Search Results (9634 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-10048 2 Imagemagick, Opensuse Project 2 Imagemagick, Leap 2025-04-20 N/A
Directory traversal vulnerability in magick/module.c in ImageMagick 6.9.4-7 allows remote attackers to load arbitrary modules via unspecified vectors.
CVE-2015-8235 1 Call-cc 1 Spiffy 2025-04-20 N/A
Directory traversal vulnerability in Spiffy before 5.4.
CVE-2013-7462 1 Mcafee 1 Saas Control Console Platform 2025-04-20 N/A
A directory traversal vulnerability in the web application in McAfee (now Intel Security) SaaS Control Console (SCC) Platform 6.14 before patch 1070, and 6.15 before patch 1076 allows unauthenticated users to view contents of arbitrary system files that did not have file system level read access restrictions via a null-byte injection exploit.
CVE-2017-16806 1 Ulterius 1 Ulterius Server 2025-04-20 N/A
The Process function in RemoteTaskServer/WebServer/HttpServer.cs in Ulterius before 1.9.5.0 allows HTTP server directory traversal.
CVE-2016-6517 1 Liferay 1 Liferay 2025-04-20 N/A
Directory traversal vulnerability in Liferay 5.1.0 allows remote attackers to have unspecified impact via a %2E%2E (encoded dot dot) in the minifierBundleDir parameter to barebone.jsp.
CVE-2017-8003 1 Emc 1 Data Protection Advisor 2025-04-20 N/A
EMC Data Protection Advisor prior to 6.4 contains a path traversal vulnerability. A remote authenticated high privileged user may potentially exploit this vulnerability to access unauthorized information from the underlying OS server by supplying specially crafted strings in input parameters of the application.
CVE-2016-9357 1 Eaton 10 Eamaxx Series Epdu, Eamaxx Series Epdu Firmware, Eamxxx Series Epdu and 7 more 2025-04-20 N/A
An issue was discovered in certain legacy Eaton ePDUs -- the affected products are past end-of-life (EoL) and no longer supported: EAMxxx prior to June 30, 2015, EMAxxx prior to January 31, 2014, EAMAxx prior to January 31, 2014, EMAAxx prior to January 31, 2014, and ESWAxx prior to January 31, 2014. An unauthenticated attacker may be able to access configuration files with a specially crafted URL (Path Traversal).
CVE-2017-6681 1 Cisco 1 Ultra Services Framework 2025-04-20 N/A
A vulnerability in the AutoVNF VNFStagingView class of Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to execute a relative path traversal attack, enabling an attacker to read sensitive files on the system. More Information: CSCvc76662. Known Affected Releases: 21.0.0.
CVE-2015-0269 1 Contao 1 Contao Cms 2025-04-20 N/A
Directory traversal vulnerability in Contao before 3.2.19, and 3.4.x before 3.4.4 allows remote authenticated "back end" users to view files outside their file mounts or the document root via unspecified vectors.
CVE-2017-8033 1 Cloudfoundry 2 Capi-release, Cf-release 2025-04-20 7.8 High
An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions prior to v1.35.0 and cf-release versions prior to v268. A filesystem traversal vulnerability exists in the Cloud Controller that allows a space developer to escalate privileges by pushing a specially crafted application that can write arbitrary files to the Cloud Controller VM.
CVE-2017-5946 2 Debian, Rubyzip Project 2 Debian Linux, Rubyzip 2025-04-20 9.8 Critical
The Zip::File component in the rubyzip gem before 1.2.1 for Ruby has a directory traversal vulnerability. If a site allows uploading of .zip files, an attacker can upload a malicious file that uses "../" pathname substrings to write arbitrary files to the filesystem.
CVE-2017-7675 1 Apache 1 Tomcat 2025-04-20 N/A
The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M21 and 8.5.0 to 8.5.15 bypassed a number of security checks that prevented directory traversal attacks. It was therefore possible to bypass security constraints using a specially crafted URL.
CVE-2014-3702 1 Redhat 1 Edeploy 2025-04-20 N/A
Directory traversal vulnerability in eNovance eDeploy allows remote attackers to create arbitrary directories and files and consequently cause a denial of service (resource consumption) via a .. (dot dot) the session parameter.
CVE-2017-11389 1 Trendmicro 1 Control Manager 2025-04-20 N/A
Directory traversal vulnerability in Trend Micro Control Manager 6.0 allows remote code execution by attackers able to drop arbitrary files in a web-facing directory. Formerly ZDI-CAN-4684.
CVE-2015-5473 1 Samsung 1 Syncthru 6 2025-04-20 N/A
Multiple directory traversal vulnerabilities in Samsung SyncThru 6 before 1.0 allow remote attackers to delete arbitrary files via unspecified parameters to (1) upload/updateDriver or (2) upload/addDriver or to execute arbitrary code with SYSTEM privileges via unspecified parameters to (3) uploadCloning.html, (4) fileupload.html, (5) uploadFirmware.html, or (6) upload/driver.
CVE-2017-1000170 1 Jqueryfiletree Project 1 Jqueryfiletree 2025-04-20 7.5 High
jqueryFileTree 2.1.5 and older Directory Traversal
CVE-2014-5301 1 Manageengine 4 Assetexplorer, It360, Servicedesk Plus and 1 more 2025-04-20 N/A
Directory traversal vulnerability in ServiceDesk Plus MSP v5 to v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 to v7.9; IT360 v8 to v10.4.
CVE-2016-9364 1 Fidelex 4 Fx-2030a-basic Controller, Fx-2030a-basic Firmware, Fx-2030a Controller and 1 more 2025-04-20 N/A
An issue was discovered in Fidelix FX-20 series controllers, versions prior to 11.50.19. Arbitrary file reading via path traversal allows an attacker to access arbitrary files and directories on the server.
CVE-2016-8593 1 Trendmicro 1 Threat Discovery Appliance 2025-04-20 N/A
Directory traversal vulnerability in upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via a .. (dot dot) in the dID parameter.
CVE-2016-9339 1 Macgregor 2 Interschalt Vdr G4e, Interschalt Vdr G4e Firmware 2025-04-20 5.3 Medium
An issue was discovered in INTERSCHALT Maritime Systems VDR G4e Versions 5.220 and prior. External input is used to construct paths to files and directories without properly neutralizing special elements within the pathname that could allow an attacker to read files on the system, a Path Traversal.