Search Results (9563 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-9829 1 Vivotek 6 Network Camera Fd8164, Network Camera Fd8164 Firmware, Network Camera Fd816ba and 3 more 2025-04-20 N/A
'/cgi-bin/admin/downloadMedias.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable, which allows remote attackers to read any file on the camera's Linux filesystem via a crafted HTTP request containing ".." sequences. This vulnerability is already verified on VIVOTEK Network Camera IB8369/FD8164/FD816BA; most others have similar firmware that may be affected.
CVE-2016-3151 1 Barco 6 Clickshare Csc-1, Clickshare Csc-1 Firmware, Clickshare Cse-200 and 3 more 2025-04-20 N/A
Directory traversal vulnerability in the wallpaper parsing functionality in Barco ClickShare CSC-1 devices with firmware before 01.09.03, CSM-1 devices with firmware before 01.06.02, and CSE-200 devices with firmware before 01.03.02 allows remote attackers to read /etc/shadow via unspecified vectors.
CVE-2017-17058 1 Automattic 1 Woocommerce 2025-04-20 7.5 High
The WooCommerce plugin through 3.x for WordPress has a Directory Traversal Vulnerability via a /wp-content/plugins/woocommerce/templates/emails/plain/ URI, which accesses a parent directory. NOTE: a software maintainer indicates that Directory Traversal is not possible because all of the template files have "if (!defined('ABSPATH')) {exit;}" code
CVE-2017-5899 1 S-nail Project 1 S-nail 2025-04-20 N/A
Directory traversal vulnerability in the setuid root helper binary in S-nail (later S-mailx) before 14.8.16 allows local users to write to arbitrary files and consequently gain root privileges via a .. (dot dot) in the randstr argument.
CVE-2017-5966 1 Sitecore 1 Crm 2025-04-20 N/A
Sitecore CRM 8.1 Rev 151207 allows remote authenticated administrators to read arbitrary files via an absolute path traversal attack on sitecore/shell/download.aspx with the file parameter.
CVE-2017-6805 1 Mobatek 1 Mobaxterm 2025-04-20 N/A
Directory traversal vulnerability in the TFTP server in MobaXterm Personal Edition 9.4 allows remote attackers to read arbitrary files via a .. (dot dot) in a GET command.
CVE-2015-1395 3 Canonical, Fedoraproject, Gnu 3 Ubuntu Linux, Fedora, Patch 2025-04-20 N/A
Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. (dot dot) in a diff file name.
CVE-2017-6190 1 Dlink 3 Dwr-116, Dwr-116 Firmware, Dwr-116a1 2025-04-20 N/A
Directory traversal vulnerability in the web interface on the D-Link DWR-116 device with firmware before V1.05b09 allows remote attackers to read arbitrary files via a .. (dot dot) in a "GET /uir/" request.
CVE-2017-6306 2 Debian, Ytnef Project 2 Debian Linux, Ytnef 2025-04-20 N/A
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "9 of 9. Directory Traversal using the filename; SanitizeFilename function in settings.c."
CVE-2017-12694 1 Spidercontrol 1 Scada Web Server 2025-04-20 N/A
A Directory Traversal issue was discovered in SpiderControl SCADA Web Server. An attacker may be able to use a simple GET request to perform a directory traversal into system files.
CVE-2017-7240 1 Miele Professional 2 Pg 8528, Pst10 Webserver 2025-04-20 N/A
An issue was discovered on Miele Professional PST10 devices. The corresponding embedded webserver "PST10 WebServer" typically listens to port 80 and is prone to a directory traversal attack; therefore, an unauthenticated attacker may be able to exploit this issue to access sensitive information to aide in subsequent attacks. A Proof of Concept is GET /../../../../../../../../../../../../etc/shadow HTTP/1.1. This affects PG8527 devices 2.02 before 2.12, PG8527 devices 2.51 before 2.61, PG8527 devices 2.52 before 2.62, PG8527 devices 2.54 before 2.64, PG8528 devices 2.02 before 2.12, PG8528 devices 2.51 before 2.61, PG8528 devices 2.52 before 2.62, PG8528 devices 2.54 before 2.64, PG8535 devices 1.00 before 1.10, PG8535 devices 1.04 before 1.14, PG8536 devices 1.10 before 1.20, and PG8536 devices 1.14 before 1.24.
CVE-2017-7258 1 Auromeera 1 Emli 2025-04-20 N/A
HTTP Exploit in eMLi Portal in AuroMeera Technometrix Pvt. Ltd. eMLi allows an Attacker to View Restricted Information or (even more seriously) execute powerful commands on the web server which can lead to a full compromise of the system via Directory Path Traversal, as demonstrated by reading core-emli/Storage. The affected versions are eMLi School Management 1.0, eMLi College Campus Management 1.0, and eMLi University Management 1.0.
CVE-2017-7358 2 Canonical, Lightdm Project 2 Ubuntu Linux, Lightdm 2025-04-20 N/A
In LightDM through 1.22.0, a directory traversal issue in debian/guest-account.sh allows local attackers to own arbitrary directory path locations and escalate privileges to root when the guest user logs out.
CVE-2017-5143 1 Honeywell 1 Xl Web Ii Controller 2025-04-20 N/A
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. A user without authenticating can make a directory traversal attack by accessing a specific URL.
CVE-2017-5163 1 Belden Hirschmann 2 Gecko Lite Managed Switch, Gecko Lite Managed Switch Firmware 2025-04-20 N/A
An issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. After an administrator downloads a configuration file, a copy of the configuration file, which includes hashes of user passwords, is saved to a location that is accessible without authentication by path traversal.
CVE-2017-7565 1 Splunk 1 Hadoop Connect 2025-04-20 N/A
Splunk Hadoop Connect App has a path traversal vulnerability that allows remote authenticated users to execute arbitrary code, aka ERP-2041.
CVE-2017-8003 1 Emc 1 Data Protection Advisor 2025-04-20 N/A
EMC Data Protection Advisor prior to 6.4 contains a path traversal vulnerability. A remote authenticated high privileged user may potentially exploit this vulnerability to access unauthorized information from the underlying OS server by supplying specially crafted strings in input parameters of the application.
CVE-2017-8007 1 Dell 4 Emc M\&r, Emc Storage Monitoring And Reporting, Emc Vipr Srm and 1 more 2025-04-20 8.8 High
In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Webservice Gateway is affected by a directory traversal vulnerability. Attackers with knowledge of Webservice Gateway credentials could potentially exploit this vulnerability to access unauthorized information, and modify or delete data, by supplying specially crafted strings in input parameters of the web service call.
CVE-2017-8104 1 Mybb 1 Mybb 2025-04-20 N/A
In MyBB before 1.8.11, the smilie module allows Directory Traversal via the pathfolder parameter.
CVE-2017-8115 1 Modx 1 Modx Revolution 2025-04-20 N/A
Directory traversal in setup/processors/url_search.php (aka the search page of an unused processor) in MODX Revolution 2.5.7 might allow remote attackers to obtain system directory information.