Total
6658 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-2846 | 1 Westerndigital | 1 Arkeia Virtual Appliance Firmware | 2020-02-24 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in opt/arkeia/wui/htdocs/index.php in the WD Arkeia virtual appliance (AVA) with firmware before 10.2.9 allows remote attackers to read arbitrary files and execute arbitrary PHP code via a ..././ (dot dot dot slash dot slash) in the lang Cookie parameter, as demonstrated by a request to login/doLogin. | |||||
| CVE-2014-0598 | 1 Novell | 1 Open Enterprise Server | 2020-02-24 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in iPrint in Novell Open Enterprise Server (OES) 11 SP1 before Maintenance Update 9151 on Linux has unspecified impact and remote attack vectors. | |||||
| CVE-2020-8996 | 1 Aishu | 1 Anyshare Cloud | 2020-02-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| AnyShare Cloud 6.0.9 allows authenticated directory traversal to read files, as demonstrated by the interface/downloadwithpath/downloadfile/?filepath=/etc/passwd URI. | |||||
| CVE-2014-9609 | 1 Netsweeper | 1 Netsweeper | 2020-02-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| Directory traversal vulnerability in webadmin/reporter/view_server_log.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to list directory contents via a .. (dot dot) in the log parameter in a stats action. | |||||
| CVE-2020-1853 | 1 Huawei | 1 Gaussdb 200 | 2020-02-19 | 4.0 MEDIUM | 6.5 MEDIUM |
| GaussDB 200 with version of 6.5.1 have a path traversal vulnerability. Due to insufficient input path validation, an authenticated attacker can traverse directories and download files to a specific directory. Successful exploit may cause information leakage. | |||||
| CVE-2015-3309 | 1 Etherpad | 1 Etherpad | 2020-02-19 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in node/utils/Minify.js in Etherpad 1.1.2 through 1.5.4 allows remote attackers to read arbitrary files with permissions of the user running the service via a .. (dot dot) in the path parameter of HTTP API requests. NOTE: This vulnerability is due to an incomplete fix to CVE-2015-3297. | |||||
| CVE-2020-8803 | 1 Salesagility | 1 Suitecrm | 2020-02-19 | 7.5 HIGH | 9.8 CRITICAL |
| SuiteCRM through 7.11.11 allows Directory Traversal to include arbitrary .php files within the webroot via add_to_prospect_list. | |||||
| CVE-2020-9029 | 1 Microchip | 10 Syncserver S100, Syncserver S100 Firmware, Syncserver S200 and 7 more | 2020-02-19 | 6.4 MEDIUM | 6.5 MEDIUM |
| Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to messagelog.php. | |||||
| CVE-2020-9030 | 1 Microchip | 10 Syncserver S100, Syncserver S100 Firmware, Syncserver S200 and 7 more | 2020-02-19 | 6.4 MEDIUM | 6.5 MEDIUM |
| Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to the syslog.php. | |||||
| CVE-2020-9031 | 1 Microchip | 10 Syncserver S100, Syncserver S100 Firmware, Syncserver S200 and 7 more | 2020-02-19 | 6.4 MEDIUM | 6.5 MEDIUM |
| Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to daemonlog.php. | |||||
| CVE-2020-9032 | 1 Microchip | 10 Syncserver S100, Syncserver S100 Firmware, Syncserver S200 and 7 more | 2020-02-19 | 6.4 MEDIUM | 6.5 MEDIUM |
| Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to kernlog.php. | |||||
| CVE-2020-9033 | 1 Microchip | 10 Syncserver S100, Syncserver S100 Firmware, Syncserver S200 and 7 more | 2020-02-19 | 6.4 MEDIUM | 6.5 MEDIUM |
| Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to authlog.php. | |||||
| CVE-2014-9261 | 1 Codologic | 1 Codoforum | 2020-02-18 | 5.0 MEDIUM | N/A |
| The sanitize function in Codoforum 2.5.1 does not properly implement filtering for directory traversal sequences, which allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter to index.php. | |||||
| CVE-2015-1396 | 2 Debian, Gnu | 2 Debian Linux, Patch | 2020-02-17 | 6.4 MEDIUM | 7.5 HIGH |
| A Directory Traversal vulnerability exists in the GNU patch before 2.7.4. A remote attacker can write to arbitrary files via a symlink attack in a patch file. NOTE: this issue exists because of an incomplete fix for CVE-2015-1196. | |||||
| CVE-2020-6767 | 1 Bosch | 5 Divar Ip 3000, Divar Ip 7000, Divar Ip All-in-one 5000 and 2 more | 2020-02-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| A path traversal vulnerability in the Bosch Video Management System (BVMS) FileTransferService allows an authenticated remote attacker to read arbitrary files from the Central Server. This affects Bosch BVMS versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.329 and 7.5 and older. This affects Bosch BVMS Viewer versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.329 and 7.5 and older. This affects Bosch DIVAR IP 3000, DIVAR IP 7000 and DIVAR IP all-in-one 5000 if a vulnerable BVMS version is installed. | |||||
| CVE-2020-6768 | 1 Bosch | 5 Divar Ip 3000, Divar Ip 7000, Divar Ip All-in-one 5000 and 2 more | 2020-02-12 | 5.0 MEDIUM | 7.5 HIGH |
| A path traversal vulnerability in the Bosch Video Management System (BVMS) NoTouch deployment allows an unauthenticated remote attacker to read arbitrary files from the Central Server. This affects Bosch BVMS versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.329 and 7.5 and older. This affects Bosch BVMS Viewer versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.329 and 7.5 and older. This affects Bosch DIVAR IP 3000, DIVAR IP 7000 and DIVAR IP all-in-one 5000 if a vulnerable BVMS version is installed. | |||||
| CVE-2009-5093 | 1 Php4scripte | 1 Gastebuch | 2020-02-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in gastbuch.php in Gästebuch (Gastebuch) 1.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the start parameter. | |||||
| CVE-2014-8478 | 1 Siemens | 9 Scalance X-300, Scalance X-300 Series Firmware, Scalance X-300eec and 6 more | 2020-02-10 | 7.8 HIGH | N/A |
| The web server on Siemens SCALANCE X-300 switches with firmware before 4.0 and SCALANCE X 408 switches with firmware before 4.0 allows remote attackers to cause a denial of service (reboot) via malformed HTTP requests. | |||||
| CVE-2020-5720 | 1 Mikrotik | 1 Winbox | 2020-02-10 | 4.3 MEDIUM | 5.9 MEDIUM |
| MikroTik WinBox before 3.21 is vulnerable to a path traversal vulnerability that allows creation of arbitrary files wherevere WinBox has write permissions. WinBox is vulnerable to this attack if it connects to a malicious endpoint or if an attacker mounts a man in the middle attack. | |||||
| CVE-2020-6754 | 1 Dotcms | 1 Dotcms | 2020-02-07 | 7.5 HIGH | 9.8 CRITICAL |
| dotCMS before 5.2.4 is vulnerable to directory traversal, leading to incorrect access control. It allows an attacker to read or execute files under $TOMCAT_HOME/webapps/ROOT/assets (which should be a protected directory). Additionally, attackers can upload temporary files (e.g., .jsp files) into /webapps/ROOT/assets/tmp_upload, which can lead to remote command execution (with the permissions of the user running the dotCMS application). | |||||