Search Results (9561 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-12074 1 Synology 1 Dns Server 2025-04-20 N/A
Directory traversal vulnerability in the SYNO.DNSServer.Zone.MasterZoneConf in Synology DNS Server before 2.2.1-3042 allows remote authenticated attackers to write arbitrary files via the domain_name parameter.
CVE-2017-0901 4 Canonical, Debian, Redhat and 1 more 11 Ubuntu Linux, Debian Linux, Enterprise Linux and 8 more 2025-04-20 N/A
RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem.
CVE-2017-10841 1 Webcalendar Project 1 Webcalendar 2025-04-20 N/A
Directory traversal vulnerability in WebCalendar 1.2.7 and earlier allows authenticated attackers to read arbitrary files via unspecified vectors.
CVE-2017-1000026 1 Progress 1 Mixlib-archive 2025-04-20 7.5 High
Chef Software's mixlib-archive versions 0.3.0 and older are vulnerable to a directory traversal attack allowing attackers to overwrite arbitrary files by using ".." in tar archive entries
CVE-2017-10907 1 Spiqe 1 Onethird Cms Show Off 2025-04-20 N/A
Directory traversal vulnerability in OneThird CMS Show Off v1.85 and earlier. Show Off v1.85 en and earlier allows an attacker to read arbitrary files via unspecified vectors.
CVE-2017-10949 1 Dell 1 Storage Manager 2016 2025-04-20 N/A
Directory Traversal in Dell Storage Manager 2016 R2.1 causes Information Disclosure when the doGet method of the EmWebsiteServlet class doesn't properly validate user provided path before using it in file operations. Was ZDI-CAN-4459.
CVE-2017-11162 1 Synology 1 Photo Station 2025-04-20 N/A
Directory traversal vulnerability in synphotoio in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticated users to read arbitrary files via unspecified vectors.
CVE-2017-1548 1 Ibm 1 Sterling File Gateway 2025-04-20 N/A
IBM Sterling File Gateway 2.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 131288.
CVE-2017-15527 1 Symantec 1 Management Console 2025-04-20 N/A
Prior to ITMS 8.1 RU4, the Symantec Management Console can be susceptible to a directory traversal exploit, which is a type of attack that can occur when there is insufficient security validation / sanitization of user-supplied input file names, such that characters representing "traverse to parent directory" are passed through to the file APIs.
CVE-2017-11630 1 Fiyo 1 Fiyo Cms 2025-04-20 N/A
dapur\apps\app_config\controller\backuper.php in Fiyo CMS 2.0.7 allows remote attackers to delete arbitrary files via directory traversal sequences in the file parameter in a type=database request, a different vulnerability than CVE-2017-8853.
CVE-2017-15647 1 Fiberhome 1 Routerfiberhome Firmware 2025-04-20 N/A
On FiberHome routers, Directory Traversal exists in /cgi-bin/webproc via the getpage parameter in conjunction with a crafted var:page value.
CVE-2017-15893 1 Synology 1 File Station 2025-04-20 N/A
Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology File Station before 1.1.1-0099 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter.
CVE-2017-17992 1 Iwcnetwork 1 Biometric Shift Employee Management System 2025-04-20 N/A
Biometric Shift Employee Management System allows Arbitrary File Download via directory traversal sequences in the index.php form_file_name parameter in a download_form action.
CVE-2017-2098 1 Cubecart 1 Cubecart 2025-04-20 N/A
Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors.
CVE-2017-13985 1 Hp 1 Bsm Platform Application Performance Management System Health 2025-04-20 N/A
An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to traverse directory leading to disclosure of information.
CVE-2017-1087 1 Freebsd 1 Freebsd 2025-04-20 N/A
In FreeBSD 10.x before 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24 named paths are globally scoped, meaning a process located in one jail can read and modify the content of POSIX shared memory objects created by a process in another jail or the host system. As a result, a malicious user that has access to a jailed system is able to abuse shared memory by injecting malicious content in the shared memory region. This memory region might be executed by applications trusting the shared memory, like Squid. This issue could lead to a Denial of Service or local privilege escalation.
CVE-2017-2163 1 N-i-agroinformatics 1 Soy Cms 2025-04-20 N/A
Directory traversal vulnerability in SOY CMS Ver.1.8.1 to Ver.1.8.12 allows authenticated attackers to read arbitrary files via shop_id.
CVE-2017-11152 1 Synology 1 Photo Station 2025-04-20 N/A
Directory traversal vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to write arbitrary files via the path parameter.
CVE-2017-14849 1 Nodejs 1 Node.js 2025-04-20 N/A
Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was incompatible with the pathname validation used by unspecified community modules.
CVE-2017-11456 1 Geneko 8 Gwr202 Gprs Router, Gwr202 Gprs Router Firmware, Gwr252 Edge Router and 5 more 2025-04-20 N/A
Geneko GWR routers allow directory traversal sequences starting with a /../ substring, as demonstrated by unauthenticated read access to the configuration file.