Total
5866 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-10933 | 1 Zte | 2 Zxdt22 Sf01, Zxdt22 Sf01 Firmware | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| All versions prior to V2.06.00.00 of ZTE ZXDT22 SF01, an monitoring system of ZTE energy product, are impacted by directory traversal vulnerability that allows remote attackers to read arbitrary files on the system via a full path name after host address. | |||||
| CVE-2015-0781 | 1 Novell | 1 Zenworks Configuration Management | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Directory traversal vulnerability in the doPost method of the Rtrlet class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to upload and execute arbitrary files via unspecified vectors. | |||||
| CVE-2017-14695 | 1 Saltstack | 1 Salt | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-12791. | |||||
| CVE-2017-10834 | 1 Nippon-antenna | 2 Scr02hd, Scr02hd Firmware | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| Directory traversal vulnerability in "Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier allows authenticated attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2014-7954 | 1 Google | 1 Android | 2023-12-10 | 2.1 LOW | 4.6 MEDIUM |
| Directory traversal vulnerability in the doSendObjectInfo method in frameworks/av/media/mtp/MtpServer.cpp in Android 4.4.4 allows physically proximate attackers with a direct connection to the target Android device to upload files outside of the sdcard via a .. (dot dot) in a name parameter of an MTP request. | |||||
| CVE-2017-9511 | 2 Atlassian, Microsoft | 3 Crucible, Fisheye, Windows | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| The MultiPathResource class in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote attackers to read arbitrary files via a path traversal vulnerability when Fisheye or Crucible is running on the Microsoft Windows operating system. | |||||
| CVE-2017-8033 | 1 Cloudfoundry | 2 Capi-release, Cf-release | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions prior to v1.35.0 and cf-release versions prior to v268. A filesystem traversal vulnerability exists in the Cloud Controller that allows a space developer to escalate privileges by pushing a specially crafted application that can write arbitrary files to the Cloud Controller VM. | |||||
| CVE-2017-12791 | 1 Saltstack | 1 Salt | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.11.7 and 2017.7.x before 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. | |||||
| CVE-2016-10330 | 1 Synology | 1 Photo Station | 2023-12-10 | 4.6 MEDIUM | 7.1 HIGH |
| Directory traversal vulnerability in synophoto_dsm_user, a SUID program, as used in Synology Photo Station before 6.5.3-3226 allows local users to write to arbitrary files via unspecified vectors. | |||||
| CVE-2016-9357 | 1 Eaton | 10 Eamaxx Series Epdu, Eamaxx Series Epdu Firmware, Eamxxx Series Epdu and 7 more | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in certain legacy Eaton ePDUs -- the affected products are past end-of-life (EoL) and no longer supported: EAMxxx prior to June 30, 2015, EMAxxx prior to January 31, 2014, EAMAxx prior to January 31, 2014, EMAAxx prior to January 31, 2014, and ESWAxx prior to January 31, 2014. An unauthenticated attacker may be able to access configuration files with a specially crafted URL (Path Traversal). | |||||
| CVE-2016-10037 | 1 Modx | 1 Modx Revolution | 2023-12-10 | 7.5 HIGH | 7.3 HIGH |
| Directory traversal in /connectors/index.php in MODX Revolution before 2.5.2-pl allows remote attackers to perform local file inclusion/traversal/manipulation via a crafted id (aka dir) parameter, related to browser/directory/getlist. | |||||
| CVE-2017-6629 | 1 Cisco | 1 Unity Connection | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the ImageID parameter of Cisco Unity Connection 10.5(2) could allow an unauthenticated, remote attacker to access files in arbitrary locations on the filesystem of an affected device. The issue is due to improper sanitization of user-supplied input in HTTP POST parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location. Cisco Bug IDs: CSCvd90118. | |||||
| CVE-2016-9210 | 1 Cisco | 1 Unified Communications Manager | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the Cisco Unified Reporting upload tool accessed via the Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to modify arbitrary files on the file system. More Information: CSCvb61698. Known Affected Releases: 11.5(1.11007.2). Known Fixed Releases: 12.0(0.98000.168) 12.0(0.98000.178) 12.0(0.98000.399) 12.0(0.98000.510) 12.0(0.98000.536) 12.0(0.98500.7). | |||||
| CVE-2016-5312 | 1 Symantec | 1 Messaging Gateway | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| Directory traversal vulnerability in the charting component in Symantec Messaging Gateway before 10.6.2 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the sn parameter to brightmail/servlet/com.ve.kavachart.servlet.ChartStream. | |||||
| CVE-2016-10367 | 1 Opsview | 1 Opsview | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| In Opsview Monitor Pro (Prior to 5.1.0.162300841, prior to 5.0.2.27475, prior to 4.6.4.162391051, and 4.5.x without a certain 2016 security patch), an unauthenticated Directory Traversal vulnerability can be exploited by issuing a specially crafted HTTP GET request utilizing a simple URL encoding bypass, %252f instead of /. | |||||
| CVE-2016-7982 | 1 Spip | 1 Spip | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to enumerate the files on the system via the var_url parameter in a valider_xml action. | |||||
| CVE-2017-8297 | 1 Simple-file-manager Project | 1 Simple-file-manager | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| A path traversal vulnerability exists in simple-file-manager before 2017-04-26, affecting index.php (the sole "Simple PHP File Manager" component). | |||||
| CVE-2017-7929 | 1 Advantech | 1 Webaccess | 2023-12-10 | 5.5 MEDIUM | 7.1 HIGH |
| An Absolute Path Traversal issue was discovered in Advantech WebAccess Version 8.1 and prior. The absolute path traversal vulnerability has been identified, which may allow an attacker to traverse the file system to access restricted files or directories. | |||||
| CVE-2017-8104 | 1 Mybb | 1 Mybb | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| In MyBB before 1.8.11, the smilie module allows Directory Traversal via the pathfolder parameter. | |||||
| CVE-2016-10184 | 1 Dlink | 2 Dwr-932b, Dwr-932b Firmware | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on the D-Link DWR-932B router. qmiweb allows file reading with ..%2f traversal. | |||||