Export limit exceeded: 351254 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 351254 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (9141 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-17042 | 1 Yardoc | 1 Yard | 2025-04-20 | N/A |
| lib/yard/core_ext/file.rb in the server in YARD before 0.9.11 does not block relative paths with an initial ../ sequence, which allows attackers to conduct directory traversal attacks and read arbitrary files. | ||||
| CVE-2017-17058 | 1 Automattic | 1 Woocommerce | 2025-04-20 | 7.5 High |
| The WooCommerce plugin through 3.x for WordPress has a Directory Traversal Vulnerability via a /wp-content/plugins/woocommerce/templates/emails/plain/ URI, which accesses a parent directory. NOTE: a software maintainer indicates that Directory Traversal is not possible because all of the template files have "if (!defined('ABSPATH')) {exit;}" code | ||||
| CVE-2017-17671 | 2 Microsoft, Vbulletin | 2 Windows, Vbulletin | 2025-04-20 | 9.8 Critical |
| vBulletin through 5.3.x on Windows allows remote PHP code execution because a require_once call is reachable with an unauthenticated request that can include directory traversal sequences to specify an arbitrary pathname, and because ../ traversal is blocked but ..\ traversal is not blocked. For example, an attacker can make an invalid HTTP request containing PHP code, and then make an index.php?routestring= request with enough instances of ".." to reach an Apache HTTP Server log file. | ||||
| CVE-2017-17715 | 1 Telegram | 1 Telegram Messenger | 2025-04-20 | N/A |
| The saveFile method in MediaController.java in the Telegram Messenger application before 2017-12-08 for Android allows directory traversal via a pathname obtained in a file-transfer request from a remote peer, as demonstrated by writing to tgnet.dat or tgnet.dat.bak. | ||||
| CVE-2017-17739 | 1 Brightsign | 2 4k242, 4k242 Firmware | 2025-04-20 | N/A |
| The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) has directory traversal via the /storage.html rp parameter, allowing an attacker to read or write to files. | ||||
| CVE-2017-17924 | 1 Ordermanagementscript | 1 Professional Service Script | 2025-04-20 | N/A |
| PHP Scripts Mall Professional Service Script allows remote attackers to obtain sensitive full-path information via the id parameter to admin/review_userwise.php. | ||||
| CVE-2017-2163 | 1 N-i-agroinformatics | 1 Soy Cms | 2025-04-20 | N/A |
| Directory traversal vulnerability in SOY CMS Ver.1.8.1 to Ver.1.8.12 allows authenticated attackers to read arbitrary files via shop_id. | ||||
| CVE-2017-2240 | 2 Apple, Hammock | 2 Mac Os X, Assetview | 2025-04-20 | N/A |
| Directory traversal vulnerability in AssetView for MacOS Ver.9.2.0 and earlier versions allows remote attackers to read arbitrary files via "File Transfer Web Service". | ||||
| CVE-2017-2245 | 1 Getshortcodes | 1 Shortcodes Ultimate | 2025-04-20 | 5.0 Medium |
| Directory traversal vulnerability in Shortcodes Ultimate prior to version 4.10.0 allows remote attackers to read arbitrary files via unspecified vectors. | ||||
| CVE-2017-2258 | 1 Cybozu | 1 Garoon | 2025-04-20 | N/A |
| Directory traversal vulnerability in Cybozu Garoon 4.2.4 to 4.2.5 allows an attacker to read arbitrary files via Garoon SOAP API "WorkflowHandleApplications". | ||||
| CVE-2017-5480 | 1 B2evolution | 1 B2evolution | 2025-04-20 | N/A |
| Directory traversal vulnerability in inc/files/files.ctrl.php in b2evolution through 6.8.3 allows remote authenticated users to read or delete arbitrary files by leveraging back-office access to provide a .. (dot dot) in the fm_selected array parameter. | ||||
| CVE-2017-5539 | 1 B2evolution | 1 B2evolution | 2025-04-20 | N/A |
| The patch for directory traversal (CVE-2017-5480) in b2evolution version 6.8.4-stable has a bypass vulnerability. An attacker can use ..\/ to bypass the filter rule. Then, this attacker can exploit this vulnerability to delete or read any files on the server. It can also be used to determine whether a file exists. | ||||
| CVE-2017-5541 | 1 Getsymphony | 1 Symphony | 2025-04-20 | N/A |
| Directory traversal vulnerability in template/usererror.missing_extension.php in Symphony CMS before 2.6.10 allows remote attackers to rename arbitrary files via a .. (dot dot) in the existing-folder and new-folder parameters. | ||||
| CVE-2017-6190 | 1 Dlink | 3 Dwr-116, Dwr-116 Firmware, Dwr-116a1 | 2025-04-20 | N/A |
| Directory traversal vulnerability in the web interface on the D-Link DWR-116 device with firmware before V1.05b09 allows remote attackers to read arbitrary files via a .. (dot dot) in a "GET /uir/" request. | ||||
| CVE-2017-8104 | 1 Mybb | 1 Mybb | 2025-04-20 | N/A |
| In MyBB before 1.8.11, the smilie module allows Directory Traversal via the pathfolder parameter. | ||||
| CVE-2017-6306 | 2 Debian, Ytnef Project | 2 Debian Linux, Ytnef | 2025-04-20 | N/A |
| An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "9 of 9. Directory Traversal using the filename; SanitizeFilename function in settings.c." | ||||
| CVE-2017-6758 | 1 Cisco | 1 Unified Communications Manager | 2025-04-20 | N/A |
| A vulnerability in the web framework of Cisco Unified Communications Manager 11.5(1.10000.6) could allow an authenticated, remote attacker to access arbitrary files in the context of the web root directory structure on an affected device. The vulnerability is due to insufficient input validation by the affected software. An attacker could exploit this vulnerability by using directory traversal techniques to read files in the web root directory structure on the Cisco Unified Communications Manager filesystem. Cisco Bug IDs: CSCve13796. | ||||
| CVE-2017-6805 | 1 Mobatek | 1 Mobaxterm | 2025-04-20 | N/A |
| Directory traversal vulnerability in the TFTP server in MobaXterm Personal Edition 9.4 allows remote attackers to read arbitrary files via a .. (dot dot) in a GET command. | ||||
| CVE-2017-6821 | 1 Synacor | 1 Zimbra Collaboration Suite | 2025-04-20 | N/A |
| Directory traversal vulnerability in Zimbra Collaboration Suite (aka ZCS) before 8.7.6 allows attackers to have unspecified impact via unknown vectors. | ||||
| CVE-2017-7565 | 1 Splunk | 1 Hadoop Connect | 2025-04-20 | N/A |
| Splunk Hadoop Connect App has a path traversal vulnerability that allows remote authenticated users to execute arbitrary code, aka ERP-2041. | ||||