ReportizFlow
Filtered by vendor
Subscriptions
Total
8473 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-14849 | 1 Nodejs | 1 Node.js | 2025-04-20 | N/A |
| Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was incompatible with the pathname validation used by unspecified community modules. | ||||
| CVE-2016-10048 | 2 Imagemagick, Opensuse Project | 2 Imagemagick, Leap | 2025-04-20 | N/A |
| Directory traversal vulnerability in magick/module.c in ImageMagick 6.9.4-7 allows remote attackers to load arbitrary modules via unspecified vectors. | ||||
| CVE-2015-3297 | 1 Etherpad | 1 Etherpad | 2025-04-20 | N/A |
| Directory traversal vulnerability in node/utils/Minify.js in Etherpad 1.1.1 through 1.5.2 allows remote attackers to read arbitrary files by leveraging replacement of backslashes with slashes in the path parameter of HTTP API requests. | ||||
| CVE-2016-6517 | 1 Liferay | 1 Liferay | 2025-04-20 | N/A |
| Directory traversal vulnerability in Liferay 5.1.0 allows remote attackers to have unspecified impact via a %2E%2E (encoded dot dot) in the minifierBundleDir parameter to barebone.jsp. | ||||
| CVE-2017-11348 | 1 Octopus | 2 Octopus Deploy, Octopus Server | 2025-04-20 | N/A |
| In Octopus Deploy 3.x before 3.15.4, an authenticated user with PackagePush permission to upload packages could upload a maliciously crafted NuGet package, potentially overwriting other packages or modifying system files. This is a directory traversal in the PackageId value. | ||||
| CVE-2017-13985 | 1 Hp | 1 Bsm Platform Application Performance Management System Health | 2025-04-20 | N/A |
| An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to traverse directory leading to disclosure of information. | ||||
| CVE-2017-5539 | 1 B2evolution | 1 B2evolution | 2025-04-20 | N/A |
| The patch for directory traversal (CVE-2017-5480) in b2evolution version 6.8.4-stable has a bypass vulnerability. An attacker can use ..\/ to bypass the filter rule. Then, this attacker can exploit this vulnerability to delete or read any files on the server. It can also be used to determine whether a file exists. | ||||
| CVE-2017-1000170 | 1 Jqueryfiletree Project | 1 Jqueryfiletree | 2025-04-20 | 7.5 High |
| jqueryFileTree 2.1.5 and older Directory Traversal | ||||
| CVE-2017-11512 | 1 Manageengine | 1 Servicedesk | 2025-04-20 | N/A |
| The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the name parameter for the download-snapshot URL. An unauthenticated remote attacker can use this vulnerability to download arbitrary files. | ||||
| CVE-2017-16806 | 1 Ulterius | 1 Ulterius Server | 2025-04-20 | N/A |
| The Process function in RemoteTaskServer/WebServer/HttpServer.cs in Ulterius before 1.9.5.0 allows HTTP server directory traversal. | ||||
| CVE-2016-2087 | 1 Hexchat Project | 1 Hexchat | 2025-04-20 | N/A |
| Directory traversal vulnerability in the client in HexChat 2.11.0 allows remote IRC servers to read or modify arbitrary files via a .. (dot dot) in the server name. | ||||
| CVE-2017-5982 | 1 Kodi | 1 Kodi | 2025-04-20 | N/A |
| Directory traversal vulnerability in the Chorus2 2.4.2 add-on for Kodi allows remote attackers to read arbitrary files via a %2E%2E%252e (encoded dot dot slash) in the image path, as demonstrated by image/image%3A%2F%2F%2e%2e%252fetc%252fpasswd. | ||||
| CVE-2016-6601 | 1 Zohocorp | 1 Webnms Framework | 2025-04-20 | N/A |
| Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to read arbitrary files via a .. (dot dot) in the fileName parameter to servlets/FetchFile. | ||||
| CVE-2017-6190 | 1 Dlink | 3 Dwr-116, Dwr-116 Firmware, Dwr-116a1 | 2025-04-20 | N/A |
| Directory traversal vulnerability in the web interface on the D-Link DWR-116 device with firmware before V1.05b09 allows remote attackers to read arbitrary files via a .. (dot dot) in a "GET /uir/" request. | ||||
| CVE-2016-10173 | 1 Minitar | 2 Archive-tar-minitar, Minitar | 2025-04-20 | N/A |
| Directory traversal vulnerability in the minitar before 0.6 and archive-tar-minitar 0.5.2 gems for Ruby allows remote attackers to write to arbitrary files via a .. (dot dot) in a TAR archive entry. | ||||
| CVE-2017-6821 | 1 Synacor | 1 Zimbra Collaboration Suite | 2025-04-20 | N/A |
| Directory traversal vulnerability in Zimbra Collaboration Suite (aka ZCS) before 8.7.6 allows attackers to have unspecified impact via unknown vectors. | ||||
| CVE-2017-7258 | 1 Auromeera | 1 Emli | 2025-04-20 | N/A |
| HTTP Exploit in eMLi Portal in AuroMeera Technometrix Pvt. Ltd. eMLi allows an Attacker to View Restricted Information or (even more seriously) execute powerful commands on the web server which can lead to a full compromise of the system via Directory Path Traversal, as demonstrated by reading core-emli/Storage. The affected versions are eMLi School Management 1.0, eMLi College Campus Management 1.0, and eMLi University Management 1.0. | ||||
| CVE-2016-10400 | 1 Atutor | 1 Atutor | 2025-04-20 | N/A |
| Directory Traversal exists in ATutor before 2.2.2 via the icon parameter to /mods/_core/courses/users/create_course.php. The attacker can read an arbitrary file by visiting get_course_icon.php?id= after the traversal attack. | ||||
| CVE-2017-7424 | 1 Microfocus | 2 Enterprise Developer, Enterprise Server | 2025-04-20 | N/A |
| A Path Traversal (CWE-22) vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote authenticated users to download arbitrary files from a system running the product, if this component is configured. Note esfadmingui is not enabled by default. | ||||
| CVE-2017-15647 | 1 Fiberhome | 1 Routerfiberhome Firmware | 2025-04-20 | N/A |
| On FiberHome routers, Directory Traversal exists in /cgi-bin/webproc via the getpage parameter in conjunction with a crafted var:page value. | ||||