Vulnerabilities (CVE)

Filtered by CWE-22
Total 7244 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-6306 2 Debian, Ytnef Project 2 Debian Linux, Ytnef 2025-04-20 6.8 MEDIUM 7.8 HIGH
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "9 of 9. Directory Traversal using the filename; SanitizeFilename function in settings.c."
CVE-2017-15893 1 Synology 1 File Station 2025-04-20 4.0 MEDIUM 6.5 MEDIUM
Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology File Station before 1.1.1-0099 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter.
CVE-2017-9031 1 Deluge-torrent 1 Deluge 2025-04-20 7.5 HIGH 9.8 CRITICAL
The WebUI component in Deluge before 1.3.15 contains a directory traversal vulnerability involving a request in which the name of the render file is not associated with any template file.
CVE-2016-4320 1 Atlassian 1 Bitbucket 2025-04-20 4.0 MEDIUM 4.3 MEDIUM
Atlassian Bitbucket Server before 4.7.1 allows remote attackers to read the first line of an arbitrary file via a directory traversal attack on the pull requests resource.
CVE-2017-7974 1 Schneider-electric 1 U.motion Builder 2025-04-20 7.5 HIGH 9.8 CRITICAL
A path traversal information disclosure vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can execute arbitrary code and exfiltrate files.
CVE-2016-10173 1 Minitar 2 Archive-tar-minitar, Minitar 2025-04-20 5.0 MEDIUM 7.5 HIGH
Directory traversal vulnerability in the minitar before 0.6 and archive-tar-minitar 0.5.2 gems for Ruby allows remote attackers to write to arbitrary files via a .. (dot dot) in a TAR archive entry.
CVE-2017-2163 1 N-i-agroinformatics 1 Soy Cms 2025-04-20 5.0 MEDIUM 7.5 HIGH
Directory traversal vulnerability in SOY CMS Ver.1.8.1 to Ver.1.8.12 allows authenticated attackers to read arbitrary files via shop_id.
CVE-2017-2150 1 Booking Calendar Project 1 Booking Calendar 2025-04-20 5.0 MEDIUM 5.3 MEDIUM
Directory traversal vulnerability in Booking Calendar version 7.0 and earlier allows remote attackers to read arbitrary files via specially crafted captcha_chalange parameter.
CVE-2016-8211 1 Dell 1 Emc Data Protection Advisor 2025-04-20 5.0 MEDIUM 7.5 HIGH
EMC Data Protection Advisor 6.1.x, EMC Data Protection Advisor 6.2, EMC Data Protection Advisor 6.2.1, EMC Data Protection Advisor 6.2.2, EMC Data Protection Advisor 6.2.3 prior to patch 446 has a path traversal vulnerability that may potentially be exploited by malicious users to compromise the affected system.
CVE-2017-5168 1 Hanwha-security 1 Smart Security Manager 2025-04-20 5.1 MEDIUM 7.5 HIGH
An issue was discovered in Hanwha Techwin Smart Security Manager Versions 1.5 and prior. Multiple Path Traversal vulnerabilities have been identified. The flaws exist within the ActiveMQ Broker service that is installed as part of the product. By issuing specific HTTP requests, if a user visits a malicious page, an attacker can gain access to arbitrary files on the server. Smart Security Manager Versions 1.4 and prior to 1.31 are affected by these vulnerabilities. These vulnerabilities can allow for remote code execution.
CVE-2017-8868 1 Flatcore 1 Flatcore-cms 2025-04-20 5.0 MEDIUM 7.5 HIGH
acp/core/files.browser.php in flatCore 1.4.7 allows file deletion via directory traversal in the delete parameter to acp/acp.php. The risk might be limited to requests submitted through CSRF.
CVE-2014-3702 1 Redhat 1 Edeploy 2025-04-20 6.4 MEDIUM 9.1 CRITICAL
Directory traversal vulnerability in eNovance eDeploy allows remote attackers to create arbitrary directories and files and consequently cause a denial of service (resource consumption) via a .. (dot dot) the session parameter.
CVE-2017-3980 1 Mcafee 1 Epolicy Orchestrator 2025-04-20 6.5 MEDIUM 7.2 HIGH
A directory traversal vulnerability in the ePO Extension in McAfee ePolicy Orchestrator (ePO) 5.9.0, 5.3.2, and 5.1.3 and earlier allows remote authenticated users to execute a command of their choice via an authenticated ePO session.
CVE-2017-9829 1 Vivotek 6 Network Camera Fd8164, Network Camera Fd8164 Firmware, Network Camera Fd816ba and 3 more 2025-04-20 5.0 MEDIUM 7.5 HIGH
'/cgi-bin/admin/downloadMedias.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable, which allows remote attackers to read any file on the camera's Linux filesystem via a crafted HTTP request containing ".." sequences. This vulnerability is already verified on VIVOTEK Network Camera IB8369/FD8164/FD816BA; most others have similar firmware that may be affected.
CVE-2017-6636 1 Cisco 1 Prime Collaboration Provisioning 2025-04-20 4.0 MEDIUM 6.5 MEDIUM
A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software (prior to Release 11.1) could allow an authenticated, remote attacker to view any file on an affected system. The vulnerability exists because the affected software does not perform proper input validation of HTTP requests and fails to apply role-based access controls (RBACs) to requested HTTP URLs. An attacker could exploit this vulnerability by sending a crafted HTTP request that uses directory traversal techniques to submit a path to a desired file location on an affected system. A successful exploit could allow the attacker to view any file on the system. Cisco Bug IDs: CSCvc99604.
CVE-2017-10907 1 Spiqe 1 Onethird Cms Show Off 2025-04-20 4.0 MEDIUM 4.3 MEDIUM
Directory traversal vulnerability in OneThird CMS Show Off v1.85 and earlier. Show Off v1.85 en and earlier allows an attacker to read arbitrary files via unspecified vectors.
CVE-2017-12637 1 Sap 1 Netweaver Application Server Java 2025-04-20 5.0 MEDIUM 7.5 HIGH
Directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS in SAP NetWeaver Application Server Java 7.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the query string, as exploited in the wild in August 2017, aka SAP Security Note 2486657.
CVE-2017-15607 1 Inedo 1 Otter 2025-04-20 7.5 HIGH 9.8 CRITICAL
Inedo Otter before 1.7.4 has directory traversal in filesystem-based rafts via vectors involving '/' characters or initial '.' characters, aka OT-181.
CVE-2016-10400 1 Atutor 1 Atutor 2025-04-20 5.0 MEDIUM 7.5 HIGH
Directory Traversal exists in ATutor before 2.2.2 via the icon parameter to /mods/_core/courses/users/create_course.php. The attacker can read an arbitrary file by visiting get_course_icon.php?id= after the traversal attack.
CVE-2017-11587 1 Cisco 2 Residential Gateway, Residential Gateway Firmware 2025-04-20 5.0 MEDIUM 7.5 HIGH
On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00.00.03.45.4E and DDR2201v1 ADSL2+ Residential Gateway DDR2201v1-NA-AnnexA-FCC-V00.00.03.28.3 devices, there is directory traversal in the filename parameter to the /download.conf URI.