Search Results (9563 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-2706 1 Huawei 2 Mate 9, Mate 9 Firmware 2025-04-20 N/A
Mate 9 smartphones with software MHA-AL00AC00B125 have a directory traversal vulnerability in Push module. Since the system does not verify the file name during decompression, system directories are traversed. It could be exploited to cause the attacker to replace files and impact the service.
CVE-2017-2829 1 Foscam 2 C1 Indoor Hd Camera, C1 Indoor Hd Camera Firmware 2025-04-20 6.5 Medium
An exploitable directory traversal vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can cause the application to read a file from disk but a failure to adequately filter characters results in allowing an attacker to specify a file outside of a directory. An attacker can simply send an HTTP request to the device to trigger this vulnerability.
CVE-2017-3163 2 Apache, Redhat 2 Solr, Jboss Enterprise Application Platform 2025-04-20 N/A
When using the Index Replication feature, Apache Solr nodes can pull index files from a master/leader node using an HTTP API which accepts a file name. However, Solr before 5.5.4 and 6.x before 6.4.1 did not validate the file name, hence it was possible to craft a special request involving path traversal, leaving any file readable to the Solr server process exposed. Solr servers protected and restricted by firewall rules and/or authentication would not be at risk since only trusted clients and users would gain direct HTTP access.
CVE-2017-6190 1 Dlink 3 Dwr-116, Dwr-116 Firmware, Dwr-116a1 2025-04-20 N/A
Directory traversal vulnerability in the web interface on the D-Link DWR-116 device with firmware before V1.05b09 allows remote attackers to read arbitrary files via a .. (dot dot) in a "GET /uir/" request.
CVE-2017-8104 1 Mybb 1 Mybb 2025-04-20 N/A
In MyBB before 1.8.11, the smilie module allows Directory Traversal via the pathfolder parameter.
CVE-2017-6306 2 Debian, Ytnef Project 2 Debian Linux, Ytnef 2025-04-20 N/A
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "9 of 9. Directory Traversal using the filename; SanitizeFilename function in settings.c."
CVE-2017-6681 1 Cisco 1 Ultra Services Framework 2025-04-20 N/A
A vulnerability in the AutoVNF VNFStagingView class of Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to execute a relative path traversal attack, enabling an attacker to read sensitive files on the system. More Information: CSCvc76662. Known Affected Releases: 21.0.0.
CVE-2017-6704 1 Cisco 1 Prime Collaboration Provisioning 2025-04-20 N/A
A vulnerability in the web application in the Cisco Prime Collaboration Provisioning tool could allow an authenticated, remote attacker to perform arbitrary file downloads that could allow the attacker to read files from the underlying filesystem. More Information: CSCvc90335. Known Affected Releases: 12.1.
CVE-2017-6758 1 Cisco 1 Unified Communications Manager 2025-04-20 N/A
A vulnerability in the web framework of Cisco Unified Communications Manager 11.5(1.10000.6) could allow an authenticated, remote attacker to access arbitrary files in the context of the web root directory structure on an affected device. The vulnerability is due to insufficient input validation by the affected software. An attacker could exploit this vulnerability by using directory traversal techniques to read files in the web root directory structure on the Cisco Unified Communications Manager filesystem. Cisco Bug IDs: CSCve13796.
CVE-2017-6805 1 Mobatek 1 Mobaxterm 2025-04-20 N/A
Directory traversal vulnerability in the TFTP server in MobaXterm Personal Edition 9.4 allows remote attackers to read arbitrary files via a .. (dot dot) in a GET command.
CVE-2017-6821 1 Synacor 1 Zimbra Collaboration Suite 2025-04-20 N/A
Directory traversal vulnerability in Zimbra Collaboration Suite (aka ZCS) before 8.7.6 allows attackers to have unspecified impact via unknown vectors.
CVE-2015-0269 1 Contao 1 Contao Cms 2025-04-20 N/A
Directory traversal vulnerability in Contao before 3.2.19, and 3.4.x before 3.4.4 allows remote authenticated "back end" users to view files outside their file mounts or the document root via unspecified vectors.
CVE-2017-7240 1 Miele Professional 2 Pg 8528, Pst10 Webserver 2025-04-20 N/A
An issue was discovered on Miele Professional PST10 devices. The corresponding embedded webserver "PST10 WebServer" typically listens to port 80 and is prone to a directory traversal attack; therefore, an unauthenticated attacker may be able to exploit this issue to access sensitive information to aide in subsequent attacks. A Proof of Concept is GET /../../../../../../../../../../../../etc/shadow HTTP/1.1. This affects PG8527 devices 2.02 before 2.12, PG8527 devices 2.51 before 2.61, PG8527 devices 2.52 before 2.62, PG8527 devices 2.54 before 2.64, PG8528 devices 2.02 before 2.12, PG8528 devices 2.51 before 2.61, PG8528 devices 2.52 before 2.62, PG8528 devices 2.54 before 2.64, PG8535 devices 1.00 before 1.10, PG8535 devices 1.04 before 1.14, PG8536 devices 1.10 before 1.20, and PG8536 devices 1.14 before 1.24.
CVE-2017-1000115 3 Debian, Mercurial, Redhat 9 Debian Linux, Mercurial, Enterprise Linux and 6 more 2025-04-20 N/A
Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the repository
CVE-2017-1000170 1 Jqueryfiletree Project 1 Jqueryfiletree 2025-04-20 7.5 High
jqueryFileTree 2.1.5 and older Directory Traversal
CVE-2017-10665 1 Phpgrid 1 Phpgrid 2025-04-20 N/A
Directory traversal vulnerability in ajaxfileupload.php in Kayson Group Ltd. phpGrid before 7.2.5 allows remote attackers to execute arbitrary code by uploading a crafted file with a .. (dot dot) in the file name.
CVE-2017-10708 1 Apport Project 1 Apport 2025-04-20 N/A
An issue was discovered in Apport through 2.20.x. In apport/report.py, Apport sets the ExecutablePath field and it then uses the path to run package specific hooks without protecting against path traversal. This allows remote attackers to execute arbitrary code via a crafted .crash file.
CVE-2017-10993 1 Contao 1 Contao Cms 2025-04-20 N/A
Contao before 3.5.28 and 4.x before 4.4.1 allows remote attackers to include and execute arbitrary local PHP files via a crafted parameter in a URL, aka Directory Traversal.
CVE-2017-11152 1 Synology 1 Photo Station 2025-04-20 N/A
Directory traversal vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to write arbitrary files via the path parameter.
CVE-2017-11162 1 Synology 1 Photo Station 2025-04-20 N/A
Directory traversal vulnerability in synphotoio in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticated users to read arbitrary files via unspecified vectors.