Filtered by CWE-22
Total 9381 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2016-7569 1 Docker2aci Project 1 Docker2aci 2025-04-20 N/A
Directory traversal vulnerability in docker2aci before 0.13.0 allows remote attackers to write to arbitrary files via a .. (dot dot) in the embedded layer data in an image.
CVE-2016-7825 1 Buffalotech 2 Wnc01wh, Wnc01wh Firmware 2025-04-20 N/A
Directory traversal vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to read arbitrary files via specially crafted commands.
CVE-2016-8205 1 Brocade 1 Network Advisor 2025-04-20 N/A
A Directory Traversal vulnerability in DashboardFileReceiveServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to upload a malicious file in a section of the file system where it can be executed.
CVE-2016-8206 1 Brocade 1 Network Advisor 2025-04-20 N/A
A Directory Traversal vulnerability in servlet SoftwareImageUpload in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to write to arbitrary files, and consequently delete the files.
CVE-2016-9351 1 Advantech 1 Susiaccess 2025-04-20 N/A
An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. The directory traversal/file upload error allows an attacker to upload and unpack a zip file.
CVE-2016-4314 1 Wso2 1 Carbon 2025-04-20 N/A
Directory traversal vulnerability in the LogViewer Admin Service in WSO2 Carbon 4.4.5 allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the logFile parameter to downloadgz-ajaxprocessor.jsp.
CVE-2017-15895 1 Synology 1 Router Manager 2025-04-20 N/A
Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology Router Manager (SRM) before 1.1.5-6542-4 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter.
CVE-2017-11511 1 Manageengine 1 Servicedesk 2025-04-20 N/A
The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the filepath parameter for the download-file URL. An unauthenticated remote attacker can use this vulnerability to download arbitrary files.
CVE-2017-15309 1 Huawei 1 Ireader 2025-04-20 N/A
Huawei iReader app before 8.0.2.301 has a path traversal vulnerability due to insufficient validation on file storage paths. An attacker can exploit this vulnerability to store downloaded malicious files in an arbitrary directory.
CVE-2017-2119 1 Wbce 1 Wbce Cms 2025-04-20 N/A
Directory traversal vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2017-2240 2 Apple, Hammock 2 Mac Os X, Assetview 2025-04-20 N/A
Directory traversal vulnerability in AssetView for MacOS Ver.9.2.0 and earlier versions allows remote attackers to read arbitrary files via "File Transfer Web Service".
CVE-2017-5231 1 Rapid7 1 Metasploit 2025-04-20 N/A
All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter stdapi CommandDispatcher.cmd_download() function. By using a specially-crafted build of Meterpreter, it is possible to write to an arbitrary directory on the Metasploit console with the permissions of the running Metasploit instance.
CVE-2017-6652 1 Cisco 1 Telepresence Ix5000 2025-04-20 N/A
A vulnerability in the web framework of the Cisco TelePresence IX5000 Series could allow an unauthenticated, remote attacker to access arbitrary files on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by using directory traversal techniques to read files within the Cisco TelePresence IX5000 Series filesystem. This vulnerability affects Cisco TelePresence IX5000 Series devices running software version 8.2.0. Cisco Bug IDs: CSCvc52325.
CVE-2017-8104 1 Mybb 1 Mybb 2025-04-20 N/A
In MyBB before 1.8.11, the smilie module allows Directory Traversal via the pathfolder parameter.
CVE-2017-9846 1 Magicwinmail 1 Winmail Server 2025-04-20 8.8 High
Winmail Server 6.1 allows remote code execution by authenticated users who leverage directory traversal in a netdisk.php move_folder_file call to move a .php file from the FTP folder into a web folder.
CVE-2017-9416 1 Odoo 1 Odoo 2025-04-20 N/A
Directory traversal vulnerability in tools.file_open in Odoo 8.0, 9.0, and 10.0 allows remote authenticated users to read arbitrary local files readable by the Odoo service.
CVE-2017-15079 1 Wpmudev 1 Smush Image Compression And Optimization 2025-04-20 N/A
The Smush Image Compression and Optimization plugin before 2.7.6 for WordPress allows directory traversal.
CVE-2017-5869 1 Nuxeo 1 Nuxeo 2025-04-20 N/A
Directory traversal vulnerability in the file import feature in Nuxeo Platform 6.0, 7.1, 7.2, and 7.3 allows remote authenticated users to upload and execute arbitrary JSP code via a .. (dot dot) in the X-File-Name header.
CVE-2017-1000115 3 Debian, Mercurial, Redhat 9 Debian Linux, Mercurial, Enterprise Linux and 6 more 2025-04-20 N/A
Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the repository
CVE-2017-2245 1 Getshortcodes 1 Shortcodes Ultimate 2025-04-20 5.0 Medium
Directory traversal vulnerability in Shortcodes Ultimate prior to version 4.10.0 allows remote attackers to read arbitrary files via unspecified vectors.