Total
7067 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-20102 | 1 Album Lock Project | 1 Album Lock | 2024-11-21 | 4.4 Medium |
| A vulnerability was found in Album Lock 4.0 and classified as critical. Affected by this issue is some unknown functionality of the file /getImage. The manipulation of the argument filePaht leads to path traversal. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2017-1749 | 1 Ibm | 1 Urbancode Deploy | 2024-11-21 | N/A |
| IBM UrbanCode Deploy 6.1 through 6.9.6.0 could allow a remote attacker to traverse directories on the system. An unauthenticated attacker could alter UCD deployments. IBM X-Force ID: 135522. | ||||
| CVE-2017-1723 | 1 Ibm | 3 Qradar Incident Forensics, Qradar Network Insights, Qradar Security Information And Event Manager | 2024-11-21 | N/A |
| IBM Security QRadar SIEM 7.2 and 7.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 134812. | ||||
| CVE-2017-1671 | 1 Ibm | 1 Security Key Lifecycle Manager | 2024-11-21 | N/A |
| IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 133638. | ||||
| CVE-2017-1577 | 1 Ibm | 1 Websphere Portal | 2024-11-21 | N/A |
| IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 132117. | ||||
| CVE-2017-1548 | 1 Ibm | 1 Sterling File Gateway | 2024-11-21 | N/A |
| IBM Sterling File Gateway 2.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 131288. | ||||
| CVE-2017-1279 | 1 Ibm | 1 Tealeaf Customer Experience | 2024-11-21 | N/A |
| IBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 124757. | ||||
| CVE-2017-1087 | 1 Freebsd | 1 Freebsd | 2024-11-21 | N/A |
| In FreeBSD 10.x before 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24 named paths are globally scoped, meaning a process located in one jail can read and modify the content of POSIX shared memory objects created by a process in another jail or the host system. As a result, a malicious user that has access to a jailed system is able to abuse shared memory by injecting malicious content in the shared memory region. This memory region might be executed by applications trusting the shared memory, like Squid. This issue could lead to a Denial of Service or local privilege escalation. | ||||
| CVE-2017-18912 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. It allows an attacker to specify a full pathname of a log file. | ||||
| CVE-2017-18874 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 6.5 Medium |
| An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can achieve directory traversal. | ||||
| CVE-2017-18824 | 1 Netgear | 20 M4200, M4200 Firmware, M4300-12x12f and 17 more | 2024-11-21 | 3.3 Low |
| Certain NETGEAR devices are affected by directory traversal. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. | ||||
| CVE-2017-18636 | 1 Esafenet | 1 Cdg | 2024-11-21 | 7.5 High |
| CDG through 2017-01-01 allows downloadDocument.jsp?command=download&pathAndName= directory traversal. | ||||
| CVE-2017-18586 | 1 Insert Pages Project | 1 Insert Pages | 2024-11-21 | N/A |
| The insert-pages plugin before 3.2.4 for WordPress has directory traversal via custom template paths. | ||||
| CVE-2017-18585 | 1 Ivycat | 1 Posts In Page | 2024-11-21 | N/A |
| The posts-in-page plugin before 1.3.0 for WordPress has ic_add_posts template='../ directory traversal. | ||||
| CVE-2017-18448 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 64.0.21 allows certain file-read operations via a Serverinfo_manpage API call (SEC-252). | ||||
| CVE-2017-18354 | 1 Google | 1 Rendertron | 2024-11-21 | N/A |
| Rendertron 1.0.0 allows for alternative protocols such as 'file://' introducing a Local File Inclusion (LFI) bug where arbitrary files can be read by a remote attacker. | ||||
| CVE-2017-18263 | 1 Seagate | 2 Personal Cloud, Personal Cloud Firmware | 2024-11-21 | N/A |
| Seagate Media Server in Seagate Personal Cloud before 4.3.18.4 has directory traversal in getPhotoPlaylistPhotos.psp via a parameter named url. | ||||
| CVE-2017-18196 | 1 Leptonica | 1 Leptonica | 2024-11-21 | N/A |
| Leptonica 1.74.4 constructs unintended pathnames (containing duplicated path components) when operating on files in /tmp subdirectories, which might allow local users to bypass intended file restrictions by leveraging access to a directory located deeper within the /tmp directory tree, as demonstrated by /tmp/ANY/PATH/ANY/PATH/input.tif. | ||||
| CVE-2017-18038 | 1 Atlassian | 1 Bitbucket | 2024-11-21 | N/A |
| The repository settings resource in Atlassian Bitbucket Server before version 5.6.0 allows remote attackers to read the first line of arbitrary files via a path traversal vulnerability through the default branch name. | ||||
| CVE-2017-18037 | 1 Atlassian | 1 Bitbucket | 2024-11-21 | N/A |
| The git repository tag rest resource in Atlassian Bitbucket Server from version 3.7.0 before 4.14.11 (the fixed version for 4.14.x), from version 5.0.0 before 5.0.9 (the fixed version for 5.0.x), from version 5.1.0 before 5.1.8 (the fixed version for 5.1.x), from version 5.2.0 before 5.2.6 (the fixed version for 5.2.x), from version 5.3.0 before 5.3.4 (the fixed version for 5.3.x), from version 5.4.0 before 5.4.2 (the fixed version for 5.4.x), from version 5.5.0 before 5.5.1 (the fixed version for 5.5.x) and before 5.6.0 allows remote attackers to read arbitrary files via a path traversal vulnerability through the name of a git tag. | ||||