Search Results (9565 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-6306 2 Debian, Ytnef Project 2 Debian Linux, Ytnef 2025-04-20 N/A
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "9 of 9. Directory Traversal using the filename; SanitizeFilename function in settings.c."
CVE-2016-9351 1 Advantech 1 Susiaccess 2025-04-20 N/A
An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. The directory traversal/file upload error allows an attacker to upload and unpack a zip file.
CVE-2015-8235 1 Call-cc 1 Spiffy 2025-04-20 N/A
Directory traversal vulnerability in Spiffy before 5.4.
CVE-2015-4085 1 Etherpad 1 Etherpad 2025-04-20 N/A
Directory traversal vulnerability in node/hooks/express/tests.js in Etherpad frontend tests before 1.6.1.
CVE-2014-8704 1 Wondercms 1 Wondercms 2025-04-20 N/A
Directory traversal vulnerability in index.php in Wonder CMS 2014 allows remote attackers to include and execute arbitrary local files via a crafted theme.
CVE-2016-7826 1 Buffalotech 2 Wnc01wh, Wnc01wh Firmware 2025-04-20 N/A
Directory traversal vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to read arbitrary files via specially crafted POST requests.
CVE-2015-4181 1 Phpmybackuppro 1 Phpmybackuppro 2025-04-20 N/A
Directory traversal vulnerability in get_file.php in phpMyBackupPro 2.1 through 2.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this vulnerability exists due to an incomplete fix to CVE-2015-4180.
CVE-2016-10184 1 Dlink 2 Dwr-932b, Dwr-932b Firmware 2025-04-20 7.5 High
An issue was discovered on the D-Link DWR-932B router. qmiweb allows file reading with ..%2f traversal.
CVE-2017-7565 1 Splunk 1 Hadoop Connect 2025-04-20 N/A
Splunk Hadoop Connect App has a path traversal vulnerability that allows remote authenticated users to execute arbitrary code, aka ERP-2041.
CVE-2016-7569 1 Docker2aci Project 1 Docker2aci 2025-04-20 N/A
Directory traversal vulnerability in docker2aci before 0.13.0 allows remote attackers to write to arbitrary files via a .. (dot dot) in the embedded layer data in an image.
CVE-2015-1395 3 Canonical, Fedoraproject, Gnu 3 Ubuntu Linux, Fedora, Patch 2025-04-20 N/A
Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. (dot dot) in a diff file name.
CVE-2017-6758 1 Cisco 1 Unified Communications Manager 2025-04-20 N/A
A vulnerability in the web framework of Cisco Unified Communications Manager 11.5(1.10000.6) could allow an authenticated, remote attacker to access arbitrary files in the context of the web root directory structure on an affected device. The vulnerability is due to insufficient input validation by the affected software. An attacker could exploit this vulnerability by using directory traversal techniques to read files in the web root directory structure on the Cisco Unified Communications Manager filesystem. Cisco Bug IDs: CSCve13796.
CVE-2016-7843 1 Hibara Software 3 Attachecase For Java, Attachecase Lite, Attachecase Pro 2025-04-20 N/A
Directory traversal vulnerability in AttacheCase for Java 0.60 and earlier, AttacheCase Lite 1.4.6 and earlier, and AttacheCase Pro 1.5.7 and earlier allows remote attackers to read arbitrary files via specially crafted ATC file.
CVE-2017-5168 1 Hanwha-security 1 Smart Security Manager 2025-04-20 7.5 High
An issue was discovered in Hanwha Techwin Smart Security Manager Versions 1.5 and prior. Multiple Path Traversal vulnerabilities have been identified. The flaws exist within the ActiveMQ Broker service that is installed as part of the product. By issuing specific HTTP requests, if a user visits a malicious page, an attacker can gain access to arbitrary files on the server. Smart Security Manager Versions 1.4 and prior to 1.31 are affected by these vulnerabilities. These vulnerabilities can allow for remote code execution.
CVE-2016-6517 1 Liferay 1 Liferay 2025-04-20 N/A
Directory traversal vulnerability in Liferay 5.1.0 allows remote attackers to have unspecified impact via a %2E%2E (encoded dot dot) in the minifierBundleDir parameter to barebone.jsp.
CVE-2017-8104 1 Mybb 1 Mybb 2025-04-20 N/A
In MyBB before 1.8.11, the smilie module allows Directory Traversal via the pathfolder parameter.
CVE-2017-8921 1 Flightgear 1 Flightgear 2025-04-20 N/A
In FlightGear before 2017.2.1, the FGCommand interface allows overwriting any file the user has write access to, but not with arbitrary data: only with the contents of a FlightGear flightplan (XML). A resource such as a malicious third-party aircraft could exploit this to damage files belonging to the user. Both this issue and CVE-2016-9956 are directory traversal vulnerabilities in Autopilot/route_mgr.cxx - this one exists because of an incomplete fix for CVE-2016-9956.
CVE-2016-10400 1 Atutor 1 Atutor 2025-04-20 N/A
Directory Traversal exists in ATutor before 2.2.2 via the icon parameter to /mods/_core/courses/users/create_course.php. The attacker can read an arbitrary file by visiting get_course_icon.php?id= after the traversal attack.
CVE-2011-5325 3 Busybox, Canonical, Debian 3 Busybox, Ubuntu Linux, Debian Linux 2025-04-20 7.5 High
Directory traversal vulnerability in the BusyBox implementation of tar before 1.22.0 v5 allows remote attackers to point to files outside the current working directory via a symlink.
CVE-2016-7802 1 Cybozu 1 Garoon 2025-04-20 N/A
Directory traversal vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to read arbitrary files via unspecified vectors.