Search Results (9695 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-12791 1 Saltstack 1 Salt 2025-04-20 N/A
Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.11.7 and 2017.7.x before 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID.
CVE-2015-8780 1 Samsung 1 Kies 2025-04-20 N/A
Samsung wssyncmlnps before 2015-10-31 allows directory traversal in a Kies restore, aka ZipFury.
CVE-2017-15309 1 Huawei 1 Ireader 2025-04-20 N/A
Huawei iReader app before 8.0.2.301 has a path traversal vulnerability due to insufficient validation on file storage paths. An attacker can exploit this vulnerability to store downloaded malicious files in an arbitrary directory.
CVE-2015-8309 1 Fomori 1 Cherrymusic 2025-04-20 N/A
Directory traversal vulnerability in Cherry Music before 0.36.0 allows remote authenticated users to read arbitrary files via the "value" parameter to "download."
CVE-2016-10330 1 Synology 1 Photo Station 2025-04-20 N/A
Directory traversal vulnerability in synophoto_dsm_user, a SUID program, as used in Synology Photo Station before 6.5.3-3226 allows local users to write to arbitrary files via unspecified vectors.
CVE-2017-11389 1 Trendmicro 1 Control Manager 2025-04-20 N/A
Directory traversal vulnerability in Trend Micro Control Manager 6.0 allows remote code execution by attackers able to drop arbitrary files in a web-facing directory. Formerly ZDI-CAN-4684.
CVE-2014-9645 1 Busybox 1 Busybox 2025-04-20 N/A
The add_probe function in modutils/modprobe.c in BusyBox before 1.23.0 allows local users to bypass intended restrictions on loading kernel modules via a / (slash) character in a module name, as demonstrated by an "ifconfig /usbserial up" command or a "mount -t /snd_pcm none /" command.
CVE-2016-8211 1 Dell 1 Emc Data Protection Advisor 2025-04-20 7.5 High
EMC Data Protection Advisor 6.1.x, EMC Data Protection Advisor 6.2, EMC Data Protection Advisor 6.2.1, EMC Data Protection Advisor 6.2.2, EMC Data Protection Advisor 6.2.3 prior to patch 446 has a path traversal vulnerability that may potentially be exploited by malicious users to compromise the affected system.
CVE-2016-10397 1 Php 1 Php 2025-04-20 N/A
In PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling of various URI components in the URL parser could be used by attackers to bypass hostname-specific URL checks, as demonstrated by evil.example.com:80#@good.example.com/ and evil.example.com:80?@good.example.com/ inputs to the parse_url function (implemented in the php_url_parse_ex function in ext/standard/url.c).
CVE-2015-8283 1 Seawell Networks 1 Spectrum Sdc 2025-04-20 N/A
Directory traversal vulnerability in configure_manage.php in SeaWell Networks Spectrum SDC 02.05.00.
CVE-2017-12943 1 Dlink 2 Dir-600 B1, Dir-600 B1 Firmware 2025-04-20 9.8 Critical
D-Link DIR-600 Rev Bx devices with v2.x firmware allow remote attackers to read passwords via a model/__show_info.php?REQUIRE_FILE= absolute path traversal attack, as demonstrated by discovering the admin password.
CVE-2015-5473 1 Samsung 1 Syncthru 6 2025-04-20 N/A
Multiple directory traversal vulnerabilities in Samsung SyncThru 6 before 1.0 allow remote attackers to delete arbitrary files via unspecified parameters to (1) upload/updateDriver or (2) upload/addDriver or to execute arbitrary code with SYSTEM privileges via unspecified parameters to (3) uploadCloning.html, (4) fileupload.html, (5) uploadFirmware.html, or (6) upload/driver.
CVE-2017-9428 2 Bigtreecms, Microsoft 2 Bigtree Cms, Windows 2025-04-20 N/A
A directory traversal vulnerability exists in core\admin\ajax\developer\extensions\file-browser.php in BigTree CMS through 4.2.18 on Windows, allowing attackers to read arbitrary files via ..\ sequences in the directory parameter.
CVE-2016-5725 3 Jcraft, Microsoft, Redhat 4 Jsch, Windows, Jboss Amq and 1 more 2025-04-20 N/A
Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a ..\ (dot dot backslash) in a response to a recursive GET command.
CVE-2017-1000170 1 Jqueryfiletree Project 1 Jqueryfiletree 2025-04-20 7.5 High
jqueryFileTree 2.1.5 and older Directory Traversal
CVE-2017-7675 1 Apache 1 Tomcat 2025-04-20 N/A
The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M21 and 8.5.0 to 8.5.15 bypassed a number of security checks that prevented directory traversal attacks. It was therefore possible to bypass security constraints using a specially crafted URL.
CVE-2017-8921 1 Flightgear 1 Flightgear 2025-04-20 N/A
In FlightGear before 2017.2.1, the FGCommand interface allows overwriting any file the user has write access to, but not with arbitrary data: only with the contents of a FlightGear flightplan (XML). A resource such as a malicious third-party aircraft could exploit this to damage files belonging to the user. Both this issue and CVE-2016-9956 are directory traversal vulnerabilities in Autopilot/route_mgr.cxx - this one exists because of an incomplete fix for CVE-2016-9956.
CVE-2014-8163 1 Redhat 1 Satellite 2025-04-20 N/A
Directory traversal vulnerability in the XMLRPC interface in Red Hat Satellite 5.
CVE-2017-16759 1 Librenms 1 Librenms 2025-04-20 N/A
The installation process in LibreNMS before 2017-08-18 allows remote attackers to read arbitrary files, related to html/install.php.
CVE-2017-5869 1 Nuxeo 1 Nuxeo 2025-04-20 N/A
Directory traversal vulnerability in the file import feature in Nuxeo Platform 6.0, 7.1, 7.2, and 7.3 allows remote authenticated users to upload and execute arbitrary JSP code via a .. (dot dot) in the X-File-Name header.