Total
7067 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-8841 | 1 Peplink | 12 1350hw2 Firmware, 2500 Firmware, 380hw6 Firmware and 9 more | 2024-11-21 | N/A |
| Arbitrary file deletion exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The attack methodology is absolute path traversal in cgi-bin/MANGA/firmware_process.cgi via the upfile.path parameter. | ||||
| CVE-2017-8805 | 1 Debian | 1 Ftpsync | 2024-11-21 | N/A |
| Debian ftpsync before 20171017 does not use the rsync --safe-links option, which allows remote attackers to conduct directory traversal attacks via a crafted upstream mirror. | ||||
| CVE-2017-8314 | 2 Debian, Kodi | 2 Debian Linux, Kodi | 2024-11-21 | N/A |
| Directory Traversal in Zip Extraction built-in function in Kodi 17.1 and earlier allows arbitrary file write on disk via a Zip file as subtitles. | ||||
| CVE-2017-8297 | 1 Simple-file-manager Project | 1 Simple-file-manager | 2024-11-21 | N/A |
| A path traversal vulnerability exists in simple-file-manager before 2017-04-26, affecting index.php (the sole "Simple PHP File Manager" component). | ||||
| CVE-2017-8283 | 1 Debian | 1 Dpkg | 2024-11-21 | N/A |
| dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source on NetBSD. | ||||
| CVE-2017-8189 | 1 Huawei | 1 Fusionsphere Openstack | 2024-11-21 | N/A |
| FusionSphere OpenStack V100R006C00SPC102(NFV)has a path traversal vulnerability. Due to insufficient path validation, an attacker with high privilege may exploit this vulnerability to cover some files, causing services abnormal. | ||||
| CVE-2017-8115 | 1 Modx | 1 Modx Revolution | 2024-11-21 | N/A |
| Directory traversal in setup/processors/url_search.php (aka the search page of an unused processor) in MODX Revolution 2.5.7 might allow remote attackers to obtain system directory information. | ||||
| CVE-2017-8104 | 1 Mybb | 1 Mybb | 2024-11-21 | N/A |
| In MyBB before 1.8.11, the smilie module allows Directory Traversal via the pathfolder parameter. | ||||
| CVE-2017-8033 | 1 Cloudfoundry | 2 Capi-release, Cf-release | 2024-11-21 | 7.8 High |
| An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions prior to v1.35.0 and cf-release versions prior to v268. A filesystem traversal vulnerability exists in the Cloud Controller that allows a space developer to escalate privileges by pushing a specially crafted application that can write arbitrary files to the Cloud Controller VM. | ||||
| CVE-2017-8007 | 1 Dell | 4 Emc M\&r, Emc Storage Monitoring And Reporting, Emc Vipr Srm and 1 more | 2024-11-21 | 8.8 High |
| In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Webservice Gateway is affected by a directory traversal vulnerability. Attackers with knowledge of Webservice Gateway credentials could potentially exploit this vulnerability to access unauthorized information, and modify or delete data, by supplying specially crafted strings in input parameters of the web service call. | ||||
| CVE-2017-8003 | 1 Emc | 1 Data Protection Advisor | 2024-11-21 | N/A |
| EMC Data Protection Advisor prior to 6.4 contains a path traversal vulnerability. A remote authenticated high privileged user may potentially exploit this vulnerability to access unauthorized information from the underlying OS server by supplying specially crafted strings in input parameters of the application. | ||||
| CVE-2017-7974 | 1 Schneider-electric | 1 U.motion Builder | 2024-11-21 | N/A |
| A path traversal information disclosure vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can execute arbitrary code and exfiltrate files. | ||||
| CVE-2017-7929 | 1 Advantech | 1 Webaccess | 2024-11-21 | N/A |
| An Absolute Path Traversal issue was discovered in Advantech WebAccess Version 8.1 and prior. The absolute path traversal vulnerability has been identified, which may allow an attacker to traverse the file system to access restricted files or directories. | ||||
| CVE-2017-7693 | 1 Riverbed | 1 Opnet App Response Xpert | 2024-11-21 | N/A |
| Directory traversal vulnerability in viewer_script.jsp in Riverbed OPNET App Response Xpert (ARX) version 9.6.1 allows remote authenticated users to inject arbitrary commands to read OS files. | ||||
| CVE-2017-7675 | 1 Apache | 1 Tomcat | 2024-11-21 | N/A |
| The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M21 and 8.5.0 to 8.5.15 bypassed a number of security checks that prevented directory traversal attacks. It was therefore possible to bypass security constraints using a specially crafted URL. | ||||
| CVE-2017-7577 | 1 Xiongmaitech | 1 Uc-httpd | 2024-11-21 | N/A |
| XiongMai uc-httpd has directory traversal allowing the reading of arbitrary files via a "GET ../" HTTP request. | ||||
| CVE-2017-7565 | 1 Splunk | 1 Hadoop Connect | 2024-11-21 | N/A |
| Splunk Hadoop Connect App has a path traversal vulnerability that allows remote authenticated users to execute arbitrary code, aka ERP-2041. | ||||
| CVE-2017-7462 | 1 Intellinet-network | 2 Nfc-30ir, Nfc-30ir Firmware | 2024-11-21 | N/A |
| Intellinet NFC-30ir IP Camera has a vendor backdoor that can allow a remote attacker access to a vendor-supplied CGI script in the web directory. | ||||
| CVE-2017-7461 | 1 Intellinet-network | 2 Nfc-30ir, Nfc-30ir Firmware | 2024-11-21 | N/A |
| Directory traversal vulnerability in the web-based management site on the Intellinet NFC-30ir IP Camera with firmware LM.1.6.16.05 allows remote attackers to read arbitrary files via a request to a vendor-supplied CGI script that is used to read HTML text file, but that does not do any URI/path sanitization. | ||||
| CVE-2017-7442 | 1 Gonitro | 1 Nitro Pro | 2024-11-21 | N/A |
| Nitro Pro 11.0.3.173 allows remote attackers to execute arbitrary code via saveAs and launchURL calls with directory traversal sequences. | ||||