Export limit exceeded: 17584 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (8918 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-1876 | 1 Estrongs | 1 Es File Explorer | 2025-04-20 | N/A |
| Directory traversal vulnerability in ES File Explorer 3.2.4.1. | ||||
| CVE-2015-1847 | 1 Appserver | 1 Appserver | 2025-04-20 | N/A |
| Directory traversal vulnerability in the web request/response interface in Appserver before 1.0.3 allows remote attackers to read normally inaccessible files via a .. (dot dot) in a crafted URL. | ||||
| CVE-2015-1834 | 2 Cloudfoundry, Pivotal Software | 2 Cf-release, Cloud Foundry Elastic Runtime | 2025-04-20 | 6.5 Medium |
| A path traversal vulnerability was identified in the Cloud Foundry component Cloud Controller that affects cf-release versions prior to v208 and Pivotal Cloud Foundry Elastic Runtime versions prior to 1.4.2. Path traversal is the 'outbreak' of a given directory structure through relative file paths in the user input. It aims at accessing files and directories that are stored outside the web root folder, for disallowed reading or even executing arbitrary system commands. An attacker could use a certain parameter of the file path for instance to inject '../' sequences in order to navigate through the file system. In this particular case a remote authenticated attacker can exploit the identified vulnerability in order to upload arbitrary files to the server running a Cloud Controller instance - outside the isolated application container. | ||||
| CVE-2015-1199 | 1 Ppmd Project | 1 Ppmd | 2025-04-20 | N/A |
| Directory traversal vulnerability in ppmd 10.1-5. | ||||
| CVE-2015-1198 | 1 Linux-ha | 1 Ha | 2025-04-20 | N/A |
| Multiple directory traversal vulnerabilities in ha 0.999p+dfsg-5. | ||||
| CVE-2017-17992 | 1 Iwcnetwork | 1 Biometric Shift Employee Management System | 2025-04-20 | N/A |
| Biometric Shift Employee Management System allows Arbitrary File Download via directory traversal sequences in the index.php form_file_name parameter in a download_form action. | ||||
| CVE-2015-0781 | 1 Novell | 1 Zenworks Configuration Management | 2025-04-20 | N/A |
| Directory traversal vulnerability in the doPost method of the Rtrlet class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to upload and execute arbitrary files via unspecified vectors. | ||||
| CVE-2014-9983 | 1 Rarlab | 1 Rar | 2025-04-20 | N/A |
| Directory Traversal exists in RAR 4.x and 5.x because an unpack operation follows any symlinks, including symlinks contained in the archive. This allows remote attackers to write to arbitrary files via a crafted archive. | ||||
| CVE-2017-7693 | 1 Riverbed | 1 Opnet App Response Xpert | 2025-04-20 | N/A |
| Directory traversal vulnerability in viewer_script.jsp in Riverbed OPNET App Response Xpert (ARX) version 9.6.1 allows remote authenticated users to inject arbitrary commands to read OS files. | ||||
| CVE-2017-8283 | 1 Debian | 1 Dpkg | 2025-04-20 | N/A |
| dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source on NetBSD. | ||||
| CVE-2017-2098 | 1 Cubecart | 1 Cubecart | 2025-04-20 | N/A |
| Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors. | ||||
| CVE-2014-3744 | 1 Nodejs | 1 Node.js | 2025-04-20 | N/A |
| Directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in an unspecified path. | ||||
| CVE-2014-3702 | 1 Redhat | 1 Edeploy | 2025-04-20 | N/A |
| Directory traversal vulnerability in eNovance eDeploy allows remote attackers to create arbitrary directories and files and consequently cause a denial of service (resource consumption) via a .. (dot dot) the session parameter. | ||||
| CVE-2017-8297 | 1 Simple-file-manager Project | 1 Simple-file-manager | 2025-04-20 | N/A |
| A path traversal vulnerability exists in simple-file-manager before 2017-04-26, affecting index.php (the sole "Simple PHP File Manager" component). | ||||
| CVE-2017-8314 | 2 Debian, Kodi | 2 Debian Linux, Kodi | 2025-04-20 | N/A |
| Directory Traversal in Zip Extraction built-in function in Kodi 17.1 and earlier allows arbitrary file write on disk via a Zip file as subtitles. | ||||
| CVE-2017-2117 | 1 Cubecart | 1 Cubecart | 2025-04-20 | N/A |
| Directory traversal vulnerability in CubeCart versions prior to 6.1.5 allows attacker with administrator rights to read arbitrary files via unspecified vectors. | ||||
| CVE-2017-9030 | 1 Codextrous | 1 B2j Contact | 2025-04-20 | N/A |
| The Codextrous B2J Contact (aka b2j_contact) extension before 2.1.13 for Joomla! allows a directory traversal attack that bypasses a uniqid protection mechanism, and makes it easier to read arbitrary uploaded files. | ||||
| CVE-2017-9031 | 1 Deluge-torrent | 1 Deluge | 2025-04-20 | N/A |
| The WebUI component in Deluge before 1.3.15 contains a directory traversal vulnerability involving a request in which the name of the render file is not associated with any template file. | ||||
| CVE-2017-9067 | 2 Modx, Php | 2 Modx Revolution, Php | 2025-04-20 | N/A |
| In MODX Revolution before 2.5.7, when PHP 5.3.3 is used, an attacker is able to include and execute arbitrary files on the web server due to insufficient validation of the action parameter to setup/index.php, aka directory traversal. | ||||
| CVE-2017-9097 | 1 Hoytech | 1 Antiweb | 2025-04-20 | N/A |
| In Anti-Web through 3.8.7, as used on NetBiter FGW200 devices through 3.21.2, WS100 devices through 3.30.5, EC150 devices through 1.40.0, WS200 devices through 3.30.4, EC250 devices through 1.40.0, and other products, an LFI vulnerability allows a remote attacker to read or modify files through a path traversal technique, as demonstrated by reading the password file, or using the template parameter to cgi-bin/write.cgi to write to an arbitrary file. | ||||