Filtered by CWE-22
Total 9382 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2011-5325 3 Busybox, Canonical, Debian 3 Busybox, Ubuntu Linux, Debian Linux 2025-04-20 7.5 High
Directory traversal vulnerability in the BusyBox implementation of tar before 1.22.0 v5 allows remote attackers to point to files outside the current working directory via a symlink.
CVE-2017-9067 2 Modx, Php 2 Modx Revolution, Php 2025-04-20 N/A
In MODX Revolution before 2.5.7, when PHP 5.3.3 is used, an attacker is able to include and execute arbitrary files on the web server due to insufficient validation of the action parameter to setup/index.php, aka directory traversal.
CVE-2017-15276 1 Opentext 1 Documentum Content Server 2025-04-20 N/A
OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Server allows uploading content using batches (TAR archives). When unpacking TAR archives, Content Server fails to verify the contents of an archive, which causes a path traversal vulnerability via symlinks. Because some files on the Content Server filesystem are security-sensitive, this leads to privilege escalation.
CVE-2017-10665 1 Phpgrid 1 Phpgrid 2025-04-20 N/A
Directory traversal vulnerability in ajaxfileupload.php in Kayson Group Ltd. phpGrid before 7.2.5 allows remote attackers to execute arbitrary code by uploading a crafted file with a .. (dot dot) in the file name.
CVE-2017-0901 4 Canonical, Debian, Redhat and 1 more 11 Ubuntu Linux, Debian Linux, Enterprise Linux and 8 more 2025-04-20 N/A
RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem.
CVE-2017-11630 1 Fiyo 1 Fiyo Cms 2025-04-20 N/A
dapur\apps\app_config\controller\backuper.php in Fiyo CMS 2.0.7 allows remote attackers to delete arbitrary files via directory traversal sequences in the file parameter in a type=database request, a different vulnerability than CVE-2017-8853.
CVE-2017-11500 1 Metinfo 1 Metinfo 2025-04-20 7.5 High
A directory traversal vulnerability exists in MetInfo 5.3.17. A remote attacker can use ..\ to delete any .zip file via the filenames parameter to /admin/system/database/filedown.php.
CVE-2017-10841 1 Webcalendar Project 1 Webcalendar 2025-04-20 N/A
Directory traversal vulnerability in WebCalendar 1.2.7 and earlier allows authenticated attackers to read arbitrary files via unspecified vectors.
CVE-2017-10834 1 Nippon-antenna 2 Scr02hd, Scr02hd Firmware 2025-04-20 N/A
Directory traversal vulnerability in "Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier allows authenticated attackers to read arbitrary files via unspecified vectors.
CVE-2017-11469 1 Idera 1 Uptime Infrastructure Monitor 2025-04-20 N/A
get2post.php in IDERA Uptime Monitor 7.8 has directory traversal in the file_name parameter.
CVE-2017-15607 1 Inedo 1 Otter 2025-04-20 N/A
Inedo Otter before 1.7.4 has directory traversal in filesystem-based rafts via vectors involving '/' characters or initial '.' characters, aka OT-181.
CVE-2017-15805 1 Cisco 4 Small Business Sa520, Small Business Sa520 Firmware, Small Business Sa540 and 1 more 2025-04-20 N/A
Cisco Small Business SA520 and SA540 devices with firmware 2.1.71 and 2.2.0.7 allow ../ directory traversal in scgi-bin/platform.cgi via the thispage parameter, for reading arbitrary files.
CVE-2017-15895 1 Synology 1 Router Manager 2025-04-20 N/A
Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology Router Manager (SRM) before 1.1.5-6542-4 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter.
CVE-2017-10940 1 Joyent 1 Triton Datacenter 2025-04-20 N/A
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Joyent Smart Data Center prior to agentsshar@1.0.0-release-20160901-20160901T051624Z-g3fd5adf (e469cf49-4de3-4658-8419-ab42837916ad). An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the docker API. The process does not properly validate user-supplied data which can allow for the upload of arbitrary files. An attacker can leverage this vulnerability to execute arbitrary code under the context of root. Was ZDI-CAN-3853.
CVE-2017-1000115 3 Debian, Mercurial, Redhat 9 Debian Linux, Mercurial, Enterprise Linux and 6 more 2025-04-20 N/A
Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the repository
CVE-2017-16759 1 Librenms 1 Librenms 2025-04-20 N/A
The installation process in LibreNMS before 2017-08-18 allows remote attackers to read arbitrary files, related to html/install.php.
CVE-2016-5725 3 Jcraft, Microsoft, Redhat 4 Jsch, Windows, Jboss Amq and 1 more 2025-04-20 N/A
Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a ..\ (dot dot backslash) in a response to a recursive GET command.
CVE-2016-9339 1 Macgregor 2 Interschalt Vdr G4e, Interschalt Vdr G4e Firmware 2025-04-20 5.3 Medium
An issue was discovered in INTERSCHALT Maritime Systems VDR G4e Versions 5.220 and prior. External input is used to construct paths to files and directories without properly neutralizing special elements within the pathname that could allow an attacker to read files on the system, a Path Traversal.
CVE-2017-16762 1 Sanic Project 1 Sanic 2025-04-20 N/A
Sanic before 0.5.1 allows reading arbitrary files with directory traversal, as demonstrated by the /static/..%2f substring.
CVE-2015-5248 1 Redhat 1 Feedhenry Enterprise Mobile Application Platform 2025-04-20 N/A
Reflected file download vulnerability in Red Hat Feedhenry Enterprise Mobile Application Platform.