Total
7155 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-14537 | 1 Netfortris | 1 Trixbox | 2024-11-21 | 6.5 Medium |
| trixbox 2.8.0.4 has path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter to /maint/modules/home/index.php. | ||||
| CVE-2017-14384 | 1 Dell | 1 Storage Manager | 2024-11-21 | N/A |
| In Dell Storage Manager versions earlier than 16.3.20, the EMConfigMigration service is affected by a directory traversal vulnerability. A remote malicious user could potentially exploit this vulnerability to read unauthorized files by supplying specially crafted strings in input parameters of the application. A malicious user cannot delete or modify any files via this vulnerability. | ||||
| CVE-2017-12815 | 1 Bomgar | 1 Remote Support | 2024-11-21 | N/A |
| Analysis of the Bomgar Remote Support Portal JavaStart.jar Applet 52790 and earlier revealed that it is vulnerable to a path traversal vulnerability. The archive can be downloaded from a given Bomgar Remote Support Portal deployment at https://domain/api/content/JavaStart.jar and is callable from an arbitrary website using <object> and/or <appletHTML> tags. Successful exploitation results in file creation/modification/deletion in the operating system and with privileges of the user that ran the Java applet. | ||||
| CVE-2017-12560 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | N/A |
| A Remote Denial of Service vulnerability in HPE Intelligent Management Center (iMC) PLAT version iMC Plat 7.3 E0504P2 was found. | ||||
| CVE-2017-12559 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | N/A |
| A Remote Denial of Service vulnerability in HPE Intelligent Management Center (iMC) PLAT version iMC Plat 7.3 E0504P2 was found. | ||||
| CVE-2017-10273 | 1 Oracle | 1 Jdeveloper | 2024-11-21 | N/A |
| Vulnerability in the Oracle JDeveloper component of Oracle Fusion Middleware (subcomponent: Deployment). Supported versions that are affected are 11.1.1.7.0, 11.1.1.7.1, 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0 and 12.2.1.2.0. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle JDeveloper executes to compromise Oracle JDeveloper. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle JDeveloper, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle JDeveloper accessible data as well as unauthorized read access to a subset of Oracle JDeveloper accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle JDeveloper. CVSS 3.0 Base Score 4.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L). | ||||
| CVE-2017-1000501 | 2 Awstats, Debian | 2 Awstats, Debian Linux | 2024-11-21 | N/A |
| Awstats version 7.6 and earlier is vulnerable to a path traversal flaw in the handling of the "config" and "migrate" parameters resulting in unauthenticated remote code execution. | ||||
| CVE-2017-1000490 | 2 Acquia, Mautic | 2 Mautic, Mautic | 2024-11-21 | N/A |
| Mautic versions 1.0.0 - 2.11.0 are vulnerable to allowing any authorized Mautic user session (must be logged into Mautic) to use the Filemanager to download any file from the server that the web user has access to. | ||||
| CVE-2017-1000472 | 2 Debian, Pocoproject | 2 Debian Linux, Poco | 2024-11-21 | N/A |
| The ZipCommon::isValidPath() function in Zip/src/ZipCommon.cpp in POCO C++ Libraries before 1.8 does not properly restrict the filename value in the ZIP header, which allows attackers to conduct absolute path traversal attacks during the ZIP decompression, and possibly create or overwrite arbitrary files, via a crafted ZIP file, related to a "file path injection vulnerability". | ||||
| CVE-2017-1000448 | 1 Structured-data | 1 Structured Data Linter | 2024-11-21 | N/A |
| Structured Data Linter versions 2.4.1 and older are vulnerable to a directory traversal attack in the URL input field resulting in the possibility of disclosing information about the remote host. | ||||
| CVE-2017-0930 | 1 Augustine Project | 1 Augustine | 2024-11-21 | N/A |
| augustine node module suffers from a Path Traversal vulnerability due to lack of validation of url, which allows a malicious user to read content of any file with known path. | ||||
| CVE-2017-0918 | 2 Debian, Gitlab | 2 Debian Linux, Gitlab | 2024-11-21 | N/A |
| Gitlab Community Edition version 10.3 is vulnerable to a path traversal issue in the GitLab CI runner component resulting in remote code execution. | ||||
| CVE-2016-9484 | 1 Jqueryform | 1 Php Formmail Generator | 2024-11-21 | N/A |
| The generated PHP form code does not properly validate user input folder directories, allowing a remote unauthenticated attacker to perform a path traversal and access arbitrary files on the server. The PHP FormMail Generator website does not use version numbers and is updated continuously. Any PHP form code generated by this website prior to 2016-12-06 may be vulnerable. | ||||
| CVE-2016-7063 | 1 Pritunl | 1 Pritunl-client | 2024-11-21 | 9.8 Critical |
| A flaw was found in pritunl-client before version 1.0.1116.6. Arbitrary write to user specified path may lead to privilege escalation. | ||||
| CVE-2016-7041 | 1 Redhat | 4 Jboss Bpms, Jboss Brms, Jboss Drools and 1 more | 2024-11-21 | N/A |
| Drools Workbench contains a path traversal vulnerability. The vulnerability allows a remote, authenticated attacker to bypass the directory restrictions and retrieve arbitrary files from the affected host. | ||||
| CVE-2016-15038 | 2024-11-21 | 6.5 Medium | ||
| A vulnerability, which was classified as critical, was found in NUUO NVRmini 2 up to 3.0.8. Affected is an unknown function of the file /deletefile.php. The manipulation of the argument filename leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258780. | ||||
| CVE-2016-15023 | 1 Sitefusion | 1 Application Server | 2024-11-21 | 3.5 Low |
| A vulnerability, which was classified as problematic, was found in SiteFusion Application Server up to 6.6.6. This affects an unknown part of the file getextension.php of the component Extension Handler. The manipulation leads to path traversal. Upgrading to version 6.6.7 is able to address this issue. The identifier of the patch is 49fff155c303d6cd06ce8f97bba56c9084bf08ac. It is recommended to upgrade the affected component. The identifier VDB-219765 was assigned to this vulnerability. | ||||
| CVE-2016-15017 | 1 Ecodev | 1 Media Upload | 2024-11-21 | 5.5 Medium |
| A vulnerability has been found in fabarea media_upload on TYPO3 and classified as critical. This vulnerability affects the function getUploadedFileList of the file Classes/Service/UploadFileService.php. The manipulation leads to pathname traversal. Upgrading to version 0.9.0 is able to address this issue. The patch is identified as b25d42a4981072321c1a363311d8ea2a4ac8763a. It is recommended to upgrade the affected component. VDB-217786 is the identifier assigned to this vulnerability. | ||||
| CVE-2016-10977 | 1 Neliosoftware | 1 Nelio Ab Testing | 2024-11-21 | 6.5 Medium |
| The nelio-ab-testing plugin before 4.5.0 for WordPress has filename=..%2f directory traversal. | ||||
| CVE-2016-10966 | 1 Creativeinteractivemedia | 1 Real3d Flipbook | 2024-11-21 | 7.5 High |
| The real3d-flipbook-lite plugin 1.0 for WordPress has bookName=../ directory traversal for file upload. | ||||