Search Results (8230 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-9983 1 Rarlab 1 Rar 2025-04-20 N/A
Directory Traversal exists in RAR 4.x and 5.x because an unpack operation follows any symlinks, including symlinks contained in the archive. This allows remote attackers to write to arbitrary files via a crafted archive.
CVE-2015-1395 3 Canonical, Fedoraproject, Gnu 3 Ubuntu Linux, Fedora, Patch 2025-04-20 N/A
Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. (dot dot) in a diff file name.
CVE-2015-0269 1 Contao 1 Contao Cms 2025-04-20 N/A
Directory traversal vulnerability in Contao before 3.2.19, and 3.4.x before 3.4.4 allows remote authenticated "back end" users to view files outside their file mounts or the document root via unspecified vectors.
CVE-2014-5301 1 Manageengine 4 Assetexplorer, It360, Servicedesk Plus and 1 more 2025-04-20 N/A
Directory traversal vulnerability in ServiceDesk Plus MSP v5 to v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 to v7.9; IT360 v8 to v10.4.
CVE-2017-1000002 1 Atutor 1 Atutor 2025-04-20 N/A
ATutor versions 2.2.1 and earlier are vulnerable to a directory traversal and file extension check bypass in the Course component resulting in code execution. ATutor versions 2.2.1 and earlier are vulnerable to a directory traversal vulnerability in the Course Icon component resulting in information disclosure.
CVE-2017-1000026 1 Progress 1 Mixlib-archive 2025-04-20 7.5 High
Chef Software's mixlib-archive versions 0.3.0 and older are vulnerable to a directory traversal attack allowing attackers to overwrite arbitrary files by using ".." in tar archive entries
CVE-2017-7974 1 Schneider-electric 1 U.motion Builder 2025-04-20 N/A
A path traversal information disclosure vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can execute arbitrary code and exfiltrate files.
CVE-2017-10861 1 Qualitysoft 1 Qnd Advance\/standard 2025-04-20 N/A
Directory traversal vulnerability in QND Advance/Standard allows an attacker to read arbitrary files via a specially crafted command.
CVE-2016-9164 1 Ca 1 Unified Infrastructure Management 2025-04-20 N/A
Directory traversal vulnerability in diag.jsp file in CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) 8.4 SP1 and earlier and CA Unified Infrastructure Management Snap (formerly CA Nimsoft Monitor Snap) allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2017-4980 1 Emc 1 Isilon Onefs 2025-04-20 N/A
EMC Isilon OneFS is affected by a path traversal vulnerability that may potentially be exploited by attackers to compromise the affected system. Affected versions are 7.1.0 - 7.1.1.10, 7.2.0 - 7.2.1.3, and 8.0.0 - 8.0.0.1.
CVE-2015-1847 1 Appserver 1 Appserver 2025-04-20 N/A
Directory traversal vulnerability in the web request/response interface in Appserver before 1.0.3 allows remote attackers to read normally inaccessible files via a .. (dot dot) in a crafted URL.
CVE-2015-1876 1 Estrongs 1 Es File Explorer 2025-04-20 N/A
Directory traversal vulnerability in ES File Explorer 3.2.4.1.
CVE-2017-3163 2 Apache, Redhat 2 Solr, Jboss Enterprise Application Platform 2025-04-20 N/A
When using the Index Replication feature, Apache Solr nodes can pull index files from a master/leader node using an HTTP API which accepts a file name. However, Solr before 5.5.4 and 6.x before 6.4.1 did not validate the file name, hence it was possible to craft a special request involving path traversal, leaving any file readable to the Solr server process exposed. Solr servers protected and restricted by firewall rules and/or authentication would not be at risk since only trusted clients and users would gain direct HTTP access.
CVE-2015-4180 1 Phpmybackuppro 1 Phpmybackuppro 2025-04-20 N/A
Directory traversal vulnerability in get_file.php in phpMyBackupPro 2.1 through 2.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this vulnerability exists due to an incomplete fix to CVE-2009-4050.
CVE-2015-4181 1 Phpmybackuppro 1 Phpmybackuppro 2025-04-20 N/A
Directory traversal vulnerability in get_file.php in phpMyBackupPro 2.1 through 2.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this vulnerability exists due to an incomplete fix to CVE-2015-4180.
CVE-2015-5248 1 Redhat 1 Feedhenry Enterprise Mobile Application Platform 2025-04-20 N/A
Reflected file download vulnerability in Red Hat Feedhenry Enterprise Mobile Application Platform.
CVE-2017-11511 1 Manageengine 1 Servicedesk 2025-04-20 N/A
The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the filepath parameter for the download-file URL. An unauthenticated remote attacker can use this vulnerability to download arbitrary files.
CVE-2016-10400 1 Atutor 1 Atutor 2025-04-20 N/A
Directory Traversal exists in ATutor before 2.2.2 via the icon parameter to /mods/_core/courses/users/create_course.php. The attacker can read an arbitrary file by visiting get_course_icon.php?id= after the traversal attack.
CVE-2017-11587 1 Cisco 2 Residential Gateway, Residential Gateway Firmware 2025-04-20 N/A
On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00.00.03.45.4E and DDR2201v1 ADSL2+ Residential Gateway DDR2201v1-NA-AnnexA-FCC-V00.00.03.28.3 devices, there is directory traversal in the filename parameter to the /download.conf URI.
CVE-2017-5899 1 S-nail Project 1 S-nail 2025-04-20 N/A
Directory traversal vulnerability in the setuid root helper binary in S-nail (later S-mailx) before 14.8.16 allows local users to write to arbitrary files and consequently gain root privileges via a .. (dot dot) in the randstr argument.