Total
6658 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-1653 | 1 Savas Place | 1 Savas Link Manager | 2017-08-08 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in Sava's Link Manager 2.0 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the q parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-1169 | 1 Simm-comm | 1 Sci Photo Chat | 2017-08-08 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in the embedded HTTP server in SCI Photo Chat Server 3.4.9 and earlier allows remote attackers to read arbitrary files via a "..\" (dot dot backslash) or "../" (dot dot forward slash) in the GET command. | |||||
| CVE-2007-6268 | 1 Xigla | 1 Absolute News Manager.net | 2017-08-08 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in pages/default.aspx in Absolute News Manager.NET 5.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter. | |||||
| CVE-2008-0797 | 1 Itheora | 1 Itheora | 2017-08-08 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in lib/download.php in iTheora 1.0 rc1 allows remote attackers to read arbitrary files via directory traversal sequences in the url parameter. | |||||
| CVE-2017-10708 | 1 Apport Project | 1 Apport | 2017-08-07 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in Apport through 2.20.x. In apport/report.py, Apport sets the ExecutablePath field and it then uses the path to run package specific hooks without protecting against path traversal. This allows remote attackers to execute arbitrary code via a crafted .crash file. | |||||
| CVE-2017-11389 | 1 Trendmicro | 1 Control Manager | 2017-08-06 | 7.5 HIGH | 9.8 CRITICAL |
| Directory traversal vulnerability in Trend Micro Control Manager 6.0 allows remote code execution by attackers able to drop arbitrary files in a web-facing directory. Formerly ZDI-CAN-4684. | |||||
| CVE-2017-11723 | 1 Xinha | 1 Xinha | 2017-08-04 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in plugins/ImageManager/backend.php in Xinha 0.96, as used in Jojo 4.4.0, allows remote attackers to delete any folder via directory traversal sequences in the deld parameter. | |||||
| CVE-2015-1847 | 1 Appserver | 1 Appserver | 2017-08-04 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in the web request/response interface in Appserver before 1.0.3 allows remote attackers to read normally inaccessible files via a .. (dot dot) in a crafted URL. | |||||
| CVE-2017-11658 | 1 Wp-rocket | 1 Wp-rocket | 2017-08-04 | 5.0 MEDIUM | 7.5 HIGH |
| In the WP Rocket plugin 2.9.3 for WordPress, the Local File Inclusion mitigation technique is to trim traversal characters (..) -- however, this is insufficient to stop remote attacks and can be bypassed by using 0x00 bytes, as demonstrated by a .%00.../.%00.../ attack. | |||||
| CVE-2017-11630 | 1 Fiyo | 1 Fiyo Cms | 2017-07-31 | 5.0 MEDIUM | 7.5 HIGH |
| dapur\apps\app_config\controller\backuper.php in Fiyo CMS 2.0.7 allows remote attackers to delete arbitrary files via directory traversal sequences in the file parameter in a type=database request, a different vulnerability than CVE-2017-8853. | |||||
| CVE-2016-6038 | 1 Ibm | 1 Aix | 2017-07-30 | 4.0 MEDIUM | 6.5 MEDIUM |
| Directory traversal vulnerability in Eclipse Help in IBM Tivoli Lightweight Infrastructure (aka LWI), as used in AIX 5.3, 6.1, and 7.1, allows remote authenticated users to read arbitrary files via a crafted URL. | |||||
| CVE-2016-7087 | 2 Microsoft, Vmware | 2 Windows, Horizon View | 2017-07-30 | 5.0 MEDIUM | 5.3 MEDIUM |
| Directory traversal vulnerability in the Connection Server in VMware Horizon View 5.x before 5.3.7, 6.x before 6.2.3, and 7.x before 7.0.1 allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2007-5320 | 1 Pegasus Imaging | 1 Imagxpress | 2017-07-29 | 4.0 MEDIUM | N/A |
| Multiple absolute path traversal vulnerabilities in Pegasus Imaging ImagXpress 8.0 allow remote attackers to (1) delete arbitrary files via the CacheFile attribute in the ThumbnailXpres.1 ActiveX control (PegasusImaging.ActiveX.ThumnailXpress1.dll) or (2) overwrite arbitrary files via the CompactFile function in the ImagXpress.8 ActiveX control (PegasusImaging.ActiveX.ImagXpress8.dll). | |||||
| CVE-2007-5366 | 1 Fujitsu | 3 Interstage Application Server, Interstage Apworks, Interstage Studio | 2017-07-29 | 5.0 MEDIUM | N/A |
| The Tomcat 4.1-based Servlet Service in Fujitsu Interstage Application Server 7.0 through 9.0.0 and Interstage Apworks/Studio 7.0 through 9.0.0 allows remote attackers to obtain sensitive information (web root path) via unspecified vectors that trigger an error message, probably related to enabling the useCanonCaches Java Virtual Machine (JVM) option. | |||||
| CVE-2007-5454 | 1 Php File Sharing System | 1 Php File Sharing System | 2017-07-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in index.php in PHP File Sharing System 1.5.1 allows remote attackers to list or create arbitrary directories, or delete arbitrary files, as demonstrated by listing directories via a .. (dot dot) in the cam parameter. | |||||
| CVE-2007-5956 | 1 Ibm | 1 Informix Dynamic Server | 2017-07-29 | 7.2 HIGH | N/A |
| Directory traversal vulnerability in IBM Informix Dynamic Server (IDS) before 10.00.xC7W1 allows local users to gain privileges by referencing modified NLS message files through directory traversal sequences in the DBLANG environment variable. | |||||
| CVE-2007-5742 | 1 Wesnoth | 1 Wesnoth | 2017-07-29 | 9.0 HIGH | N/A |
| Directory traversal vulnerability in the WML engine preprocessor for Wesnoth 1.2.x before 1.2.8, and 1.3.x before 1.3.12, allows remote attackers to read arbitrary files via ".." sequences in unknown vectors. | |||||
| CVE-2007-4655 | 1 Cgi-rescue | 1 Shopping Basket Professional | 2017-07-29 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in CGI RESCUE Shopping Basket Professional 7.51 and earlier allow remote attackers to list arbitrary directories, and possibly read arbitrary files, via directory traversal sequences in unspecified parameters to (1) list.cgi or (2) list2.cgi. | |||||
| CVE-2007-4683 | 1 Apple | 1 Mac Os X | 2017-07-29 | 4.6 MEDIUM | N/A |
| Directory traversal vulnerability in the kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to bypass the chroot mechanism via a relative path when changing the current working directory. | |||||
| CVE-2007-4764 | 1 Pawfaliki | 1 Pawfaliki | 2017-07-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in pawfaliki.php in Pawfaliki 0.5.1 allows remote attackers to list arbitrary files via a .. (dot dot) in the page parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||