Search Results (9563 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2011-4835 1 Homeseer 1 Homeseer Hs2 2025-04-11 N/A
Directory traversal vulnerability in the web interface in HomeSeer HS2 2.5.0.20 allows remote attackers to access arbitrary files via unspecified vectors.
CVE-2010-4148 1 Anyconnect 1 Anyconnect 2025-04-11 N/A
Directory traversal vulnerability in AnyConnect 1.2.3.0, and possibly earlier, allows remote FTP servers to write arbitrary files via a "..\" (dot dot backslash) in a filename.
CVE-2010-3100 1 Portaplus 1 Porta\+ Ftp Client 2025-04-11 N/A
Directory traversal vulnerability in Porta+ FTP Client 4.1, and possibly other versions, allows remote FTP servers to overwrite arbitrary files via a directory traversal sequences in a filename.
CVE-2009-4952 2 Serge Gebhardt, Typo3 2 Dir Listing, Typo3 2025-04-11 N/A
Directory traversal vulnerability in the Directory Listing (dir_listing) extension 1.1.0 and earlier for TYPO3 allows remote attackers to have an unspecified impact via unknown vectors.
CVE-2010-4801 1 Baconmap 1 Baconmap 2025-04-11 N/A
Directory traversal vulnerability in admin/updatelist.php in BaconMap 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the filepath parameter.
CVE-2010-3743 1 Rene Tegel 1 Visual Synapse 2025-04-11 N/A
Directory traversal vulnerability in Visual Synapse HTTP Server 1.0 RC1 through RC3, and 0.60 and earlier, allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.
CVE-2012-0186 1 Ibm 1 Lotus Expeditor 2025-04-11 N/A
Directory traversal vulnerability in the Eclipse Help component in IBM Lotus Expeditor 6.1.x and 6.2.x before 6.2 FP5+Security Pack allows remote attackers to discover the locations of files via a crafted URL.
CVE-2012-0987 1 Impresscms 1 Impresscms 2025-04-11 N/A
Directory traversal vulnerability in edituser.php in ImpressCMS 1.2.x before 1.2.7 Final and 1.3.x before 1.3.1 Final allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the icmsConfigPlugins[sanitizer_plugins][] parameter.
CVE-2011-1586 2 Kde, Redhat 2 Kde Sc, Enterprise Linux 2025-04-11 N/A
Directory traversal vulnerability in the KGetMetalink::File::isValidNameAttr function in ui/metalinkcreator/metalinker.cpp in KGet in KDE SC 4.6.2 and earlier allows remote attackers to create arbitrary files via a .. (dot dot) in the name attribute of a file element in a metalink file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-1000.
CVE-2010-2456 1 Codelib 1 Linker Img 2025-04-11 N/A
Multiple directory traversal vulnerabilities in index.php in Linker IMG 1.0 and earlier allow remote attackers to read and execute arbitrary local files via a URL in the (1) cook_lan cookie parameter ($lan_dir variable) or possibly (2) Sdb_type parameter. NOTE: this was originally reported as remote file inclusion, but this may be inaccurate.
CVE-2011-0405 1 Phpgedview 1 Phpgedview 2025-04-11 N/A
Directory traversal vulnerability in module.php in PhpGedView 4.2.3 and possibly other versions, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via directory traversal sequences in the pgvaction parameter.
CVE-2022-4779 1 Elvexys 1 Streamx 2025-04-10 7.5 High
StreamX applications from versions 6.02.01 to 6.04.34 are affected by a logic bug that allows to bypass the implemented authentication scheme. StreamX applications using StreamView HTML component with the public web server feature activated are affected.
CVE-2024-3195 1 Mailcleaner 1 Mailcleaner 2025-04-10 4.7 Medium
A vulnerability was found in MailCleaner up to 2023.03.14. It has been classified as critical. This affects an unknown part of the component Admin Endpoints. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-262311.
CVE-2024-39903 1 Widgetti 1 Solara 2025-04-10 8.6 High
Solara is a pure Python, React-style framework for scaling Jupyter and web apps. A Local File Inclusion (LFI) vulnerability was identified in widgetti/solara, in version <1.35.1, which was fixed in version 1.35.1. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as '../' when serving static files. An attacker can exploit this flaw by manipulating the fragment part of the URI to read arbitrary files on the local file system.
CVE-2024-27776 2 Canonical, Milesight 2 Ubuntu Linux, Devicehub 2025-04-10 9.8 Critical
MileSight DeviceHub - CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') may allow Unauthenticated RCE
CVE-2024-3783 1 Whitebearsolutions 1 Wbsairback 2025-04-10 7.7 High
The Backup Agents section in WBSAirback 21.02.04 is affected by a Path Traversal vulnerability, allowing a user with low privileges to download files from the system.
CVE-2024-51966 1 Esri 1 Arcgis Server 2025-04-10 4.9 Medium
There is a path traversal vulnerability in ESRI ArcGIS Server versions 11.3 and below. Successful exploitation may allow a remote authenticated attacker with admin privileges to traverse the file system to access files outside of the intended directory. There is no impact to integrity or availability due to the nature of the files that can be accessed, but there is a potential high impact to confidentiality.
CVE-2024-51958 1 Esri 1 Arcgis Server 2025-04-10 4.9 Medium
There is a path traversal vulnerability in ESRI ArcGIS Server versions 11.3 and below. Successful exploitation may allow a remote authenticated attacker with admin privileges to traverse the file system to access files outside of the intended directory.  There is no impact to integrity or availability due to the nature of the files that can be accessed, but there is a potential high impact to confidentiality.
CVE-2024-27921 1 Getgrav 1 Grav 2025-04-10 8.8 High
Grav is an open-source, flat-file content management system. A file upload path traversal vulnerability has been identified in the application prior to version 1.7.45, enabling attackers to replace or create files with extensions like .json, .zip, .css, .gif, etc. This critical security flaw poses severe risks, that can allow attackers to inject arbitrary code on the server, undermine integrity of backup files by overwriting existing files or creating new ones, and exfiltrate sensitive data using CSS exfiltration techniques. Upgrading to patched version 1.7.45 can mitigate the issue.
CVE-2022-46178 1 Metersphere 1 Metersphere 2025-04-10 7.4 High
MeterSphere is a one-stop open source continuous testing platform, covering test management, interface testing, UI testing and performance testing. Versions prior to 2.5.1 allow users to upload a file, but do not validate the file name, which may lead to upload file to any path. The vulnerability has been fixed in v2.5.1. There are no workarounds.