Total
8047 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-11723 | 1 Xinha | 1 Xinha | 2025-04-20 | N/A |
| Directory traversal vulnerability in plugins/ImageManager/backend.php in Xinha 0.96, as used in Jojo 4.4.0, allows remote attackers to delete any folder via directory traversal sequences in the deld parameter. | ||||
| CVE-2017-11630 | 1 Fiyo | 1 Fiyo Cms | 2025-04-20 | N/A |
| dapur\apps\app_config\controller\backuper.php in Fiyo CMS 2.0.7 allows remote attackers to delete arbitrary files via directory traversal sequences in the file parameter in a type=database request, a different vulnerability than CVE-2017-8853. | ||||
| CVE-2017-11589 | 1 Cisco | 2 Residential Gateway, Residential Gateway Firmware | 2025-04-20 | N/A |
| On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00.00.03.45.4E and DDR2201v1 ADSL2+ Residential Gateway DDR2201v1-NA-AnnexA-FCC-V00.00.03.28.3 devices, there is no access control for info.html, wancfg.cmd, rtroutecfg.cmd, arpview.cmd, cpuview.cmd, memoryview.cmd, statswan.cmd, statsatm.cmd, scsrvcntr.cmd, scacccntr.cmd, logview.cmd, voicesipview.cmd, usbview.cmd, wlmacflt.cmd, wlwds.cmd, wlstationlist.cmd, HPNAShow.cmd, HPNAView.cmd, qoscls.cmd, qosqueue.cmd, portmap.cmd, scmacflt.cmd, scinflt.cmd, scoutflt.cmd, certlocal.cmd, or certca.cmd. | ||||
| CVE-2017-11511 | 1 Manageengine | 1 Servicedesk | 2025-04-20 | N/A |
| The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the filepath parameter for the download-file URL. An unauthenticated remote attacker can use this vulnerability to download arbitrary files. | ||||
| CVE-2017-11512 | 1 Manageengine | 1 Servicedesk | 2025-04-20 | N/A |
| The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the name parameter for the download-snapshot URL. An unauthenticated remote attacker can use this vulnerability to download arbitrary files. | ||||
| CVE-2017-11500 | 1 Metinfo | 1 Metinfo | 2025-04-20 | 7.5 High |
| A directory traversal vulnerability exists in MetInfo 5.3.17. A remote attacker can use ..\ to delete any .zip file via the filenames parameter to /admin/system/database/filedown.php. | ||||
| CVE-2017-11469 | 1 Idera | 1 Uptime Infrastructure Monitor | 2025-04-20 | N/A |
| get2post.php in IDERA Uptime Monitor 7.8 has directory traversal in the file_name parameter. | ||||
| CVE-2017-11456 | 1 Geneko | 8 Gwr202 Gprs Router, Gwr202 Gprs Router Firmware, Gwr252 Edge Router and 5 more | 2025-04-20 | N/A |
| Geneko GWR routers allow directory traversal sequences starting with a /../ substring, as demonstrated by unauthenticated read access to the configuration file. | ||||
| CVE-2017-11440 | 1 Sitecore | 1 Cms | 2025-04-20 | N/A |
| In Sitecore 8.2, there is absolute path traversal via the shell/Applications/Layouts/IDE.aspx fi parameter and the admin/LinqScratchPad.aspx Reference parameter. | ||||
| CVE-2017-11389 | 1 Trendmicro | 1 Control Manager | 2025-04-20 | N/A |
| Directory traversal vulnerability in Trend Micro Control Manager 6.0 allows remote code execution by attackers able to drop arbitrary files in a web-facing directory. Formerly ZDI-CAN-4684. | ||||
| CVE-2017-11152 | 1 Synology | 1 Photo Station | 2025-04-20 | N/A |
| Directory traversal vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to write arbitrary files via the path parameter. | ||||
| CVE-2017-10949 | 1 Dell | 1 Storage Manager 2016 | 2025-04-20 | N/A |
| Directory Traversal in Dell Storage Manager 2016 R2.1 causes Information Disclosure when the doGet method of the EmWebsiteServlet class doesn't properly validate user provided path before using it in file operations. Was ZDI-CAN-4459. | ||||
| CVE-2017-10933 | 1 Zte | 2 Zxdt22 Sf01, Zxdt22 Sf01 Firmware | 2025-04-20 | N/A |
| All versions prior to V2.06.00.00 of ZTE ZXDT22 SF01, an monitoring system of ZTE energy product, are impacted by directory traversal vulnerability that allows remote attackers to read arbitrary files on the system via a full path name after host address. | ||||
| CVE-2017-10931 | 1 Zte | 8 Zxr10 160, Zxr10 160 Firmware, Zxr10 1800-2s and 5 more | 2025-04-20 | 7.5 High |
| The ZXR10 1800-2S before v3.00.40 incorrectly restricts the download of the file directory range for WEB users, resulting in the ability to download any files and cause information leaks such as system configuration. | ||||
| CVE-2017-10907 | 1 Spiqe | 1 Onethird Cms Show Off | 2025-04-20 | N/A |
| Directory traversal vulnerability in OneThird CMS Show Off v1.85 and earlier. Show Off v1.85 en and earlier allows an attacker to read arbitrary files via unspecified vectors. | ||||
| CVE-2017-10861 | 1 Qualitysoft | 1 Qnd Advance\/standard | 2025-04-20 | N/A |
| Directory traversal vulnerability in QND Advance/Standard allows an attacker to read arbitrary files via a specially crafted command. | ||||
| CVE-2017-10841 | 1 Webcalendar Project | 1 Webcalendar | 2025-04-20 | N/A |
| Directory traversal vulnerability in WebCalendar 1.2.7 and earlier allows authenticated attackers to read arbitrary files via unspecified vectors. | ||||
| CVE-2017-16762 | 1 Sanic Project | 1 Sanic | 2025-04-20 | N/A |
| Sanic before 0.5.1 allows reading arbitrary files with directory traversal, as demonstrated by the /static/..%2f substring. | ||||
| CVE-2017-10834 | 1 Nippon-antenna | 2 Scr02hd, Scr02hd Firmware | 2025-04-20 | N/A |
| Directory traversal vulnerability in "Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier allows authenticated attackers to read arbitrary files via unspecified vectors. | ||||
| CVE-2017-5982 | 1 Kodi | 1 Kodi | 2025-04-20 | N/A |
| Directory traversal vulnerability in the Chorus2 2.4.2 add-on for Kodi allows remote attackers to read arbitrary files via a %2E%2E%252e (encoded dot dot slash) in the image path, as demonstrated by image/image%3A%2F%2F%2e%2e%252fetc%252fpasswd. | ||||