Search Results (9565 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-5946 2 Debian, Rubyzip Project 2 Debian Linux, Rubyzip 2025-04-20 9.8 Critical
The Zip::File component in the rubyzip gem before 1.2.1 for Ruby has a directory traversal vulnerability. If a site allows uploading of .zip files, an attacker can upload a malicious file that uses "../" pathname substrings to write arbitrary files to the filesystem.
CVE-2017-5899 1 S-nail Project 1 S-nail 2025-04-20 N/A
Directory traversal vulnerability in the setuid root helper binary in S-nail (later S-mailx) before 14.8.16 allows local users to write to arbitrary files and consequently gain root privileges via a .. (dot dot) in the randstr argument.
CVE-2017-12586 1 Slims 1 Akasia 2025-04-20 N/A
SLiMS 8 Akasia through 8.3.1 has an arbitrary file reading issue because of directory traversal in the url parameter to admin/help.php. It can be exploited by remote authenticated librarian users.
CVE-2015-3297 1 Etherpad 1 Etherpad 2025-04-20 N/A
Directory traversal vulnerability in node/utils/Minify.js in Etherpad 1.1.1 through 1.5.2 allows remote attackers to read arbitrary files by leveraging replacement of backslashes with slashes in the path parameter of HTTP API requests.
CVE-2017-17927 1 Ordermanagementscript 1 Professional Service Script 2025-04-20 N/A
PHP Scripts Mall Professional Service Script allows remote attackers to obtain sensitive full-path information via a crafted PATH_INFO to service-list/category/.
CVE-2014-5302 1 Manageengine 4 Assetexplorer, It360, Servicedesk Plus and 1 more 2025-04-20 N/A
Directory traversal vulnerability in ServiceDesk Plus and Plus MSP v5 through v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 to v7.9; IT360 v8 to v10.4 allows remote authenticated users to execute arbitrary code.
CVE-2017-17924 1 Ordermanagementscript 1 Professional Service Script 2025-04-20 N/A
PHP Scripts Mall Professional Service Script allows remote attackers to obtain sensitive full-path information via the id parameter to admin/review_userwise.php.
CVE-2016-9339 1 Macgregor 2 Interschalt Vdr G4e, Interschalt Vdr G4e Firmware 2025-04-20 5.3 Medium
An issue was discovered in INTERSCHALT Maritime Systems VDR G4e Versions 5.220 and prior. External input is used to construct paths to files and directories without properly neutralizing special elements within the pathname that could allow an attacker to read files on the system, a Path Traversal.
CVE-2017-11152 1 Synology 1 Photo Station 2025-04-20 N/A
Directory traversal vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to write arbitrary files via the path parameter.
CVE-2016-9164 1 Ca 1 Unified Infrastructure Management 2025-04-20 N/A
Directory traversal vulnerability in diag.jsp file in CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) 8.4 SP1 and earlier and CA Unified Infrastructure Management Snap (formerly CA Nimsoft Monitor Snap) allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2017-16877 1 Zeit 1 Next.js 2025-04-20 N/A
ZEIT Next.js before 2.4.1 has directory traversal under the /_next and /static request namespace, allowing attackers to obtain sensitive information.
CVE-2015-2856 1 Accellion 1 File Transfer Appliance 2025-04-20 N/A
Directory traversal vulnerability in the template function in function.inc in Accellion File Transfer Appliance devices before FTA_9_11_210 allows remote attackers to read arbitrary files via a .. (dot dot) in the statecode cookie.
CVE-2017-17671 2 Microsoft, Vbulletin 2 Windows, Vbulletin 2025-04-20 9.8 Critical
vBulletin through 5.3.x on Windows allows remote PHP code execution because a require_once call is reachable with an unauthenticated request that can include directory traversal sequences to specify an arbitrary pathname, and because ../ traversal is blocked but ..\ traversal is not blocked. For example, an attacker can make an invalid HTTP request containing PHP code, and then make an index.php?routestring= request with enough instances of ".." to reach an Apache HTTP Server log file.
CVE-2017-15309 1 Huawei 1 Ireader 2025-04-20 N/A
Huawei iReader app before 8.0.2.301 has a path traversal vulnerability due to insufficient validation on file storage paths. An attacker can exploit this vulnerability to store downloaded malicious files in an arbitrary directory.
CVE-2017-17739 1 Brightsign 2 4k242, 4k242 Firmware 2025-04-20 N/A
The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) has directory traversal via the /storage.html rp parameter, allowing an attacker to read or write to files.
CVE-2017-2258 1 Cybozu 1 Garoon 2025-04-20 N/A
Directory traversal vulnerability in Cybozu Garoon 4.2.4 to 4.2.5 allows an attacker to read arbitrary files via Garoon SOAP API "WorkflowHandleApplications".
CVE-2016-9364 1 Fidelex 4 Fx-2030a-basic Controller, Fx-2030a-basic Firmware, Fx-2030a Controller and 1 more 2025-04-20 N/A
An issue was discovered in Fidelix FX-20 series controllers, versions prior to 11.50.19. Arbitrary file reading via path traversal allows an attacker to access arbitrary files and directories on the server.
CVE-2017-12285 1 Cisco 1 Prime Network Analysis Module 2025-04-20 N/A
A vulnerability in the web interface of Cisco Network Analysis Module Software could allow an unauthenticated, remote attacker to delete arbitrary files from an affected system, aka Directory Traversal. The vulnerability exists because the affected software does not perform proper input validation of HTTP requests that it receives and the software does not apply role-based access controls (RBACs) to requested HTTP URLs. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow the attacker to delete arbitrary files from the affected system. Cisco Bug IDs: CSCvf41365.
CVE-2017-6629 1 Cisco 1 Unity Connection 2025-04-20 N/A
A vulnerability in the ImageID parameter of Cisco Unity Connection 10.5(2) could allow an unauthenticated, remote attacker to access files in arbitrary locations on the filesystem of an affected device. The issue is due to improper sanitization of user-supplied input in HTTP POST parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location. Cisco Bug IDs: CSCvd90118.
CVE-2017-8868 1 Flatcore 1 Flatcore-cms 2025-04-20 N/A
acp/core/files.browser.php in flatCore 1.4.7 allows file deletion via directory traversal in the delete parameter to acp/acp.php. The risk might be limited to requests submitted through CSRF.