Total
5025 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-1497 | 1 Movabletype | 4 Movable Type Advanced, Movable Type Enterprise, Movable Type Open Source and 1 more | 2018-01-17 | 4.0 MEDIUM | N/A |
| The default configuration of Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 supports the "mt:Include file=" attribute, which allows remote authenticated users to conduct directory traversal attacks and read arbitrary files by leveraging the template-designer role. | |||||
| CVE-2017-1000448 | 1 Structured-data | 1 Structured Data Linter | 2018-01-16 | 5.0 MEDIUM | 7.5 HIGH |
| Structured Data Linter versions 2.4.1 and older are vulnerable to a directory traversal attack in the URL input field resulting in the possibility of disclosing information about the remote host. | |||||
| CVE-2012-1839 | 1 Ajaxplorer | 1 Ajaxplorer | 2018-01-10 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in the Get Template feature in plugins/gui.ajax/class.AJXP_ClientDriver.php in AjaXplorer 3.2.x before 3.2.5 and 4.0.x before 4.0.4 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) pluginName or (2) pluginPath parameter in a get_template action. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2017-17924 | 1 Ordermanagementscript | 1 Professional Service Script | 2018-01-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| PHP Scripts Mall Professional Service Script allows remote attackers to obtain sensitive full-path information via the id parameter to admin/review_userwise.php. | |||||
| CVE-2017-17927 | 1 Ordermanagementscript | 1 Professional Service Script | 2018-01-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| PHP Scripts Mall Professional Service Script allows remote attackers to obtain sensitive full-path information via a crafted PATH_INFO to service-list/category/. | |||||
| CVE-2012-1841 | 2 Dell, Quantum | 7 Powervault Ml6000, Powervault Ml6000 Firmware, Powervault Ml6010 and 4 more | 2018-01-09 | 5.0 MEDIUM | N/A |
| Absolute path traversal vulnerability in logShow.htm on the Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the Dell ML6000 tape library with firmware before A20-00 (590G.GS00100), allows remote attackers to read arbitrary files via a full pathname in the file parameter. | |||||
| CVE-2017-10907 | 1 Spiqe | 1 Onethird Cms Show Off | 2018-01-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| Directory traversal vulnerability in OneThird CMS Show Off v1.85 and earlier. Show Off v1.85 en and earlier allows an attacker to read arbitrary files via unspecified vectors. | |||||
| CVE-2017-17992 | 1 Iwcnetwork | 1 Biometric Shift Employee Management System | 2018-01-09 | 5.0 MEDIUM | 9.8 CRITICAL |
| Biometric Shift Employee Management System allows Arbitrary File Download via directory traversal sequences in the index.php form_file_name parameter in a download_form action. | |||||
| CVE-2011-4543 | 1 Oscommerce | 1 Oscommerce | 2018-01-05 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in osCommerce 3.0.2 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) set or (2) module parameter to (a) OM/Core/Site/Admin/Application/templates_modules/pages/info.php, (b) OM/Core/Site/Admin/Application/templates_modules/pages/edit.php, or (c) OM/Core/Site/Admin/Application/templates_modules/pages/uninstall.php; the (3) set parameter to OM/Core/Site/Admin/Application/templates_modules/pages/main.php; the module parameter to (4) OM/Core/Site/Admin/Application/modules_order_total/pages/edit.php, (5) OM/Core/Site/Admin/Application/modules_order_total/pages/uninstall.php, (6) OM/Core/Site/Admin/Application/modules_order_total/pages/info.php, (7) OM/Core/Site/Admin/Application/modules_geoip/pages/edit.php, (8) OM/Core/Site/Admin/Application/modules_geoip/pages/uninstall.php, (9) OM/Core/Site/Admin/Application/images/pages/main.php, (10) OM/Core/Site/Admin/Application/modules_shipping/pages/edit.php, or (11) OM/Core/Site/Admin/Application/modules_shipping/pages/uninstall.php; the filter parameter to (12) OM/Core/Site/Admin/Application/templates_modules_layout/pages/main.php, (13) OM/Core/Site/Admin/Application/templates_modules_layout/pages/new.php, or (14) OM/Core/Site/Admin/Application/templates_modules_layout/pages/edit.php; or the template parameter to (15) OM/Core/Site/Admin/Application/templates/pages/info.php, (16) OM/Core/Site/Admin/Application/templates/pages/edit.php, or (17) OM/Core/Site/Admin/Application/templates/pages/uninstall.php. | |||||
| CVE-2012-0246 | 1 Ecava | 1 Integraxor | 2018-01-05 | 9.3 HIGH | N/A |
| Directory traversal vulnerability in an unspecified ActiveX control in Ecava IntegraXor before 3.71.4200 allows remote attackers to execute arbitrary code via vectors involving an HTML document on the server. | |||||
| CVE-2017-15532 | 1 Symantec | 1 Messaging Gateway | 2018-01-05 | 5.5 MEDIUM | 5.7 MEDIUM |
| Prior to 10.6.4, Symantec Messaging Gateway may be susceptible to a path traversal attack (also known as directory traversal). These types of attacks aim to access files and directories that are stored outside the web root folder. By manipulating variables, it may be possible to access arbitrary files and directories stored on the file system including application source code or configuration and critical system files. | |||||
| CVE-2017-15309 | 1 Huawei | 1 Ireader | 2018-01-05 | 5.8 MEDIUM | 7.1 HIGH |
| Huawei iReader app before 8.0.2.301 has a path traversal vulnerability due to insufficient validation on file storage paths. An attacker can exploit this vulnerability to store downloaded malicious files in an arbitrary directory. | |||||
| CVE-2016-9177 | 1 Sparkjava | 1 Spark | 2018-01-04 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in Spark 2.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI. | |||||
| CVE-2014-9767 | 2 Hiphop Virtual Machine For Php Project, Php | 2 Hiphop Virtual Machine For Php, Php | 2018-01-04 | 4.3 MEDIUM | 4.3 MEDIUM |
| Directory traversal vulnerability in the ZipArchive::extractTo function in ext/zip/php_zip.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 and ext/zip/ext_zip.cpp in HHVM before 3.12.1 allows remote attackers to create arbitrary empty directories via a crafted ZIP archive. | |||||
| CVE-2017-17739 | 1 Brightsign | 2 4k242, 4k242 Firmware | 2018-01-04 | 7.5 HIGH | 9.8 CRITICAL |
| The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) has directory traversal via the /storage.html rp parameter, allowing an attacker to read or write to files. | |||||
| CVE-2017-17715 | 1 Telegram | 1 Telegram Messenger | 2018-01-04 | 6.8 MEDIUM | 8.8 HIGH |
| The saveFile method in MediaController.java in the Telegram Messenger application before 2017-12-08 for Android allows directory traversal via a pathname obtained in a file-transfer request from a remote peer, as demonstrated by writing to tgnet.dat or tgnet.dat.bak. | |||||
| CVE-2012-0365 | 1 Cisco | 12 Small Business Srp520-u Series Firmware, Small Business Srp520 Series Firmware, Small Business Srp521w and 9 more | 2018-01-03 | 9.0 HIGH | N/A |
| Directory traversal vulnerability in the Local TFTP file-upload application on Cisco SRP 520 series devices with firmware before 1.1.26 and SRP 520W-U and 540 series devices with firmware before 1.2.4 allows remote authenticated users to upload software to arbitrary directories via unspecified vectors, aka Bug ID CSCtw56009. | |||||
| CVE-2017-16788 | 1 Meinbergglobal | 2 Lantime, Lantime Firmware | 2018-01-03 | 9.0 HIGH | 7.2 HIGH |
| Directory traversal vulnerability in the "Upload Groupkey" functionality in the Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with Admin-User access to write to arbitrary files and consequently gain root privileges by uploading a file, as demonstrated by storing a file in the cron.d directory. | |||||
| CVE-2014-1833 | 1 Devscripts Devel Team | 1 Devscripts | 2018-01-02 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in uupdate in devscripts 2.14.1 allows remote attackers to modify arbitrary files via a crafted .orig.tar file, related to a symlink. | |||||
| CVE-2014-3864 | 1 Debian | 1 Dpkg-dev | 2017-12-28 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in dpkg-source in dpkg-dev 1.3.0 allows remote attackers to modify files outside of the intended directories via a crafted source package that lacks a --- header line. | |||||