Export limit exceeded: 357829 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (9360 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-1000002 | 1 Atutor | 1 Atutor | 2025-04-20 | N/A |
| ATutor versions 2.2.1 and earlier are vulnerable to a directory traversal and file extension check bypass in the Course component resulting in code execution. ATutor versions 2.2.1 and earlier are vulnerable to a directory traversal vulnerability in the Course Icon component resulting in information disclosure. | ||||
| CVE-2015-5248 | 1 Redhat | 1 Feedhenry Enterprise Mobile Application Platform | 2025-04-20 | N/A |
| Reflected file download vulnerability in Red Hat Feedhenry Enterprise Mobile Application Platform. | ||||
| CVE-2017-7675 | 1 Apache | 1 Tomcat | 2025-04-20 | N/A |
| The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M21 and 8.5.0 to 8.5.15 bypassed a number of security checks that prevented directory traversal attacks. It was therefore possible to bypass security constraints using a specially crafted URL. | ||||
| CVE-2015-7669 | 1 Easy2map | 1 Easy2map | 2025-04-20 | N/A |
| Multiple directory traversal vulnerabilities in (1) includes/MapImportCSV2.php and (2) includes/MapImportCSV.php in the Easy2Map plugin before 1.3.0 for WordPress allow remote attackers to include and execute arbitrary files via the csvfile parameter related to "upload file functionality." | ||||
| CVE-2015-7780 | 1 Zohocorp | 1 Manageengine Firewall Analyzer | 2025-04-20 | N/A |
| Directory traversal vulnerability in ManageEngine Firewall Analyzer before 8.0. | ||||
| CVE-2017-13996 | 1 Loytec | 2 Lvis-3me, Lvis-3me Firmware | 2025-04-20 | N/A |
| A Relative Path Traversal issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The web user interface fails to prevent access to critical files that non administrative users should not have access to, which could allow an attacker to create or modify files or execute arbitrary code. | ||||
| CVE-2017-6805 | 1 Mobatek | 1 Mobaxterm | 2025-04-20 | N/A |
| Directory traversal vulnerability in the TFTP server in MobaXterm Personal Edition 9.4 allows remote attackers to read arbitrary files via a .. (dot dot) in a GET command. | ||||
| CVE-2017-15805 | 1 Cisco | 4 Small Business Sa520, Small Business Sa520 Firmware, Small Business Sa540 and 1 more | 2025-04-20 | N/A |
| Cisco Small Business SA520 and SA540 devices with firmware 2.1.71 and 2.2.0.7 allow ../ directory traversal in scgi-bin/platform.cgi via the thispage parameter, for reading arbitrary files. | ||||
| CVE-2017-1577 | 1 Ibm | 1 Websphere Portal | 2025-04-20 | N/A |
| IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 132117. | ||||
| CVE-2014-9983 | 1 Rarlab | 1 Rar | 2025-04-20 | N/A |
| Directory Traversal exists in RAR 4.x and 5.x because an unpack operation follows any symlinks, including symlinks contained in the archive. This allows remote attackers to write to arbitrary files via a crafted archive. | ||||
| CVE-2014-0115 | 1 Apache | 1 Storm | 2025-04-20 | N/A |
| Directory traversal vulnerability in the log viewer in Apache Storm 0.9.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to log. | ||||
| CVE-2017-15647 | 1 Fiberhome | 1 Routerfiberhome Firmware | 2025-04-20 | N/A |
| On FiberHome routers, Directory Traversal exists in /cgi-bin/webproc via the getpage parameter in conjunction with a crafted var:page value. | ||||
| CVE-2015-1834 | 2 Cloudfoundry, Pivotal Software | 2 Cf-release, Cloud Foundry Elastic Runtime | 2025-04-20 | 6.5 Medium |
| A path traversal vulnerability was identified in the Cloud Foundry component Cloud Controller that affects cf-release versions prior to v208 and Pivotal Cloud Foundry Elastic Runtime versions prior to 1.4.2. Path traversal is the 'outbreak' of a given directory structure through relative file paths in the user input. It aims at accessing files and directories that are stored outside the web root folder, for disallowed reading or even executing arbitrary system commands. An attacker could use a certain parameter of the file path for instance to inject '../' sequences in order to navigate through the file system. In this particular case a remote authenticated attacker can exploit the identified vulnerability in order to upload arbitrary files to the server running a Cloud Controller instance - outside the isolated application container. | ||||
| CVE-2017-15607 | 1 Inedo | 1 Otter | 2025-04-20 | N/A |
| Inedo Otter before 1.7.4 has directory traversal in filesystem-based rafts via vectors involving '/' characters or initial '.' characters, aka OT-181. | ||||
| CVE-2017-15079 | 1 Wpmudev | 1 Smush Image Compression And Optimization | 2025-04-20 | N/A |
| The Smush Image Compression and Optimization plugin before 2.7.6 for WordPress allows directory traversal. | ||||
| CVE-2015-1847 | 1 Appserver | 1 Appserver | 2025-04-20 | N/A |
| Directory traversal vulnerability in the web request/response interface in Appserver before 1.0.3 allows remote attackers to read normally inaccessible files via a .. (dot dot) in a crafted URL. | ||||
| CVE-2017-14849 | 1 Nodejs | 1 Node.js | 2025-04-20 | N/A |
| Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was incompatible with the pathname validation used by unspecified community modules. | ||||
| CVE-2015-1876 | 1 Estrongs | 1 Es File Explorer | 2025-04-20 | N/A |
| Directory traversal vulnerability in ES File Explorer 3.2.4.1. | ||||
| CVE-2017-14196 | 1 Squiz | 1 Matrix | 2025-04-20 | N/A |
| An issue was discovered in Squiz Matrix from 5.3 through to 5.3.6.1 and 5.4.1.3. An information disclosure caused by a Path Traversal issue in the 'File Bridge' plugin allowed the existence of files outside of the bridged path to be confirmed. | ||||
| CVE-2017-14120 | 2 Debian, Rarlab | 2 Debian Linux, Unrar | 2025-04-20 | 7.5 High |
| unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a directory traversal vulnerability for RAR v2 archives: pathnames of the form ../[filename] are unpacked into the upper directory. | ||||