Total
5771 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-5261 | 1 Cambiumnetworks | 10 Cnpilot E400, Cnpilot E400 Firmware, Cnpilot E410 and 7 more | 2023-12-10 | 4.0 MEDIUM | 8.8 HIGH |
In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the 'ping' and 'traceroute' functions of the web administrative console expose a file path traversal vulnerability, accessible to all authenticated users. | |||||
CVE-2017-11500 | 1 Metinfo | 1 Metinfo | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
A directory traversal vulnerability exists in MetInfo 5.3.17. A remote attacker can use ..\ to delete any .zip file via the filenames parameter to /admin/system/database/filedown.php. | |||||
CVE-2017-1000170 | 1 Jqueryfiletree Project | 1 Jqueryfiletree | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
jqueryFileTree 2.1.5 and older Directory Traversal | |||||
CVE-2017-13996 | 1 Loytec | 2 Lvis-3me, Lvis-3me Firmware | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
A Relative Path Traversal issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The web user interface fails to prevent access to critical files that non administrative users should not have access to, which could allow an attacker to create or modify files or execute arbitrary code. | |||||
CVE-2017-9964 | 1 Schneider-electric | 1 Pelco Videoxpert | 2023-12-10 | 5.8 MEDIUM | 6.9 MEDIUM |
A Path Traversal issue was discovered in Schneider Electric Pelco VideoXpert Enterprise all versions prior to 2.1. By sniffing communications, an unauthorized person can execute a directory traversal attack resulting in authentication bypass or session hijack. | |||||
CVE-2017-13985 | 1 Hp | 1 Bsm Platform Application Performance Management System Health | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to traverse directory leading to disclosure of information. | |||||
CVE-2017-8189 | 1 Huawei | 1 Fusionsphere Openstack | 2023-12-10 | 3.6 LOW | 6.0 MEDIUM |
FusionSphere OpenStack V100R006C00SPC102(NFV)has a path traversal vulnerability. Due to insufficient path validation, an attacker with high privilege may exploit this vulnerability to cover some files, causing services abnormal. | |||||
CVE-2017-1000028 | 1 Oracle | 1 Glassfish Server | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Traversal vulnerability, that can be exploited by issuing a specially crafted HTTP GET request. | |||||
CVE-2014-5301 | 1 Manageengine | 4 Assetexplorer, It360, Servicedesk Plus and 1 more | 2023-12-10 | 9.0 HIGH | 8.8 HIGH |
Directory traversal vulnerability in ServiceDesk Plus MSP v5 to v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 to v7.9; IT360 v8 to v10.4. | |||||
CVE-2018-5700 | 1 Magicwinmail | 1 Winmail Server | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
Winmail Server through 6.2 allows remote code execution by authenticated users who leverage directory traversal in a netdisk.php copy_folder_file call (in inc/class.ftpfolder.php) to move a .php file from the FTP folder into a web folder. | |||||
CVE-2017-17739 | 1 Brightsign | 2 4k242, 4k242 Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) has directory traversal via the /storage.html rp parameter, allowing an attacker to read or write to files. | |||||
CVE-2017-14513 | 1 Metinfo | 1 Metinfo | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
Directory traversal vulnerability in MetInfo 5.3.17 allows remote attackers to read information from any ini format file via the f_filename parameter in a fingerprintdo action to admin/app/physical/physical.php. | |||||
CVE-2018-5291 | 1 Gd Rating System Project | 1 Gd Rating System | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-tools page. | |||||
CVE-2017-8003 | 1 Emc | 1 Data Protection Advisor | 2023-12-10 | 6.8 MEDIUM | 4.9 MEDIUM |
EMC Data Protection Advisor prior to 6.4 contains a path traversal vulnerability. A remote authenticated high privileged user may potentially exploit this vulnerability to access unauthorized information from the underlying OS server by supplying specially crafted strings in input parameters of the application. | |||||
CVE-2014-8871 | 1 Sap | 1 Hybris | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Directory traversal vulnerability in hybris Commerce software suite 5.0.3.3 and earlier, 5.0.0.3 and earlier, 5.0.4.4 and earlier, 5.1.0.1 and earlier, 5.1.1.2 and earlier, 5.2.0.3 and earlier, and 5.3.0.1 and earlier. | |||||
CVE-2014-8163 | 1 Redhat | 1 Satellite | 2023-12-10 | 5.5 MEDIUM | 6.5 MEDIUM |
Directory traversal vulnerability in the XMLRPC interface in Red Hat Satellite 5. | |||||
CVE-2017-1000472 | 2 Debian, Pocoproject | 2 Debian Linux, Poco | 2023-12-10 | 5.8 MEDIUM | 6.5 MEDIUM |
The ZipCommon::isValidPath() function in Zip/src/ZipCommon.cpp in POCO C++ Libraries before 1.8 does not properly restrict the filename value in the ZIP header, which allows attackers to conduct absolute path traversal attacks during the ZIP decompression, and possibly create or overwrite arbitrary files, via a crafted ZIP file, related to a "file path injection vulnerability". | |||||
CVE-2017-17671 | 2 Microsoft, Vbulletin | 2 Windows, Vbulletin | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
vBulletin through 5.3.x on Windows allows remote PHP code execution because a require_once call is reachable with an unauthenticated request that can include directory traversal sequences to specify an arbitrary pathname, and because ../ traversal is blocked but ..\ traversal is not blocked. For example, an attacker can make an invalid HTTP request containing PHP code, and then make an index.php?routestring= request with enough instances of ".." to reach an Apache HTTP Server log file. | |||||
CVE-2017-7442 | 1 Gonitro | 1 Nitro Pro | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Nitro Pro 11.0.3.173 allows remote attackers to execute arbitrary code via saveAs and launchURL calls with directory traversal sequences. | |||||
CVE-2015-4085 | 1 Etherpad | 1 Etherpad | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Directory traversal vulnerability in node/hooks/express/tests.js in Etherpad frontend tests before 1.6.1. |