Total
6555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-9067 | 2 Modx, Php | 2 Modx Revolution, Php | 2024-11-21 | 4.4 MEDIUM | 7.0 HIGH |
| In MODX Revolution before 2.5.7, when PHP 5.3.3 is used, an attacker is able to include and execute arbitrary files on the web server due to insufficient validation of the action parameter to setup/index.php, aka directory traversal. | |||||
| CVE-2017-9031 | 1 Deluge-torrent | 1 Deluge | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The WebUI component in Deluge before 1.3.15 contains a directory traversal vulnerability involving a request in which the name of the render file is not associated with any template file. | |||||
| CVE-2017-9030 | 1 Codextrous | 1 B2j Contact | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The Codextrous B2J Contact (aka b2j_contact) extension before 2.1.13 for Joomla! allows a directory traversal attack that bypasses a uniqid protection mechanism, and makes it easier to read arbitrary uploaded files. | |||||
| CVE-2017-9024 | 1 Secure-bytes | 1 Secure Cisco Auditor | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Secure Bytes Cisco Configuration Manager, as bundled in Secure Bytes Secure Cisco Auditor (SCA) 3.0, has a Directory Traversal issue in its TFTP Server, allowing attackers to read arbitrary files via ../ sequences in a pathname. | |||||
| CVE-2017-8961 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| A directory traversal vulnerability in HPE Intelligent Management Center (IMC) PLAT 7.3 E0504P02 could allow remote code execution. | |||||
| CVE-2017-8947 | 1 Hp | 1 Ucmdb Configuration Manager | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A Remote Code Execution vulnerability in HPE UCMDB version v10.10, v10.11, v10.20, v10.21, v10.22, v10.30, v10.31 was found. | |||||
| CVE-2017-8921 | 1 Flightgear | 1 Flightgear | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In FlightGear before 2017.2.1, the FGCommand interface allows overwriting any file the user has write access to, but not with arbitrary data: only with the contents of a FlightGear flightplan (XML). A resource such as a malicious third-party aircraft could exploit this to damage files belonging to the user. Both this issue and CVE-2016-9956 are directory traversal vulnerabilities in Autopilot/route_mgr.cxx - this one exists because of an incomplete fix for CVE-2016-9956. | |||||
| CVE-2017-8868 | 1 Flatcore | 1 Flatcore-cms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| acp/core/files.browser.php in flatCore 1.4.7 allows file deletion via directory traversal in the delete parameter to acp/acp.php. The risk might be limited to requests submitted through CSRF. | |||||
| CVE-2017-8853 | 1 Fiyo | 1 Fiyo Cms | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
| Fiyo CMS v2.0.7 has an arbitrary file delete vulnerability in dapur/apps/app_config/controller/backuper.php via directory traversal in the file parameter during an act=db action. | |||||
| CVE-2017-8841 | 1 Peplink | 12 1350hw2 Firmware, 2500 Firmware, 380hw6 Firmware and 9 more | 2024-11-21 | 7.5 HIGH | 8.1 HIGH |
| Arbitrary file deletion exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The attack methodology is absolute path traversal in cgi-bin/MANGA/firmware_process.cgi via the upfile.path parameter. | |||||
| CVE-2017-8805 | 1 Debian | 1 Ftpsync | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| Debian ftpsync before 20171017 does not use the rsync --safe-links option, which allows remote attackers to conduct directory traversal attacks via a crafted upstream mirror. | |||||
| CVE-2017-8314 | 2 Debian, Kodi | 2 Debian Linux, Kodi | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| Directory Traversal in Zip Extraction built-in function in Kodi 17.1 and earlier allows arbitrary file write on disk via a Zip file as subtitles. | |||||
| CVE-2017-8297 | 1 Simple-file-manager Project | 1 Simple-file-manager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A path traversal vulnerability exists in simple-file-manager before 2017-04-26, affecting index.php (the sole "Simple PHP File Manager" component). | |||||
| CVE-2017-8283 | 1 Debian | 1 Dpkg | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source on NetBSD. | |||||
| CVE-2017-8189 | 1 Huawei | 1 Fusionsphere Openstack | 2024-11-21 | 3.6 LOW | 6.0 MEDIUM |
| FusionSphere OpenStack V100R006C00SPC102(NFV)has a path traversal vulnerability. Due to insufficient path validation, an attacker with high privilege may exploit this vulnerability to cover some files, causing services abnormal. | |||||
| CVE-2017-8115 | 1 Modx | 1 Modx Revolution | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Directory traversal in setup/processors/url_search.php (aka the search page of an unused processor) in MODX Revolution 2.5.7 might allow remote attackers to obtain system directory information. | |||||
| CVE-2017-8104 | 1 Mybb | 1 Mybb | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| In MyBB before 1.8.11, the smilie module allows Directory Traversal via the pathfolder parameter. | |||||
| CVE-2017-8033 | 1 Cloudfoundry | 2 Capi-release, Cf-release | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions prior to v1.35.0 and cf-release versions prior to v268. A filesystem traversal vulnerability exists in the Cloud Controller that allows a space developer to escalate privileges by pushing a specially crafted application that can write arbitrary files to the Cloud Controller VM. | |||||
| CVE-2017-8007 | 1 Dell | 4 Emc M\&r, Emc Storage Monitoring And Reporting, Emc Vipr Srm and 1 more | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Webservice Gateway is affected by a directory traversal vulnerability. Attackers with knowledge of Webservice Gateway credentials could potentially exploit this vulnerability to access unauthorized information, and modify or delete data, by supplying specially crafted strings in input parameters of the web service call. | |||||
| CVE-2017-8003 | 1 Emc | 1 Data Protection Advisor | 2024-11-21 | 6.8 MEDIUM | 4.9 MEDIUM |
| EMC Data Protection Advisor prior to 6.4 contains a path traversal vulnerability. A remote authenticated high privileged user may potentially exploit this vulnerability to access unauthorized information from the underlying OS server by supplying specially crafted strings in input parameters of the application. | |||||