Export limit exceeded: 364922 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 364922 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (9639 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-1224 1 Cisco 1 Unified Customer Voice Portal 2025-04-11 N/A
Directory traversal vulnerability in the Resource Manager in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 allows remote attackers to overwrite arbitrary files via a crafted (1) HTTP or (2) HTTPS request that triggers incorrect parameter validation, aka Bug ID CSCub38369.
CVE-2011-2757 1 Manageengine 1 Servicedesk Plus 2025-04-11 N/A
Directory traversal vulnerability in FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0.0.12 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the FILENAME parameter. NOTE: this might overlap the US-CERT VU#543310 issue.
CVE-2010-3100 1 Portaplus 1 Porta\+ Ftp Client 2025-04-11 N/A
Directory traversal vulnerability in Porta+ FTP Client 4.1, and possibly other versions, allows remote FTP servers to overwrite arbitrary files via a directory traversal sequences in a filename.
CVE-2011-2755 1 Manageengine 1 Servicedesk Plus 2025-04-11 N/A
Directory traversal vulnerability in FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0 before Build 8012 allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2011-2744 1 Chyrp 1 Chyrp 2025-04-11 N/A
Directory traversal vulnerability in Chyrp 2.1 and earlier allows remote attackers to include and execute arbitrary local files via a ..%2F (encoded dot dot slash) in the action parameter to the default URI.
CVE-2011-4596 1 Openstack 1 Nova 2025-04-11 N/A
Multiple directory traversal vulnerabilities in OpenStack Nova before 2011.3.1, when the EC2 API and the S3/RegisterImage image-registration method are enabled, allow remote authenticated users to overwrite arbitrary files via a crafted (1) tarball or (2) manifest.
CVE-2011-4716 1 Dream-multimedia-tv 4 Dreambox Dm800 Hd Pvr, Dreambox Dm800 Hd Pvr Firmware, Dreambox Dm800 Hd Se and 1 more 2025-04-11 N/A
Directory traversal vulnerability in file in DreamBox DM800 1.6rc3, 1.5rc1, and earlier allows remote attackers to read arbitrary files via the file parameter.
CVE-2022-4779 1 Elvexys 1 Streamx 2025-04-10 7.5 High
StreamX applications from versions 6.02.01 to 6.04.34 are affected by a logic bug that allows to bypass the implemented authentication scheme. StreamX applications using StreamView HTML component with the public web server feature activated are affected.
CVE-2024-3195 1 Mailcleaner 1 Mailcleaner 2025-04-10 4.7 Medium
A vulnerability was found in MailCleaner up to 2023.03.14. It has been classified as critical. This affects an unknown part of the component Admin Endpoints. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-262311.
CVE-2024-39903 1 Widgetti 1 Solara 2025-04-10 8.6 High
Solara is a pure Python, React-style framework for scaling Jupyter and web apps. A Local File Inclusion (LFI) vulnerability was identified in widgetti/solara, in version <1.35.1, which was fixed in version 1.35.1. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as '../' when serving static files. An attacker can exploit this flaw by manipulating the fragment part of the URI to read arbitrary files on the local file system.
CVE-2024-27776 2 Canonical, Milesight 2 Ubuntu Linux, Devicehub 2025-04-10 9.8 Critical
MileSight DeviceHub - CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') may allow Unauthenticated RCE
CVE-2024-3783 1 Whitebearsolutions 1 Wbsairback 2025-04-10 7.7 High
The Backup Agents section in WBSAirback 21.02.04 is affected by a Path Traversal vulnerability, allowing a user with low privileges to download files from the system.
CVE-2024-51966 1 Esri 1 Arcgis Server 2025-04-10 4.9 Medium
There is a path traversal vulnerability in ESRI ArcGIS Server versions 11.3 and below. Successful exploitation may allow a remote authenticated attacker with admin privileges to traverse the file system to access files outside of the intended directory. There is no impact to integrity or availability due to the nature of the files that can be accessed, but there is a potential high impact to confidentiality.
CVE-2024-51958 1 Esri 1 Arcgis Server 2025-04-10 4.9 Medium
There is a path traversal vulnerability in ESRI ArcGIS Server versions 11.3 and below. Successful exploitation may allow a remote authenticated attacker with admin privileges to traverse the file system to access files outside of the intended directory.  There is no impact to integrity or availability due to the nature of the files that can be accessed, but there is a potential high impact to confidentiality.
CVE-2024-27921 1 Getgrav 1 Grav 2025-04-10 8.8 High
Grav is an open-source, flat-file content management system. A file upload path traversal vulnerability has been identified in the application prior to version 1.7.45, enabling attackers to replace or create files with extensions like .json, .zip, .css, .gif, etc. This critical security flaw poses severe risks, that can allow attackers to inject arbitrary code on the server, undermine integrity of backup files by overwriting existing files or creating new ones, and exfiltrate sensitive data using CSS exfiltration techniques. Upgrading to patched version 1.7.45 can mitigate the issue.
CVE-2022-46178 1 Metersphere 1 Metersphere 2025-04-10 7.4 High
MeterSphere is a one-stop open source continuous testing platform, covering test management, interface testing, UI testing and performance testing. Versions prior to 2.5.1 allow users to upload a file, but do not validate the file name, which may lead to upload file to any path. The vulnerability has been fixed in v2.5.1. There are no workarounds.
CVE-2024-1303 1 Badgermeter 1 Monitool 2025-04-10 6.5 Medium
Incorrectly limiting the path to a restricted directory vulnerability in Badger Meter Monitool that affects versions up to 4.6.3 and earlier. This vulnerability allows an authenticated attacker to retrieve any file from the device using the download-file functionality.
CVE-2023-47803 1 Synology 4 Bc500, Bc500 Firmware, Tc500 and 1 more 2025-04-10 5.3 Medium
A vulnerability regarding improper limitation of a pathname to a restricted directory ('Path Traversal') is found in the Language Settings functionality. This allows remote attackers to read specific files containing non-sensitive information via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.7-0298 may be affected: BC500 and TC500.
CVE-2022-4851 1 Usememos 1 Memos 2025-04-10 5.3 Medium
Improper Handling of Values in GitHub repository usememos/memos prior to 0.9.1.
CVE-2022-46305 1 Changingtec 1 Servisign 2025-04-10 6.5 Medium
ChangingTec ServiSign component has a path traversal vulnerability. An unauthenticated LAN attacker can exploit this vulnerability to bypass authentication and access arbitrary system files.