Total
6658 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-0403 | 1 Rsa | 1 Envision | 2017-12-06 | 6.3 MEDIUM | N/A |
| Directory traversal vulnerability in EMC RSA enVision 4.x before 4.1 Patch 4 allows remote authenticated users to have an unspecified impact via unknown vectors. | |||||
| CVE-2012-0987 | 1 Impresscms | 1 Impresscms | 2017-12-01 | 6.0 MEDIUM | N/A |
| Directory traversal vulnerability in edituser.php in ImpressCMS 1.2.x before 1.2.7 Final and 1.3.x before 1.3.1 Final allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the icmsConfigPlugins[sanitizer_plugins][] parameter. | |||||
| CVE-2017-16762 | 1 Sanic Project | 1 Sanic | 2017-11-30 | 5.0 MEDIUM | 7.5 HIGH |
| Sanic before 0.5.1 allows reading arbitrary files with directory traversal, as demonstrated by the /static/..%2f substring. | |||||
| CVE-2017-16806 | 1 Ulterius | 1 Ulterius Server | 2017-11-29 | 5.0 MEDIUM | 7.5 HIGH |
| The Process function in RemoteTaskServer/WebServer/HttpServer.cs in Ulterius before 1.9.5.0 allows HTTP server directory traversal. | |||||
| CVE-2008-2702 | 1 Estsoft | 1 Alftp | 2017-11-22 | 9.3 HIGH | N/A |
| Directory traversal vulnerability in the FTP client in ALTools ESTsoft ALFTP 4.1 beta 2 and 5.0 allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a response to a LIST command, a related issue to CVE-2002-1345. NOTE: this can be leveraged for code execution by writing to a Startup folder. | |||||
| CVE-2013-0141 | 1 Mcafee | 1 Epolicy Orchestrator | 2017-11-16 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in McAfee ePolicy Orchestrator (ePO) before 4.5.7 and 4.6.x before 4.6.6 allows remote attackers to upload arbitrary files via a crafted request over the Agent-Server communication channel, as demonstrated by writing to the Software/ directory. | |||||
| CVE-2014-3744 | 1 Nodejs | 1 Node.js | 2017-11-15 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in an unspecified path. | |||||
| CVE-2017-14695 | 1 Saltstack | 1 Salt | 2017-11-14 | 7.5 HIGH | 9.8 CRITICAL |
| Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-12791. | |||||
| CVE-2017-15359 | 1 3cx | 1 3cx | 2017-11-13 | 4.0 MEDIUM | 6.5 MEDIUM |
| In the 3CX Phone System 15.5.3554.1, the Management Console typically listens to port 5001 and is prone to a directory traversal attack: "/api/RecordingList/DownloadRecord?file=" and "/api/SupportInfo?file=" are the vulnerable parameters. An attacker must be authenticated to exploit this issue to access sensitive information to aid in subsequent attacks. | |||||
| CVE-2017-14722 | 1 Wordpress | 1 Wordpress | 2017-11-10 | 5.0 MEDIUM | 7.5 HIGH |
| Before version 4.8.2, WordPress allowed a Directory Traversal attack in the Customizer component via a crafted theme filename. | |||||
| CVE-2017-14719 | 1 Wordpress | 1 Wordpress | 2017-11-10 | 5.0 MEDIUM | 7.5 HIGH |
| Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components. | |||||
| CVE-2017-9367 | 1 Blackberry | 2 Workspaces Appliance-x, Workspaces Vapp | 2017-11-08 | 6.8 MEDIUM | 9.8 CRITICAL |
| A directory traversal vulnerability in the BlackBerry Workspaces Server could potentially allow an attacker to execute or upload arbitrary files, or reveal the content of arbitrary files anywhere on the web server by crafting a URL with a manipulated POST request. | |||||
| CVE-2017-15805 | 1 Cisco | 4 Small Business Sa520, Small Business Sa520 Firmware, Small Business Sa540 and 1 more | 2017-11-08 | 5.0 MEDIUM | 7.5 HIGH |
| Cisco Small Business SA520 and SA540 devices with firmware 2.1.71 and 2.2.0.7 allow ../ directory traversal in scgi-bin/platform.cgi via the thispage parameter, for reading arbitrary files. | |||||
| CVE-2017-8805 | 1 Debian | 1 Ftpsync | 2017-11-08 | 6.4 MEDIUM | 9.1 CRITICAL |
| Debian ftpsync before 20171017 does not use the rsync --safe-links option, which allows remote attackers to conduct directory traversal attacks via a crafted upstream mirror. | |||||
| CVE-2017-10933 | 1 Zte | 2 Zxdt22 Sf01, Zxdt22 Sf01 Firmware | 2017-11-08 | 5.0 MEDIUM | 7.5 HIGH |
| All versions prior to V2.06.00.00 of ZTE ZXDT22 SF01, an monitoring system of ZTE energy product, are impacted by directory traversal vulnerability that allows remote attackers to read arbitrary files on the system via a full path name after host address. | |||||
| CVE-2014-3702 | 1 Redhat | 1 Edeploy | 2017-11-07 | 6.4 MEDIUM | 9.1 CRITICAL |
| Directory traversal vulnerability in eNovance eDeploy allows remote attackers to create arbitrary directories and files and consequently cause a denial of service (resource consumption) via a .. (dot dot) the session parameter. | |||||
| CVE-2017-15647 | 1 Fiberhome | 1 Routerfiberhome Firmware | 2017-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| On FiberHome routers, Directory Traversal exists in /cgi-bin/webproc via the getpage parameter in conjunction with a crafted var:page value. | |||||
| CVE-2015-7601 | 1 Pcman\'s Ftp Server Project | 1 Pcman\'s Ftp Server | 2017-11-07 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in PCMan's FTP Server 2.0.7 allows remote attackers to read arbitrary files via a ..// (dot dot double slash) in a RETR command. | |||||
| CVE-2017-14614 | 1 Gridgain | 1 Gridgain | 2017-11-05 | 4.0 MEDIUM | 6.5 MEDIUM |
| Directory traversal vulnerability in the Visor GUI Console in GridGain before 1.7.16, 1.8.x before 1.8.12, 1.9.x before 1.9.7, and 8.x before 8.1.5 allows remote authenticated users to read arbitrary files on remote cluster nodes via a crafted path. | |||||
| CVE-2016-7169 | 1 Wordpress | 1 Wordpress | 2017-11-04 | 6.5 MEDIUM | 6.3 MEDIUM |
| Directory traversal vulnerability in the File_Upload_Upgrader class in wp-admin/includes/class-file-upload-upgrader.php in the upgrade package uploader in WordPress before 4.6.1 allows remote authenticated users to access arbitrary files via a crafted urlholder parameter. | |||||