Search Results (9551 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-14120 2 Debian, Rarlab 2 Debian Linux, Unrar 2025-04-20 7.5 High
unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a directory traversal vulnerability for RAR v2 archives: pathnames of the form ../[filename] are unpacked into the upper directory.
CVE-2017-1087 1 Freebsd 1 Freebsd 2025-04-20 N/A
In FreeBSD 10.x before 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24 named paths are globally scoped, meaning a process located in one jail can read and modify the content of POSIX shared memory objects created by a process in another jail or the host system. As a result, a malicious user that has access to a jailed system is able to abuse shared memory by injecting malicious content in the shared memory region. This memory region might be executed by applications trusting the shared memory, like Squid. This issue could lead to a Denial of Service or local privilege escalation.
CVE-2015-1199 1 Ppmd Project 1 Ppmd 2025-04-20 N/A
Directory traversal vulnerability in ppmd 10.1-5.
CVE-2017-10907 1 Spiqe 1 Onethird Cms Show Off 2025-04-20 N/A
Directory traversal vulnerability in OneThird CMS Show Off v1.85 and earlier. Show Off v1.85 en and earlier allows an attacker to read arbitrary files via unspecified vectors.
CVE-2017-10933 1 Zte 2 Zxdt22 Sf01, Zxdt22 Sf01 Firmware 2025-04-20 N/A
All versions prior to V2.06.00.00 of ZTE ZXDT22 SF01, an monitoring system of ZTE energy product, are impacted by directory traversal vulnerability that allows remote attackers to read arbitrary files on the system via a full path name after host address.
CVE-2017-10940 1 Joyent 1 Triton Datacenter 2025-04-20 N/A
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Joyent Smart Data Center prior to agentsshar@1.0.0-release-20160901-20160901T051624Z-g3fd5adf (e469cf49-4de3-4658-8419-ab42837916ad). An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the docker API. The process does not properly validate user-supplied data which can allow for the upload of arbitrary files. An attacker can leverage this vulnerability to execute arbitrary code under the context of root. Was ZDI-CAN-3853.
CVE-2014-5301 1 Manageengine 4 Assetexplorer, It360, Servicedesk Plus and 1 more 2025-04-20 N/A
Directory traversal vulnerability in ServiceDesk Plus MSP v5 to v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 to v7.9; IT360 v8 to v10.4.
CVE-2017-11440 1 Sitecore 1 Cms 2025-04-20 N/A
In Sitecore 8.2, there is absolute path traversal via the shell/Applications/Layouts/IDE.aspx fi parameter and the admin/LinqScratchPad.aspx Reference parameter.
CVE-2016-8913 1 Ibm 1 Kenexa Lms On Cloud 2025-04-20 N/A
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.
CVE-2016-8933 1 Ibm 1 Kenexa Lms 2025-04-20 N/A
IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing dot dot sequences (/../) to view arbitrary files on the system.
CVE-2014-8871 1 Sap 1 Hybris 2025-04-20 N/A
Directory traversal vulnerability in hybris Commerce software suite 5.0.3.3 and earlier, 5.0.0.3 and earlier, 5.0.4.4 and earlier, 5.1.0.1 and earlier, 5.1.1.2 and earlier, 5.2.0.3 and earlier, and 5.3.0.1 and earlier.
CVE-2017-7240 1 Miele Professional 2 Pg 8528, Pst10 Webserver 2025-04-20 N/A
An issue was discovered on Miele Professional PST10 devices. The corresponding embedded webserver "PST10 WebServer" typically listens to port 80 and is prone to a directory traversal attack; therefore, an unauthenticated attacker may be able to exploit this issue to access sensitive information to aide in subsequent attacks. A Proof of Concept is GET /../../../../../../../../../../../../etc/shadow HTTP/1.1. This affects PG8527 devices 2.02 before 2.12, PG8527 devices 2.51 before 2.61, PG8527 devices 2.52 before 2.62, PG8527 devices 2.54 before 2.64, PG8528 devices 2.02 before 2.12, PG8528 devices 2.51 before 2.61, PG8528 devices 2.52 before 2.62, PG8528 devices 2.54 before 2.64, PG8535 devices 1.00 before 1.10, PG8535 devices 1.04 before 1.14, PG8536 devices 1.10 before 1.20, and PG8536 devices 1.14 before 1.24.
CVE-2017-8115 1 Modx 1 Modx Revolution 2025-04-20 N/A
Directory traversal in setup/processors/url_search.php (aka the search page of an unused processor) in MODX Revolution 2.5.7 might allow remote attackers to obtain system directory information.
CVE-2017-8104 1 Mybb 1 Mybb 2025-04-20 N/A
In MyBB before 1.8.11, the smilie module allows Directory Traversal via the pathfolder parameter.
CVE-2017-1000115 3 Debian, Mercurial, Redhat 9 Debian Linux, Mercurial, Enterprise Linux and 6 more 2025-04-20 N/A
Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the repository
CVE-2017-8314 2 Debian, Kodi 2 Debian Linux, Kodi 2025-04-20 N/A
Directory Traversal in Zip Extraction built-in function in Kodi 17.1 and earlier allows arbitrary file write on disk via a Zip file as subtitles.
CVE-2017-10841 1 Webcalendar Project 1 Webcalendar 2025-04-20 N/A
Directory traversal vulnerability in WebCalendar 1.2.7 and earlier allows authenticated attackers to read arbitrary files via unspecified vectors.
CVE-2016-10183 1 Dlink 2 Dwr-932b, Dwr-932b Firmware 2025-04-20 7.5 High
An issue was discovered on the D-Link DWR-932B router. qmiweb allows directory listing with ../ traversal.
CVE-2017-8868 1 Flatcore 1 Flatcore-cms 2025-04-20 N/A
acp/core/files.browser.php in flatCore 1.4.7 allows file deletion via directory traversal in the delete parameter to acp/acp.php. The risk might be limited to requests submitted through CSRF.
CVE-2017-9097 1 Hoytech 1 Antiweb 2025-04-20 N/A
In Anti-Web through 3.8.7, as used on NetBiter FGW200 devices through 3.21.2, WS100 devices through 3.30.5, EC150 devices through 1.40.0, WS200 devices through 3.30.4, EC250 devices through 1.40.0, and other products, an LFI vulnerability allows a remote attacker to read or modify files through a path traversal technique, as demonstrated by reading the password file, or using the template parameter to cgi-bin/write.cgi to write to an arbitrary file.