linux and 1 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 might allow attackers to create arbitrary directories or files via a .. (dot dot) in the prefix argument. | |||||
CVE-2018-11141 | 1 Quest | 1 Kace System Management Appliance | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The 'IMAGES_JSON' and 'attachments_to_remove[]' parameters of the '/adminui/advisory.php' script in the Quest KACE System Management Virtual Appliance 8.0.318 can be abused to write and delete files respectively via Directory Traversal. Files can be at any location where the 'www' user has write permissions. | |||||
CVE-2017-16223 | 1 Nodeaaaaa Project | 1 Nodeaaaaa | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
nodeaaaaa is a static file server. nodeaaaaa is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
CVE-2017-16170 | 1 Liuyaserver Project | 1 Liuyaserver | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
liuyaserver is a static file server. liuyaserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
CVE-2017-17223 | 1 Huawei | 6 Espace 7910, Espace 7910 Firmware, Espace 7950 and 3 more | 2023-12-10 | 8.0 HIGH | 8.8 HIGH |
Huawei eSpace 7910 V200R003C30; eSpace 7950 V200R003C30; eSpace 8950 V200R003C00; V200R003C30 have a directory traversal vulnerability. An authenticated, remote attacker can craft specific URL to the affected products. Due to insufficient verification of the URL, successful exploit will upload and download files and cause information leak and system crash. | |||||
CVE-2018-12031 | 1 Eaton | 1 Intelligent Power Manager | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Local file inclusion in Eaton Intelligent Power Manager v1.6 allows an attacker to include a file via server/node_upgrade_srv.js directory traversal with the firmware parameter in a downloadFirmware action. | |||||
CVE-2017-16106 | 1 Tmock Project | 1 Tmock | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
tmock is a static file server. tmock is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
CVE-2018-11344 | 1 Asustor | 2 As6202t, As6202t Firmware | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
A path traversal vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to arbitrarily specify a file on the system to download via the file1 parameter. | |||||
CVE-2017-16198 | 1 Ritp Project | 1 Ritp | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
ritp is a static web server. ritp is vulnerable to a directory traversal issue whereby an attacker can gain access to the file system by placing ../ in the URL. Access is restricted to files with a file extension, so files such as /etc/passwd are not accessible. | |||||
CVE-2014-10073 | 2 Debian, Wpitchoune | 2 Debian Linux, Psensor | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The create_response function in server/server.c in Psensor before 1.1.4 allows Directory Traversal because it lacks a check for whether a file is under the webserver directory. | |||||
CVE-2017-16171 | 1 Hcbserver Project | 1 Hcbserver | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
hcbserver is a static file server. hcbserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
CVE-2017-16190 | 1 Dcdcdcdcdc Project | 1 Dcdcdcdcdc | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
dcdcdcdcdc is a static file server. dcdcdcdcdc is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. |