Total
7067 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-14695 | 1 Saltstack | 1 Salt | 2024-11-21 | N/A |
| Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-12791. | ||||
| CVE-2017-14614 | 1 Gridgain | 1 Gridgain | 2024-11-21 | N/A |
| Directory traversal vulnerability in the Visor GUI Console in GridGain before 1.7.16, 1.8.x before 1.8.12, 1.9.x before 1.9.7, and 8.x before 8.1.5 allows remote authenticated users to read arbitrary files on remote cluster nodes via a crafted path. | ||||
| CVE-2017-14537 | 1 Netfortris | 1 Trixbox | 2024-11-21 | 6.5 Medium |
| trixbox 2.8.0.4 has path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter to /maint/modules/home/index.php. | ||||
| CVE-2017-14514 | 1 Tenda | 2 W15e, W15e Firmware | 2024-11-21 | N/A |
| Directory Traversal on Tenda W15E devices before 15.11.0.14 allows remote attackers to read unencrypted files via a crafted URL. | ||||
| CVE-2017-14513 | 1 Metinfo | 1 Metinfo | 2024-11-21 | N/A |
| Directory traversal vulnerability in MetInfo 5.3.17 allows remote attackers to read information from any ini format file via the f_filename parameter in a fingerprintdo action to admin/app/physical/physical.php. | ||||
| CVE-2017-14384 | 1 Dell | 1 Storage Manager | 2024-11-21 | N/A |
| In Dell Storage Manager versions earlier than 16.3.20, the EMConfigMigration service is affected by a directory traversal vulnerability. A remote malicious user could potentially exploit this vulnerability to read unauthorized files by supplying specially crafted strings in input parameters of the application. A malicious user cannot delete or modify any files via this vulnerability. | ||||
| CVE-2017-14196 | 1 Squiz | 1 Matrix | 2024-11-21 | N/A |
| An issue was discovered in Squiz Matrix from 5.3 through to 5.3.6.1 and 5.4.1.3. An information disclosure caused by a Path Traversal issue in the 'File Bridge' plugin allowed the existence of files outside of the bridged path to be confirmed. | ||||
| CVE-2017-14120 | 2 Debian, Rarlab | 2 Debian Linux, Unrar | 2024-11-21 | 7.5 High |
| unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a directory traversal vulnerability for RAR v2 archives: pathnames of the form ../[filename] are unpacked into the upper directory. | ||||
| CVE-2017-13996 | 1 Loytec | 2 Lvis-3me, Lvis-3me Firmware | 2024-11-21 | N/A |
| A Relative Path Traversal issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The web user interface fails to prevent access to critical files that non administrative users should not have access to, which could allow an attacker to create or modify files or execute arbitrary code. | ||||
| CVE-2017-13985 | 1 Hp | 1 Bsm Platform Application Performance Management System Health | 2024-11-21 | N/A |
| An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to traverse directory leading to disclosure of information. | ||||
| CVE-2017-13982 | 1 Hp | 1 Bsm Platform Application Performance Management System Health | 2024-11-21 | N/A |
| A directory traversal vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows users to upload unrestricted files. | ||||
| CVE-2017-13780 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2024-11-21 | N/A |
| The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows directory traversal attacks for reading arbitrary files via the module/admin_conf/download.php file parameter. | ||||
| CVE-2017-12943 | 1 Dlink | 2 Dir-600 B1, Dir-600 B1 Firmware | 2024-11-21 | 9.8 Critical |
| D-Link DIR-600 Rev Bx devices with v2.x firmware allow remote attackers to read passwords via a model/__show_info.php?REQUIRE_FILE= absolute path traversal attack, as demonstrated by discovering the admin password. | ||||
| CVE-2017-12938 | 1 Rarlab | 1 Unrar | 2024-11-21 | N/A |
| UnRAR before 5.5.7 allows remote attackers to bypass a directory-traversal protection mechanism via vectors involving a symlink to the . directory, a symlink to the .. directory, and a regular file. | ||||
| CVE-2017-12815 | 1 Bomgar | 1 Remote Support | 2024-11-21 | N/A |
| Analysis of the Bomgar Remote Support Portal JavaStart.jar Applet 52790 and earlier revealed that it is vulnerable to a path traversal vulnerability. The archive can be downloaded from a given Bomgar Remote Support Portal deployment at https://domain/api/content/JavaStart.jar and is callable from an arbitrary website using <object> and/or <appletHTML> tags. Successful exploitation results in file creation/modification/deletion in the operating system and with privileges of the user that ran the Java applet. | ||||
| CVE-2017-12791 | 1 Saltstack | 1 Salt | 2024-11-21 | N/A |
| Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.11.7 and 2017.7.x before 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. | ||||
| CVE-2017-12694 | 1 Spidercontrol | 1 Scada Web Server | 2024-11-21 | N/A |
| A Directory Traversal issue was discovered in SpiderControl SCADA Web Server. An attacker may be able to use a simple GET request to perform a directory traversal into system files. | ||||
| CVE-2017-12586 | 1 Slims | 1 Akasia | 2024-11-21 | N/A |
| SLiMS 8 Akasia through 8.3.1 has an arbitrary file reading issue because of directory traversal in the url parameter to admin/help.php. It can be exploited by remote authenticated librarian users. | ||||
| CVE-2017-12560 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | N/A |
| A Remote Denial of Service vulnerability in HPE Intelligent Management Center (iMC) PLAT version iMC Plat 7.3 E0504P2 was found. | ||||
| CVE-2017-12559 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | N/A |
| A Remote Denial of Service vulnerability in HPE Intelligent Management Center (iMC) PLAT version iMC Plat 7.3 E0504P2 was found. | ||||