Total
7633 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-12938 | 1 Rarlab | 1 Unrar | 2025-04-20 | N/A |
| UnRAR before 5.5.7 allows remote attackers to bypass a directory-traversal protection mechanism via vectors involving a symlink to the . directory, a symlink to the .. directory, and a regular file. | ||||
| CVE-2017-10665 | 1 Phpgrid | 1 Phpgrid | 2025-04-20 | N/A |
| Directory traversal vulnerability in ajaxfileupload.php in Kayson Group Ltd. phpGrid before 7.2.5 allows remote attackers to execute arbitrary code by uploading a crafted file with a .. (dot dot) in the file name. | ||||
| CVE-2017-7929 | 1 Advantech | 1 Webaccess | 2025-04-20 | N/A |
| An Absolute Path Traversal issue was discovered in Advantech WebAccess Version 8.1 and prior. The absolute path traversal vulnerability has been identified, which may allow an attacker to traverse the file system to access restricted files or directories. | ||||
| CVE-2017-15527 | 1 Symantec | 1 Management Console | 2025-04-20 | N/A |
| Prior to ITMS 8.1 RU4, the Symantec Management Console can be susceptible to a directory traversal exploit, which is a type of attack that can occur when there is insufficient security validation / sanitization of user-supplied input file names, such that characters representing "traverse to parent directory" are passed through to the file APIs. | ||||
| CVE-2017-8104 | 1 Mybb | 1 Mybb | 2025-04-20 | N/A |
| In MyBB before 1.8.11, the smilie module allows Directory Traversal via the pathfolder parameter. | ||||
| CVE-2017-8189 | 1 Huawei | 1 Fusionsphere Openstack | 2025-04-20 | N/A |
| FusionSphere OpenStack V100R006C00SPC102(NFV)has a path traversal vulnerability. Due to insufficient path validation, an attacker with high privilege may exploit this vulnerability to cover some files, causing services abnormal. | ||||
| CVE-2017-11348 | 1 Octopus | 2 Octopus Deploy, Octopus Server | 2025-04-20 | N/A |
| In Octopus Deploy 3.x before 3.15.4, an authenticated user with PackagePush permission to upload packages could upload a maliciously crafted NuGet package, potentially overwriting other packages or modifying system files. This is a directory traversal in the PackageId value. | ||||
| CVE-2016-7802 | 1 Cybozu | 1 Garoon | 2025-04-20 | N/A |
| Directory traversal vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to read arbitrary files via unspecified vectors. | ||||
| CVE-2017-10841 | 1 Webcalendar Project | 1 Webcalendar | 2025-04-20 | N/A |
| Directory traversal vulnerability in WebCalendar 1.2.7 and earlier allows authenticated attackers to read arbitrary files via unspecified vectors. | ||||
| CVE-2017-15363 | 1 Luracast | 1 Restler | 2025-04-20 | 7.5 High |
| Directory traversal vulnerability in public/examples/resources/getsource.php in Luracast Restler through 3.0.0, as used in the restler extension before 1.7.1 for TYPO3, allows remote attackers to read arbitrary files via the file parameter. | ||||
| CVE-2017-15359 | 1 3cx | 1 3cx | 2025-04-20 | N/A |
| In the 3CX Phone System 15.5.3554.1, the Management Console typically listens to port 5001 and is prone to a directory traversal attack: "/api/RecordingList/DownloadRecord?file=" and "/api/SupportInfo?file=" are the vulnerable parameters. An attacker must be authenticated to exploit this issue to access sensitive information to aid in subsequent attacks. | ||||
| CVE-2017-17992 | 1 Iwcnetwork | 1 Biometric Shift Employee Management System | 2025-04-20 | N/A |
| Biometric Shift Employee Management System allows Arbitrary File Download via directory traversal sequences in the index.php form_file_name parameter in a download_form action. | ||||
| CVE-2017-8033 | 1 Cloudfoundry | 2 Capi-release, Cf-release | 2025-04-20 | 7.8 High |
| An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions prior to v1.35.0 and cf-release versions prior to v268. A filesystem traversal vulnerability exists in the Cloud Controller that allows a space developer to escalate privileges by pushing a specially crafted application that can write arbitrary files to the Cloud Controller VM. | ||||
| CVE-2017-17924 | 1 Ordermanagementscript | 1 Professional Service Script | 2025-04-20 | N/A |
| PHP Scripts Mall Professional Service Script allows remote attackers to obtain sensitive full-path information via the id parameter to admin/review_userwise.php. | ||||
| CVE-2017-17042 | 1 Yardoc | 1 Yard | 2025-04-20 | N/A |
| lib/yard/core_ext/file.rb in the server in YARD before 0.9.11 does not block relative paths with an initial ../ sequence, which allows attackers to conduct directory traversal attacks and read arbitrary files. | ||||
| CVE-2016-8913 | 1 Ibm | 1 Kenexa Lms On Cloud | 2025-04-20 | N/A |
| IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. | ||||
| CVE-2017-6681 | 1 Cisco | 1 Ultra Services Framework | 2025-04-20 | N/A |
| A vulnerability in the AutoVNF VNFStagingView class of Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to execute a relative path traversal attack, enabling an attacker to read sensitive files on the system. More Information: CSCvc76662. Known Affected Releases: 21.0.0. | ||||
| CVE-2017-7974 | 1 Schneider-electric | 1 U.motion Builder | 2025-04-20 | N/A |
| A path traversal information disclosure vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can execute arbitrary code and exfiltrate files. | ||||
| CVE-2017-3163 | 2 Apache, Redhat | 2 Solr, Jboss Enterprise Application Platform | 2025-04-20 | N/A |
| When using the Index Replication feature, Apache Solr nodes can pull index files from a master/leader node using an HTTP API which accepts a file name. However, Solr before 5.5.4 and 6.x before 6.4.1 did not validate the file name, hence it was possible to craft a special request involving path traversal, leaving any file readable to the Solr server process exposed. Solr servers protected and restricted by firewall rules and/or authentication would not be at risk since only trusted clients and users would gain direct HTTP access. | ||||
| CVE-2016-4323 | 3 Canonical, Debian, Pidgin | 3 Ubuntu Linux, Debian Linux, Pidgin | 2025-04-20 | N/A |
| A directory traversal exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an overwrite of files. A malicious server or someone with access to the network traffic can provide an invalid filename for a splash image triggering the vulnerability. | ||||