Filtered by CWE-22
Total 9381 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2016-10184 1 Dlink 2 Dwr-932b, Dwr-932b Firmware 2025-04-20 7.5 High
An issue was discovered on the D-Link DWR-932B router. qmiweb allows file reading with ..%2f traversal.
CVE-2016-10183 1 Dlink 2 Dwr-932b, Dwr-932b Firmware 2025-04-20 7.5 High
An issue was discovered on the D-Link DWR-932B router. qmiweb allows directory listing with ../ traversal.
CVE-2015-7780 1 Zohocorp 1 Manageengine Firewall Analyzer 2025-04-20 N/A
Directory traversal vulnerability in ManageEngine Firewall Analyzer before 8.0.
CVE-2016-6126 1 Ibm 1 Kenexa Lms On Cloud 2025-04-20 N/A
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.
CVE-2017-8314 2 Debian, Kodi 2 Debian Linux, Kodi 2025-04-20 N/A
Directory Traversal in Zip Extraction built-in function in Kodi 17.1 and earlier allows arbitrary file write on disk via a Zip file as subtitles.
CVE-2017-15359 1 3cx 1 3cx 2025-04-20 N/A
In the 3CX Phone System 15.5.3554.1, the Management Console typically listens to port 5001 and is prone to a directory traversal attack: "/api/RecordingList/DownloadRecord?file=" and "/api/SupportInfo?file=" are the vulnerable parameters. An attacker must be authenticated to exploit this issue to access sensitive information to aid in subsequent attacks.
CVE-2016-6269 1 Trendmicro 1 Smart Protection Server 2025-04-20 9.1 Critical
Multiple directory traversal vulnerabilities in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allow remote attackers to read and delete arbitrary files via the tmpfname parameter to (1) log_mgt_adhocquery_ajaxhandler.php, (2) log_mgt_ajaxhandler.php, (3) log_mgt_ajaxhandler.php or (4) tf parameter to wcs_bwlists_handler.php.
CVE-2017-1000028 1 Oracle 1 Glassfish Server 2025-04-20 N/A
Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Traversal vulnerability, that can be exploited by issuing a specially crafted HTTP GET request.
CVE-2017-10933 1 Zte 2 Zxdt22 Sf01, Zxdt22 Sf01 Firmware 2025-04-20 N/A
All versions prior to V2.06.00.00 of ZTE ZXDT22 SF01, an monitoring system of ZTE energy product, are impacted by directory traversal vulnerability that allows remote attackers to read arbitrary files on the system via a full path name after host address.
CVE-2017-7693 1 Riverbed 1 Opnet App Response Xpert 2025-04-20 N/A
Directory traversal vulnerability in viewer_script.jsp in Riverbed OPNET App Response Xpert (ARX) version 9.6.1 allows remote authenticated users to inject arbitrary commands to read OS files.
CVE-2017-7358 2 Canonical, Lightdm Project 2 Ubuntu Linux, Lightdm 2025-04-20 N/A
In LightDM through 1.22.0, a directory traversal issue in debian/guest-account.sh allows local attackers to own arbitrary directory path locations and escalate privileges to root when the guest user logs out.
CVE-2017-3980 1 Mcafee 1 Epolicy Orchestrator 2025-04-20 N/A
A directory traversal vulnerability in the ePO Extension in McAfee ePolicy Orchestrator (ePO) 5.9.0, 5.3.2, and 5.1.3 and earlier allows remote authenticated users to execute a command of their choice via an authenticated ePO session.
CVE-2017-9833 1 Boa 1 Boa 2025-04-20 7.5 High
/cgi-bin/wapopen in Boa 0.94.14rc21 allows the injection of "../.." using the FILECAMERA variable (sent by GET) to read files with root privileges. NOTE: multiple third parties report that this is a system-integrator issue (e.g., a vulnerability on one type of camera) because Boa does not include any wapopen program or any code to read a FILECAMERA variable.
CVE-2017-7424 1 Microfocus 2 Enterprise Developer, Enterprise Server 2025-04-20 N/A
A Path Traversal (CWE-22) vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote authenticated users to download arbitrary files from a system running the product, if this component is configured. Note esfadmingui is not enabled by default.
CVE-2017-14196 1 Squiz 1 Matrix 2025-04-20 N/A
An issue was discovered in Squiz Matrix from 5.3 through to 5.3.6.1 and 5.4.1.3. An information disclosure caused by a Path Traversal issue in the 'File Bridge' plugin allowed the existence of files outside of the bridged path to be confirmed.
CVE-2017-6652 1 Cisco 1 Telepresence Ix5000 2025-04-20 N/A
A vulnerability in the web framework of the Cisco TelePresence IX5000 Series could allow an unauthenticated, remote attacker to access arbitrary files on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by using directory traversal techniques to read files within the Cisco TelePresence IX5000 Series filesystem. This vulnerability affects Cisco TelePresence IX5000 Series devices running software version 8.2.0. Cisco Bug IDs: CSCvc52325.
CVE-2017-5163 1 Belden Hirschmann 2 Gecko Lite Managed Switch, Gecko Lite Managed Switch Firmware 2025-04-20 N/A
An issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. After an administrator downloads a configuration file, a copy of the configuration file, which includes hashes of user passwords, is saved to a location that is accessible without authentication by path traversal.
CVE-2017-10993 1 Contao 1 Contao Cms 2025-04-20 N/A
Contao before 3.5.28 and 4.x before 4.4.1 allows remote attackers to include and execute arbitrary local PHP files via a crafted parameter in a URL, aka Directory Traversal.
CVE-2017-2150 1 Booking Calendar Project 1 Booking Calendar 2025-04-20 N/A
Directory traversal vulnerability in Booking Calendar version 7.0 and earlier allows remote attackers to read arbitrary files via specially crafted captcha_chalange parameter.
CVE-2017-17715 1 Telegram 1 Telegram Messenger 2025-04-20 N/A
The saveFile method in MediaController.java in the Telegram Messenger application before 2017-12-08 for Android allows directory traversal via a pathname obtained in a file-transfer request from a remote peer, as demonstrated by writing to tgnet.dat or tgnet.dat.bak.