CWE:
 

Topic
Date
Author
Med.
WordPress WooCommerce 2.0 / 3.0 Directory Traversal
01.12.2017
Fu2x200
Med.
Android Gmail < 7.11.5.176568039 Directory Traversal in Attachment Download
28.11.2017
Google
Med.
Ulterius Server < 1.9.5.0 Directory Traversal
15.11.2017
Rick Osgood
Med.
3CX Phone System 15.5.3554.1 Directory Traversal
18.10.2017
Jens Regel
Med.
WordPress Smush Image 2.7.4.1 Directory Traversal
05.10.2017
Ricardo Sanchez
Med.
Cloudview NMS 2.00b Writable Directory Traversal Execution
17.09.2017
james fitts
Med.
Carlo Gavazzi Powersoft 2.1.1.1 Directory Traversal
15.09.2017
james fitts
Med.
Indusoft Web Studio - Directory Traversal Information Disclosure
14.09.2017
james fitts
Med.
Huawei HG255s Directory Traversal
08.09.2017
Ahmet Mersin
High
Automated Logic WebCTRL 6.1 Path Traversal Arbitrary File Write
23.08.2017
Gjoko 'LiquidWorm' Krs...
Low
Cisco DDR2200 / 2201v1 Insecure Direct Object Reference / Path Traversal
17.07.2017
Matheus Bernardes
Med.
Schneider Electric Pelco VideoXpert Core Admin Portal Directory Traversal
11.07.2017
Gjoko 'LiquidWorm' Krs...
Med.
Kaspersky Anti-Virus File Server 8.0.3.297 - Multiple Vulnerabilities
29.06.2017
CORE
Med.
WordPress Photo Gallery 1.3.34 / 1.3.42 Path Traversal
21.06.2017
Tom Adams
Med.
Home FTP Server 1.14.0 Build 176 Directory Traversal
31.05.2017
Sultan Albalawi
Med.
Trend Micro Threat Discovery Appliance 2.6.1062r1 logoff.cgi Directory Traversal
20.04.2017
Steven Seeley
Med.
XiongMai uc-http 1.0.0 Local File Inclusion / Directory Traversal
13.04.2017
keksec
Med.
MyBB <1.8.11 Directory Traversal
12.04.2017
Zhiyang Zeng
Med.
Miele Professional PG 8528 Directory Traversal
25.03.2017
Jens Regel
Med.
OpenSSH On Cygwin SFTP Client Directory Traversal
22.03.2017
jannh
Med.
HttpServer 1.0 Directory Traversal
20.03.2017
malwrforensics
High
dnaLIMS Code Execution / XSS / Traversal / Session Hijacking
11.03.2017
Nicholas von Pechmann
Med.
Joomla Akeeba Backup 5.2.5 Directory Traversal
08.03.2017
Persian Hack Team
High
Ettercap 0.8.2 Etterfilter Out-Of-Bounds Read
06.03.2017
AromalUllas
Med.
Simplessus Files 3.7.7 Path Traversal
19.02.2017
Dr. Adrian Vollmer
High
Trendmicro InterScan 6.5-SP2_Build_Linux_1548 Remote Root
18.02.2017
Matt Bergin (@thatguyl...
Med.
Trendmicro InterScan 6.5-SP2_Build_Linux_1548 Arbitrary File Write
18.02.2017
Matt Bergin
Med.
Coppermine Gallery 1.5.44 Directory Traversal
16.02.2017
Hacker Fantastic
Med.
Horos 2.1.0 Web Portal Remote Information Disclosure / Directory Traversal
18.12.2016
Gjoko 'LiquidWorm' Krs...
Med.
Shuttle Tech ADSL Wireless 920 WM XSS / Directory Traversal
06.12.2016
Persian Hack Team
High
Apache ActiveMQ 5.11.1 / 5.13.2 Directory Traversal / Command Execution
04.12.2016
David Jorm
Low
Biesta Billing 4.0 Beta Cross Site Request Forgery / Traversal
29.11.2016
TaurusOmar
High
Crestron AM-100 1.2.1 Path Traversal / Hard-Coded Credentials
23.11.2016
Zach Lanier
Low
Atlassian Confluence AppFusions Doxygen 1.3.0 Path Traversal
22.11.2016
RCE
Med.
SAP NetWeaver AS ABAP 7.4 Directory Traversal
19.11.2016
Daria Prosochkina
Med.
Oracle Netbeans IDE 8.1 Directory Traversal
21.10.2016
hyp3rlinx
Low
SPIP 3.1.2 File Enumeration / Path Traversal
20.10.2016
Nicolas CHATELAIN
Med.
Kajona 4.7 Cross Site Scripting / Directory Traversal
17.09.2016
Tim Coen
Med.
E-Cidade 2.3.52 Directory Traversal
28.08.2016
vesp3r
Med.
WordPress 4.5.3 Core Ajax Handlers Path Traversal
22.08.2016
sumofpwn
Med.
Lepton CMS 2.2.0 / 2.2.1 Directory Traversal
17.08.2016
hyp3rlinx
Low
WebNMS Framework 5.2 SP1 Traversal / Weak Obfuscation / User Impersonation
10.08.2016
agileinfosec
Med.
PHP Power Browse 1.2 Path Traversal
06.08.2016
Manuel Mancera
Med.
Atutor 2.2.1 Path Traversal
04.08.2016
High-Tech Bridge Secur...
Med.
Avaya VOSS 4.1.0.0 SPB Traffic Traversal
28.07.2016
Dragan
Med.
PHP File Vault 0.9 Directory Traversal / File Read
26.07.2016
N_A
Med.
SAP NetWeaver AS JAVA 7.5 Directory Traversal
18.06.2016
Vahagn Vardanyan
Med.
jbFileManager Path Traversal
17.06.2016
HaHwul
Med.
Gemalto Sentinel License Manager 18.0.1 Directory Traversal
17.06.2016
Gjoko 'LiquidWorm' Krs...
Med.
SAP MII 15.0 Directory Traversal
17.05.2016
Dmitry Chastuhin
Med.
OXID eShop Path Traversal Vulnerability
05.05.2016
LSE
Med.
OXID eShop CE 4.9.7 Path Traversal / Privilege Escalation
04.05.2016
Tim Herres
High
Ovidentia Troubletickets 7.6 Remote File Inclusion
13.04.2016
bd0rk
Med.
DotCMS 3.5 Beta Directory Traversal
12.04.2016
Piaox From Pingan Prod...
Med.
Apache OpenMeetings 3.1.0 Path Traversal
31.03.2016
Andreas Lindh
High
ATutor 2.2.1 Directory Traversal / Remote Code Execution
30.03.2016
mr_me
Med.
WordPress eBook Download 1.1 Directory Traversal
22.03.2016
Wadeek
Med.
WordPress Import CSV 1.1 Directory Traversal
22.03.2016
Wadeek
Med.
Apache Tomcat 8.0.26 Limited Directory Traversal
23.02.2016
Apache Tomcat security...
High
SIMOGEO FileManager 2.3.0 Path Traversal
12.02.2016
HaHwul
High
File Replication Pro 7.2.0 Command Execution / File Disclosure / Traversal
12.02.2016
Jerold Hoong
High
D-Link DVG-N5402SP Path Traversal / Information Disclosure
05.02.2016
Karn Ganeshen
Med.
Roundcube 1.1.3 Path Traversal
15.01.2016
High-Tech Bridge Secur...
Med.
PFSense 2.2.5 Directory Traversal
19.12.2015
R-73eN
High
Ovidentia absences 2.64 Remote File Inclusion
16.12.2015
bd0rk
High
Ovidentia bulletindoc 2.9 Remote File Inclusion
16.12.2015
bd0rk
Med.
Polycom VVX-Series Path Traversal
15.12.2015
Jake Reynolds
Med.
4images 1.7.11 Path Traversal
14.12.2015
Tim Coen
Med.
bitrix.scan Bitrix 1.0.3 Path Traversal
11.12.2015
High-Tech Bridge Secur...
High
YesWiki 1 / 2 File Upload / Directory Traversal
09.12.2015
indoushka
High
WordPress Squirrel Theme 1.6.4 Remote File Inclusion
09.12.2015
indoushka
Med.
Awesome Media Gallery 1.0 Directory Traversal
08.12.2015
indoushka
High
WordPress Gwolle Guestbook 1.5.3 Remote File Inclusion
03.12.2015
High-Tech Bridge Secur...
Low
XCart 5.2.6 Path Traversal
17.11.2015
Curesec
High
D-Link DIR-825 Buffer Overflow / Directory Traversal
17.11.2015
Samuel Huntley
High
AlegroCart 1.2.8 Local / Remote File Inclusion
16.11.2015
Curesec
Med.
ClipperCMS 1.3.0 Path Traversal
16.11.2015
Curesec
Med.
YESWIKI 0.2 Path Traversal
11.11.2015
HaHwul
Med.
Pligg CMS 2.0.2 Directory Traversal
31.10.2015
Tim Coen
Med.
Belkin Router N150 Path Traversal
20.10.2015
Rahul Pratap Singh
Med.
ElasticSearch Snapshot API Directory Traversal
16.10.2015
Multiple
Med.
F5 BigIP 10.2.4 Build 595.0 HF3 Path Traversal
13.10.2015
Karn Ganeshen
High
WordPress Font 7.5 Path Traversal
13.10.2015
David Moore
Med.
WordPress Easy2Map 1.2.9 Local File Inclusion / Directory Traversal
06.10.2015
Ibéria Medeiros
Med.
RSA OneStep 6.9 Path Traversal
30.09.2015
RSA Customer Support
High
Kirby CMS 2.1.0 Authentication Bypass / Traversal
18.09.2015
Dawid Golunski
High
Openfire 3.10.2 Remote File Inclusion
15.09.2015
hyp3rlinx
Med.
Elasticsearch 1.6.0 Directory Traversal
17.07.2015
Benjamin Smith
Med.
Pimcore CMS Build 3450 Directory Traversal
15.07.2015
Josh Foote
High
AjaxControlToolkit File Upload Directory Traversal
15.07.2015
Brian Cardinale
Med.
Simple Online Planning Tool 1.3.2 XSS / SQL Injection / Traversal
13.07.2015
Huy-Ngoc DAU
Med.
ZenPhoto 1.4.8 XSS / SQL Injection / Traversal
13.07.2015
Tim Coen
Low
Polycom RealPresence Resource Manager (RPRM) Disclosure / Traversal
27.06.2015
SEC
Med.
EMC Documentum Thumbnail Server Directory Traversal
24.06.2015
EMC
High
ManageEngine SupportCenter Plus 7.90 - Multiple Vulnerabilities
20.06.2015
Vulnerability Lab
Med.
Wonder CMS 0.6-Beta File Inclusion / Traversal / Disclosure
19.06.2015
indoushka
High
Audio Share 2.0.2 Cross Site Scripting / Remote File Inclusion
18.06.2015
indoushka
Med.
Bonita BPM 6.5.1 Directory Traversal / Open Redirect
10.06.2015
High-Tech Bridge Secur...
Med.
Logstash 1.4.2 Directory Traversal
10.06.2015
Colin Coghill
Low
SQLBuddy 1.3.3 Path Traversal
15.05.2015
John Page


CVEMAP Search Results

CVE
Details
Description
2017-12-01
Medium
CVE-2017-15607

Updating...
 

 
Inedo Otter before 1.7.4 has directory traversal in filesystem-based rafts via vectors involving '/' characters or initial '.' characters, aka OT-181.

 
2017-11-29
Medium
CVE-2017-17058

Vendor: Automattic
Software: Woocommerce
 

 
The WooCommerce plugin through 3.x for WordPress has a Directory Traversal Vulnerability via a /wp-content/plugins/woocommerce/templates/emails/plain/ URI, which accesses a parent directory.

 
Medium
CVE-2017-14196

Vendor: Squiz
Software: Matrix
 

 
An issue was discovered in Squiz Matrix from 5.3 through to 5.3.6.1 and 5.4.1.3. An information disclosure caused by a Path Traversal issue in the 'File Bridge' plugin allowed the existence of files outside of the bridged path to be confirmed.

 
2017-11-27
Low
CVE-2017-16959

Vendor: Tp-link
Software: Tl-er3210g f...
 

 
The locale feature in cgi-bin/luci on TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allows remote authenticated users to test for the existence of arbitrary files by making an operation=write;locale=%0d request, and then making an operation=read request with a crafted Accept-Language HTTP header, related to the set_sysinfo and get_sysinfo functions in /usr/lib/lua/luci/controller/locale.lua in uhttpd.

 
2017-11-24
Low
CVE-2017-16936

Vendor: Tenda
Software: Ac15 firmware
 

 
Directory Traversal vulnerability in app_data_center on Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01, Ac9 ac9_kf_V15.03.05.19(6318_)_cn, Ac15 US_AC15V1.0BR_V15.03.05.18_multi_TD01, Ac15 US_AC15V1.0BR_V15.03.05.19_multi_TD01, Ac18 US_AC18V1.0BR_V15.03.05.05_multi_TD01, and Ac18 ac18_kf_V15.03.05.19(6318_)_cn devices allows remote unauthenticated attackers to read arbitrary files via a cgi-bin/luci/request?op=1&path= URI that uses directory traversal sequences after a /usb/ substring.

 
2017-11-22
Medium
CVE-2017-2693

Vendor: Huawei
Software: G8 firmware
 

 
ALE-L02C635B140 and earlier versions,ALE-L02C636B140 and earlier versions,ALE-L21C10B150 and earlier versions,ALE-L21C185B200 and earlier versions,ALE-L21C432B214 and earlier versions,ALE-L21C464B150 and earlier versions,ALE-L21C636B200 and earlier versions,ALE-L23C605B190 and earlier versions,ALE-TL00C01B250 and earlier versions,ALE-UL00C00B250 and earlier versions,MT7-L09C605B325 and earlier versions,MT7-L09C900B339 and earlier versions,MT7-TL10C900B339 and earlier versions,CRR-CL00C92B172 and earlier versions,CRR-L09C432B180 and earlier versions,CRR-TL00C01B172 and earlier versions,CRR-UL00C00B172 and earlier versions,CRR-UL20C432B171 and earlier versions,GRA-CL00C92B230 and earlier versions,GRA-L09C432B222 and earlier versions,GRA-TL00C01B230SP01 and earlier versions,GRA-UL00C00B230 and earlier versions,GRA-UL00C10B201 and earlier versions,GRA-UL00C432B220 and earlier versions,H60-L04C10B523 and earlier versions,H60-L04C185B523 and earlier versions,H60-L04C636B527 and earlier versions,H60-L04C900B530 and earlier versions,PLK-AL10C00B220 and earlier versions,PLK-AL10C92B220 and earlier versions,PLK-CL00C92B220 and earlier versions,PLK-L01C10B140 and earlier versions,PLK-L01C185B130 and earlier versions,PLK-L01C432B187 and earlier versions,PLK-L01C432B190 and earlier versions,PLK-L01C432B190 and earlier versions,PLK-L01C636B130 and earlier versions,PLK-TL00C01B220 and earlier versions,PLK-TL01HC01B220 and earlier versions,PLK-UL00C17B220 and earlier versions,ATH-AL00C00B210 and earlier versions,ATH-AL00C92B200 and earlier versions,ATH-CL00C92B210 and earlier versions,ATH-TL00C01B210 and earlier versions,ATH-TL00HC01B210 and earlier versions,ATH-UL00C00B210 and earlier versions,RIO-AL00C00B220 and earlier versions,RIO-CL00C92B220 and earlier versions,RIO-TL00C01B220 and earlier versions,RIO-UL00C00B220 and earlier versions have a path traversal vulnerability. An attacker may exploit it to decompress malicious files into a target path.

 
Low
CVE-2017-2695

Vendor: Huawei
Software: Tit-al00 fir...
 

 
TIT-AL00C583B211 has a directory traversal vulnerability which allows an attacker to obtain the files in email application.

 
Medium
CVE-2017-2706

Vendor: Huawei
Software: Mate 9 firmware
 

 
Mate 9 smartphones with software MHA-AL00AC00B125 have a directory traversal vulnerability in Push module. Since the system does not verify the file name during decompression, system directories are traversed. It could be exploited to cause the attacker to replace files and impact the service.

 
Low
CVE-2017-8189

Vendor: Huawei
Software: Fusionsphere...
 

 
FusionSphere OpenStack V100R006C00SPC102(NFV)has a path traversal vulnerability. Due to insufficient path validation, an attacker with high privilege may exploit this vulnerability to cover some files, causing services abnormal.

 
2017-11-20
Medium
CVE-2017-16903

Vendor: Lvyecms project
Software: Lvyecms
 

 
LvyeCMS through 3.1 allows remote attackers to upload and execute arbitrary PHP code via directory traversal sequences in the dir parameter, in conjunction with PHP code in the content parameter, within a template Style add request to index.php.

 

 


Copyright 2017, cxsecurity.com

 

Back to Top