Search Results (9627 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-7552 1 Trendmicro 1 Threat Discovery Appliance 2025-04-20 N/A
On the Trend Micro Threat Discovery Appliance 2.6.1062r1, directory traversal when processing a session_id cookie allows a remote, unauthenticated attacker to delete arbitrary files as root. This can be used to bypass authentication or cause a DoS.
CVE-2017-2245 1 Getshortcodes 1 Shortcodes Ultimate 2025-04-20 5.0 Medium
Directory traversal vulnerability in Shortcodes Ultimate prior to version 4.10.0 allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2017-9428 2 Bigtreecms, Microsoft 2 Bigtree Cms, Windows 2025-04-20 N/A
A directory traversal vulnerability exists in core\admin\ajax\developer\extensions\file-browser.php in BigTree CMS through 4.2.18 on Windows, allowing attackers to read arbitrary files via ..\ sequences in the directory parameter.
CVE-2017-7461 1 Intellinet-network 2 Nfc-30ir, Nfc-30ir Firmware 2025-04-20 N/A
Directory traversal vulnerability in the web-based management site on the Intellinet NFC-30ir IP Camera with firmware LM.1.6.16.05 allows remote attackers to read arbitrary files via a request to a vendor-supplied CGI script that is used to read HTML text file, but that does not do any URI/path sanitization.
CVE-2017-1087 1 Freebsd 1 Freebsd 2025-04-20 N/A
In FreeBSD 10.x before 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24 named paths are globally scoped, meaning a process located in one jail can read and modify the content of POSIX shared memory objects created by a process in another jail or the host system. As a result, a malicious user that has access to a jailed system is able to abuse shared memory by injecting malicious content in the shared memory region. This memory region might be executed by applications trusting the shared memory, like Squid. This issue could lead to a Denial of Service or local privilege escalation.
CVE-2017-7693 1 Riverbed 1 Opnet App Response Xpert 2025-04-20 N/A
Directory traversal vulnerability in viewer_script.jsp in Riverbed OPNET App Response Xpert (ARX) version 9.6.1 allows remote authenticated users to inject arbitrary commands to read OS files.
CVE-2017-2090 1 Cubecart 1 Cubecart 2025-04-20 N/A
Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors.
CVE-2017-2150 1 Booking Calendar Project 1 Booking Calendar 2025-04-20 N/A
Directory traversal vulnerability in Booking Calendar version 7.0 and earlier allows remote attackers to read arbitrary files via specially crafted captcha_chalange parameter.
CVE-2017-9511 2 Atlassian, Microsoft 3 Crucible, Fisheye, Windows 2025-04-20 7.5 High
The MultiPathResource class in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote attackers to read arbitrary files via a path traversal vulnerability when Fisheye or Crucible is running on the Microsoft Windows operating system.
CVE-2016-10183 1 Dlink 2 Dwr-932b, Dwr-932b Firmware 2025-04-20 7.5 High
An issue was discovered on the D-Link DWR-932B router. qmiweb allows directory listing with ../ traversal.
CVE-2017-6681 1 Cisco 1 Ultra Services Framework 2025-04-20 N/A
A vulnerability in the AutoVNF VNFStagingView class of Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to execute a relative path traversal attack, enabling an attacker to read sensitive files on the system. More Information: CSCvc76662. Known Affected Releases: 21.0.0.
CVE-2014-3702 1 Redhat 1 Edeploy 2025-04-20 N/A
Directory traversal vulnerability in eNovance eDeploy allows remote attackers to create arbitrary directories and files and consequently cause a denial of service (resource consumption) via a .. (dot dot) the session parameter.
CVE-2017-17992 1 Iwcnetwork 1 Biometric Shift Employee Management System 2025-04-20 N/A
Biometric Shift Employee Management System allows Arbitrary File Download via directory traversal sequences in the index.php form_file_name parameter in a download_form action.
CVE-2017-11511 1 Manageengine 1 Servicedesk 2025-04-20 N/A
The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the filepath parameter for the download-file URL. An unauthenticated remote attacker can use this vulnerability to download arbitrary files.
CVE-2017-17924 1 Ordermanagementscript 1 Professional Service Script 2025-04-20 N/A
PHP Scripts Mall Professional Service Script allows remote attackers to obtain sensitive full-path information via the id parameter to admin/review_userwise.php.
CVE-2017-8003 1 Emc 1 Data Protection Advisor 2025-04-20 N/A
EMC Data Protection Advisor prior to 6.4 contains a path traversal vulnerability. A remote authenticated high privileged user may potentially exploit this vulnerability to access unauthorized information from the underlying OS server by supplying specially crafted strings in input parameters of the application.
CVE-2017-17927 1 Ordermanagementscript 1 Professional Service Script 2025-04-20 N/A
PHP Scripts Mall Professional Service Script allows remote attackers to obtain sensitive full-path information via a crafted PATH_INFO to service-list/category/.
CVE-2017-9097 1 Hoytech 1 Antiweb 2025-04-20 N/A
In Anti-Web through 3.8.7, as used on NetBiter FGW200 devices through 3.21.2, WS100 devices through 3.30.5, EC150 devices through 1.40.0, WS200 devices through 3.30.4, EC250 devices through 1.40.0, and other products, an LFI vulnerability allows a remote attacker to read or modify files through a path traversal technique, as demonstrated by reading the password file, or using the template parameter to cgi-bin/write.cgi to write to an arbitrary file.
CVE-2017-9024 1 Secure-bytes 1 Secure Cisco Auditor 2025-04-20 7.5 High
Secure Bytes Cisco Configuration Manager, as bundled in Secure Bytes Secure Cisco Auditor (SCA) 3.0, has a Directory Traversal issue in its TFTP Server, allowing attackers to read arbitrary files via ../ sequences in a pathname.
CVE-2017-16762 1 Sanic Project 1 Sanic 2025-04-20 N/A
Sanic before 0.5.1 allows reading arbitrary files with directory traversal, as demonstrated by the /static/..%2f substring.