Export limit exceeded: 364646 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 364646 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (9628 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-15527 1 Symantec 1 Management Console 2025-04-20 N/A
Prior to ITMS 8.1 RU4, the Symantec Management Console can be susceptible to a directory traversal exploit, which is a type of attack that can occur when there is insufficient security validation / sanitization of user-supplied input file names, such that characters representing "traverse to parent directory" are passed through to the file APIs.
CVE-2017-15532 1 Symantec 1 Messaging Gateway 2025-04-20 N/A
Prior to 10.6.4, Symantec Messaging Gateway may be susceptible to a path traversal attack (also known as directory traversal). These types of attacks aim to access files and directories that are stored outside the web root folder. By manipulating variables, it may be possible to access arbitrary files and directories stored on the file system including application source code or configuration and critical system files.
CVE-2017-15607 1 Inedo 1 Otter 2025-04-20 N/A
Inedo Otter before 1.7.4 has directory traversal in filesystem-based rafts via vectors involving '/' characters or initial '.' characters, aka OT-181.
CVE-2017-15647 1 Fiberhome 1 Routerfiberhome Firmware 2025-04-20 N/A
On FiberHome routers, Directory Traversal exists in /cgi-bin/webproc via the getpage parameter in conjunction with a crafted var:page value.
CVE-2017-15805 1 Cisco 4 Small Business Sa520, Small Business Sa520 Firmware, Small Business Sa540 and 1 more 2025-04-20 N/A
Cisco Small Business SA520 and SA540 devices with firmware 2.1.71 and 2.2.0.7 allow ../ directory traversal in scgi-bin/platform.cgi via the thispage parameter, for reading arbitrary files.
CVE-2017-15893 1 Synology 1 File Station 2025-04-20 N/A
Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology File Station before 1.1.1-0099 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter.
CVE-2017-15894 1 Synology 1 Diskstation Manager 2025-04-20 N/A
Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology DiskStation Manager (DSM) 6.0.x before 6.0.3-8754-3 and before 5.2-5967-6 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter.
CVE-2016-4313 1 Extplorer 1 Extplorer 2025-04-20 N/A
Directory traversal vulnerability in unzip/extract feature in eXtplorer 2.1.9 allows remote attackers to execute arbitrary files via a .. (dot dot) in an archive file.
CVE-2016-4320 1 Atlassian 1 Bitbucket 2025-04-20 N/A
Atlassian Bitbucket Server before 4.7.1 allows remote attackers to read the first line of an arbitrary file via a directory traversal attack on the pull requests resource.
CVE-2017-16762 1 Sanic Project 1 Sanic 2025-04-20 N/A
Sanic before 0.5.1 allows reading arbitrary files with directory traversal, as demonstrated by the /static/..%2f substring.
CVE-2016-6896 1 Wordpress 1 Wordpress 2025-04-20 N/A
Directory traversal vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress 4.5.3 allows remote authenticated users to cause a denial of service or read certain text files via a .. (dot dot) in the plugin parameter to wp-admin/admin-ajax.php, as demonstrated by /dev/random read operations that deplete the entropy pool.
CVE-2017-16788 1 Meinbergglobal 2 Lantime, Lantime Firmware 2025-04-20 N/A
Directory traversal vulnerability in the "Upload Groupkey" functionality in the Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with Admin-User access to write to arbitrary files and consequently gain root privileges by uploading a file, as demonstrated by storing a file in the cron.d directory.
CVE-2017-9416 1 Odoo 1 Odoo 2025-04-20 N/A
Directory traversal vulnerability in tools.file_open in Odoo 8.0, 9.0, and 10.0 allows remote authenticated users to read arbitrary local files readable by the Odoo service.
CVE-2017-9428 2 Bigtreecms, Microsoft 2 Bigtree Cms, Windows 2025-04-20 N/A
A directory traversal vulnerability exists in core\admin\ajax\developer\extensions\file-browser.php in BigTree CMS through 4.2.18 on Windows, allowing attackers to read arbitrary files via ..\ sequences in the directory parameter.
CVE-2017-10834 1 Nippon-antenna 2 Scr02hd, Scr02hd Firmware 2025-04-20 N/A
Directory traversal vulnerability in "Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier allows authenticated attackers to read arbitrary files via unspecified vectors.
CVE-2017-10841 1 Webcalendar Project 1 Webcalendar 2025-04-20 N/A
Directory traversal vulnerability in WebCalendar 1.2.7 and earlier allows authenticated attackers to read arbitrary files via unspecified vectors.
CVE-2017-10861 1 Qualitysoft 1 Qnd Advance\/standard 2025-04-20 N/A
Directory traversal vulnerability in QND Advance/Standard allows an attacker to read arbitrary files via a specially crafted command.
CVE-2017-10907 1 Spiqe 1 Onethird Cms Show Off 2025-04-20 N/A
Directory traversal vulnerability in OneThird CMS Show Off v1.85 and earlier. Show Off v1.85 en and earlier allows an attacker to read arbitrary files via unspecified vectors.
CVE-2017-10933 1 Zte 2 Zxdt22 Sf01, Zxdt22 Sf01 Firmware 2025-04-20 N/A
All versions prior to V2.06.00.00 of ZTE ZXDT22 SF01, an monitoring system of ZTE energy product, are impacted by directory traversal vulnerability that allows remote attackers to read arbitrary files on the system via a full path name after host address.
CVE-2017-10949 1 Dell 1 Storage Manager 2016 2025-04-20 N/A
Directory Traversal in Dell Storage Manager 2016 R2.1 causes Information Disclosure when the doGet method of the EmWebsiteServlet class doesn't properly validate user provided path before using it in file operations. Was ZDI-CAN-4459.