Export limit exceeded: 339475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (8644 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-14513 | 1 Metinfo | 1 Metinfo | 2025-04-20 | N/A |
| Directory traversal vulnerability in MetInfo 5.3.17 allows remote attackers to read information from any ini format file via the f_filename parameter in a fingerprintdo action to admin/app/physical/physical.php. | ||||
| CVE-2017-13780 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2025-04-20 | N/A |
| The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows directory traversal attacks for reading arbitrary files via the module/admin_conf/download.php file parameter. | ||||
| CVE-2017-11469 | 1 Idera | 1 Uptime Infrastructure Monitor | 2025-04-20 | N/A |
| get2post.php in IDERA Uptime Monitor 7.8 has directory traversal in the file_name parameter. | ||||
| CVE-2017-11152 | 1 Synology | 1 Photo Station | 2025-04-20 | N/A |
| Directory traversal vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to write arbitrary files via the path parameter. | ||||
| CVE-2016-8933 | 1 Ibm | 1 Kenexa Lms | 2025-04-20 | N/A |
| IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing dot dot sequences (/../) to view arbitrary files on the system. | ||||
| CVE-2016-7843 | 1 Hibara Software | 3 Attachecase For Java, Attachecase Lite, Attachecase Pro | 2025-04-20 | N/A |
| Directory traversal vulnerability in AttacheCase for Java 0.60 and earlier, AttacheCase Lite 1.4.6 and earlier, and AttacheCase Pro 1.5.7 and earlier allows remote attackers to read arbitrary files via specially crafted ATC file. | ||||
| CVE-2016-7842 | 1 Hibara | 1 Attachecase | 2025-04-20 | N/A |
| Directory traversal vulnerability in AttacheCase 2.8.2.8 and earlier and 3.2.0.4 and earlier allows remote attackers to read arbitrary files via specially crafted ATC file. | ||||
| CVE-2016-7826 | 1 Buffalotech | 2 Wnc01wh, Wnc01wh Firmware | 2025-04-20 | N/A |
| Directory traversal vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to read arbitrary files via specially crafted POST requests. | ||||
| CVE-2016-6795 | 1 Apache | 1 Struts | 2025-04-20 | N/A |
| In the Convention plugin in Apache Struts 2.3.x before 2.3.31, and 2.5.x before 2.5.5, it is possible to prepare a special URL which will be used for path traversal and execution of arbitrary code on server side. | ||||
| CVE-2016-5312 | 1 Symantec | 1 Messaging Gateway | 2025-04-20 | N/A |
| Directory traversal vulnerability in the charting component in Symantec Messaging Gateway before 10.6.2 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the sn parameter to brightmail/servlet/com.ve.kavachart.servlet.ChartStream. | ||||
| CVE-2017-5869 | 1 Nuxeo | 1 Nuxeo | 2025-04-20 | N/A |
| Directory traversal vulnerability in the file import feature in Nuxeo Platform 6.0, 7.1, 7.2, and 7.3 allows remote authenticated users to upload and execute arbitrary JSP code via a .. (dot dot) in the X-File-Name header. | ||||
| CVE-2015-7888 | 1 Samsung | 2 Galaxy S6 Edge, Galaxy S6 Edge Firmware | 2025-04-20 | N/A |
| Directory traversal vulnerability in the WifiHs20UtilityService on the Samsung S6 Edge LRX22G.G925VVRU1AOE2 allows remote attackers to overwrite or create arbitrary files as the system-level user via a .. (dot dot) in the name of a file, compressed into a zipped file named cred.zip, and downloaded to /sdcard/Download. | ||||
| CVE-2016-2087 | 1 Hexchat Project | 1 Hexchat | 2025-04-20 | N/A |
| Directory traversal vulnerability in the client in HexChat 2.11.0 allows remote IRC servers to read or modify arbitrary files via a .. (dot dot) in the server name. | ||||
| CVE-2015-7245 | 2 D-link, Dlink | 2 Dvg-n5402sp Firmware, Dvg-n5402sp | 2025-04-20 | N/A |
| Directory traversal vulnerability in D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 allows remote attackers to read sensitive information via a .. (dot dot) in the errorpage parameter. | ||||
| CVE-2017-7240 | 1 Miele Professional | 2 Pg 8528, Pst10 Webserver | 2025-04-20 | N/A |
| An issue was discovered on Miele Professional PST10 devices. The corresponding embedded webserver "PST10 WebServer" typically listens to port 80 and is prone to a directory traversal attack; therefore, an unauthenticated attacker may be able to exploit this issue to access sensitive information to aide in subsequent attacks. A Proof of Concept is GET /../../../../../../../../../../../../etc/shadow HTTP/1.1. This affects PG8527 devices 2.02 before 2.12, PG8527 devices 2.51 before 2.61, PG8527 devices 2.52 before 2.62, PG8527 devices 2.54 before 2.64, PG8528 devices 2.02 before 2.12, PG8528 devices 2.51 before 2.61, PG8528 devices 2.52 before 2.62, PG8528 devices 2.54 before 2.64, PG8535 devices 1.00 before 1.10, PG8535 devices 1.04 before 1.14, PG8536 devices 1.10 before 1.20, and PG8536 devices 1.14 before 1.24. | ||||
| CVE-2016-10331 | 1 Synology | 1 Photo Station | 2025-04-20 | N/A |
| Directory traversal vulnerability in download.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to read arbitrary files via a full pathname in the id parameter. | ||||
| CVE-2016-10330 | 1 Synology | 1 Photo Station | 2025-04-20 | N/A |
| Directory traversal vulnerability in synophoto_dsm_user, a SUID program, as used in Synology Photo Station before 6.5.3-3226 allows local users to write to arbitrary files via unspecified vectors. | ||||
| CVE-2015-8352 | 1 Zen-cart | 1 Zen Cart | 2025-04-20 | N/A |
| Directory traversal vulnerability in Zen Cart 1.5.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the act parameter to ajax.php. | ||||
| CVE-2015-8309 | 1 Fomori | 1 Cherrymusic | 2025-04-20 | N/A |
| Directory traversal vulnerability in Cherry Music before 0.36.0 allows remote authenticated users to read arbitrary files via the "value" parameter to "download." | ||||
| CVE-2015-8283 | 1 Seawell Networks | 1 Spectrum Sdc | 2025-04-20 | N/A |
| Directory traversal vulnerability in configure_manage.php in SeaWell Networks Spectrum SDC 02.05.00. | ||||