Search Results (9547 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-14513 1 Metinfo 1 Metinfo 2025-04-20 N/A
Directory traversal vulnerability in MetInfo 5.3.17 allows remote attackers to read information from any ini format file via the f_filename parameter in a fingerprintdo action to admin/app/physical/physical.php.
CVE-2017-10834 1 Nippon-antenna 2 Scr02hd, Scr02hd Firmware 2025-04-20 N/A
Directory traversal vulnerability in "Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier allows authenticated attackers to read arbitrary files via unspecified vectors.
CVE-2017-15359 1 3cx 1 3cx 2025-04-20 N/A
In the 3CX Phone System 15.5.3554.1, the Management Console typically listens to port 5001 and is prone to a directory traversal attack: "/api/RecordingList/DownloadRecord?file=" and "/api/SupportInfo?file=" are the vulnerable parameters. An attacker must be authenticated to exploit this issue to access sensitive information to aid in subsequent attacks.
CVE-2015-5473 1 Samsung 1 Syncthru 6 2025-04-20 N/A
Multiple directory traversal vulnerabilities in Samsung SyncThru 6 before 1.0 allow remote attackers to delete arbitrary files via unspecified parameters to (1) upload/updateDriver or (2) upload/addDriver or to execute arbitrary code with SYSTEM privileges via unspecified parameters to (3) uploadCloning.html, (4) fileupload.html, (5) uploadFirmware.html, or (6) upload/driver.
CVE-2016-9351 1 Advantech 1 Susiaccess 2025-04-20 N/A
An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. The directory traversal/file upload error allows an attacker to upload and unpack a zip file.
CVE-2017-15893 1 Synology 1 File Station 2025-04-20 N/A
Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology File Station before 1.1.1-0099 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter.
CVE-2017-5480 1 B2evolution 1 B2evolution 2025-04-20 N/A
Directory traversal vulnerability in inc/files/files.ctrl.php in b2evolution through 6.8.3 allows remote authenticated users to read or delete arbitrary files by leveraging back-office access to provide a .. (dot dot) in the fm_selected array parameter.
CVE-2017-11500 1 Metinfo 1 Metinfo 2025-04-20 7.5 High
A directory traversal vulnerability exists in MetInfo 5.3.17. A remote attacker can use ..\ to delete any .zip file via the filenames parameter to /admin/system/database/filedown.php.
CVE-2016-8593 1 Trendmicro 1 Threat Discovery Appliance 2025-04-20 N/A
Directory traversal vulnerability in upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via a .. (dot dot) in the dID parameter.
CVE-2017-2829 1 Foscam 2 C1 Indoor Hd Camera, C1 Indoor Hd Camera Firmware 2025-04-20 6.5 Medium
An exploitable directory traversal vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can cause the application to read a file from disk but a failure to adequately filter characters results in allowing an attacker to specify a file outside of a directory. An attacker can simply send an HTTP request to the device to trigger this vulnerability.
CVE-2015-7270 1 Dell 4 Integrated Remote Access Controller 6, Integrated Remote Access Controller 7, Integrated Remote Access Controller 8 and 1 more 2025-04-20 N/A
Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 and 7/8 before 2.21.21.21 allows directory traversal.
CVE-2016-4323 3 Canonical, Debian, Pidgin 3 Ubuntu Linux, Debian Linux, Pidgin 2025-04-20 N/A
A directory traversal exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an overwrite of files. A malicious server or someone with access to the network traffic can provide an invalid filename for a splash image triggering the vulnerability.
CVE-2014-8676 1 Soplanning 1 Soplanning 2025-04-20 N/A
Directory traversal vulnerability in the file_get_contents function in SOPlanning 1.32 and earlier allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) in a URL path parameter.
CVE-2017-14754 1 Opentext 1 Document Sciences Xpression 2025-04-20 N/A
OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to Arbitrary File Read: /xAdmin/html/cm_datasource_group_xsd.jsp, parameter: xsd_datasource_schema_file filename. In order for this vulnerability to be exploited, an attacker must authenticate to the application first.
CVE-2017-7974 1 Schneider-electric 1 U.motion Builder 2025-04-20 N/A
A path traversal information disclosure vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can execute arbitrary code and exfiltrate files.
CVE-2017-15079 1 Wpmudev 1 Smush Image Compression And Optimization 2025-04-20 N/A
The Smush Image Compression and Optimization plugin before 2.7.6 for WordPress allows directory traversal.
CVE-2017-14722 1 Wordpress 1 Wordpress 2025-04-20 N/A
Before version 4.8.2, WordPress allowed a Directory Traversal attack in the Customizer component via a crafted theme filename.
CVE-2017-12188 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Rhel Extras Rt 2025-04-20 7.8 High
arch/x86/kvm/mmu.c in the Linux kernel through 4.13.5, when nested virtualisation is used, does not properly traverse guest pagetable entries to resolve a guest virtual address, which allows L1 guest OS users to execute arbitrary code on the host OS or cause a denial of service (incorrect index during page walking, and host OS crash), aka an "MMU potential stack buffer overrun."
CVE-2017-16759 1 Librenms 1 Librenms 2025-04-20 N/A
The installation process in LibreNMS before 2017-08-18 allows remote attackers to read arbitrary files, related to html/install.php.
CVE-2017-16788 1 Meinbergglobal 2 Lantime, Lantime Firmware 2025-04-20 N/A
Directory traversal vulnerability in the "Upload Groupkey" functionality in the Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with Admin-User access to write to arbitrary files and consequently gain root privileges by uploading a file, as demonstrated by storing a file in the cron.d directory.