Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2015-8352

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-24 Aug, 2017 | 21:00
Updated At-06 Aug, 2024 | 08:13
Rejected At-
Credits

Directory traversal vulnerability in Zen Cart 1.5.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the act parameter to ajax.php.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:24 Aug, 2017 | 21:00
Updated At:06 Aug, 2024 | 08:13
Rejected At:
▼CVE Numbering Authority (CNA)

Directory traversal vulnerability in Zen Cart 1.5.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the act parameter to ajax.php.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.htbridge.com/advisory/HTB23282
x_refsource_MISC
https://www.exploit-db.com/exploits/39017/
exploit
x_refsource_EXPLOIT-DB
http://www.securityfocus.com/archive/1/537129/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
https://www.zen-cart.com/showthread.php?218914-Security-Patches-for-v1-5-4-November-2015
x_refsource_CONFIRM
Hyperlink: https://www.htbridge.com/advisory/HTB23282
Resource:
x_refsource_MISC
Hyperlink: https://www.exploit-db.com/exploits/39017/
Resource:
exploit
x_refsource_EXPLOIT-DB
Hyperlink: http://www.securityfocus.com/archive/1/537129/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: https://www.zen-cart.com/showthread.php?218914-Security-Patches-for-v1-5-4-November-2015
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.htbridge.com/advisory/HTB23282
x_refsource_MISC
x_transferred
https://www.exploit-db.com/exploits/39017/
exploit
x_refsource_EXPLOIT-DB
x_transferred
http://www.securityfocus.com/archive/1/537129/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
https://www.zen-cart.com/showthread.php?218914-Security-Patches-for-v1-5-4-November-2015
x_refsource_CONFIRM
x_transferred
Hyperlink: https://www.htbridge.com/advisory/HTB23282
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://www.exploit-db.com/exploits/39017/
Resource:
exploit
x_refsource_EXPLOIT-DB
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/537129/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: https://www.zen-cart.com/showthread.php?218914-Security-Patches-for-v1-5-4-November-2015
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:24 Aug, 2017 | 21:29
Updated At:20 Apr, 2025 | 01:37

Directory traversal vulnerability in Zen Cart 1.5.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the act parameter to ajax.php.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.09.8CRITICAL
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary2.010.0HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
Type: Primary
Version: 3.0
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 10.0
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
CPE Matches

zen-cart
zen-cart
>>zen_cart>>1.5.4
cpe:2.3:a:zen-cart:zen_cart:1.5.4:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-22Primarynvd@nist.gov
CWE ID: CWE-22
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://www.securityfocus.com/archive/1/537129/100/0/threadedcve@mitre.org
Exploit
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/39017/cve@mitre.org
Exploit
Third Party Advisory
VDB Entry
https://www.htbridge.com/advisory/HTB23282cve@mitre.org
Exploit
Patch
Technical Description
Third Party Advisory
https://www.zen-cart.com/showthread.php?218914-Security-Patches-for-v1-5-4-November-2015cve@mitre.org
Patch
Release Notes
Vendor Advisory
http://www.securityfocus.com/archive/1/537129/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
Exploit
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/39017/af854a3a-2127-422b-91ae-364da2661108
Exploit
Third Party Advisory
VDB Entry
https://www.htbridge.com/advisory/HTB23282af854a3a-2127-422b-91ae-364da2661108
Exploit
Patch
Technical Description
Third Party Advisory
https://www.zen-cart.com/showthread.php?218914-Security-Patches-for-v1-5-4-November-2015af854a3a-2127-422b-91ae-364da2661108
Patch
Release Notes
Vendor Advisory
Hyperlink: http://www.securityfocus.com/archive/1/537129/100/0/threaded
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
VDB Entry
Hyperlink: https://www.exploit-db.com/exploits/39017/
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
VDB Entry
Hyperlink: https://www.htbridge.com/advisory/HTB23282
Source: cve@mitre.org
Resource:
Exploit
Patch
Technical Description
Third Party Advisory
Hyperlink: https://www.zen-cart.com/showthread.php?218914-Security-Patches-for-v1-5-4-November-2015
Source: cve@mitre.org
Resource:
Patch
Release Notes
Vendor Advisory
Hyperlink: http://www.securityfocus.com/archive/1/537129/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Third Party Advisory
VDB Entry
Hyperlink: https://www.exploit-db.com/exploits/39017/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Third Party Advisory
VDB Entry
Hyperlink: https://www.htbridge.com/advisory/HTB23282
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Patch
Technical Description
Third Party Advisory
Hyperlink: https://www.zen-cart.com/showthread.php?218914-Security-Patches-for-v1-5-4-November-2015
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Release Notes
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

216Records found

CVE-2017-6821
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-5.24% / 89.59%
||
7 Day CHG~0.00%
Published-23 May, 2017 | 03:56
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in Zimbra Collaboration Suite (aka ZCS) before 8.7.6 allows attackers to have unspecified impact via unknown vectors.

Action-Not Available
Vendor-n/aSynacor, Inc.
Product-zimbra_collaboration_suiten/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-40887
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.82% / 73.44%
||
7 Day CHG~0.00%
Published-11 Oct, 2021 | 10:12
Updated-04 Aug, 2024 | 02:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Projectsend version r1295 is affected by a directory traversal vulnerability. Because of lacking sanitization input for files[] parameter, an attacker can add ../ to move all PHP files or any file on the system that has permissions to /upload/files/ folder.

Action-Not Available
Vendor-projectsendn/a
Product-projectsendn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2025-46783
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-9.3||CRITICAL
EPSS-0.10% / 29.21%
||
7 Day CHG~0.00%
Published-13 Jun, 2025 | 08:18
Updated-16 Jun, 2025 | 12:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Path traversal vulnerability exists in RICOH Streamline NX V3 PC Client versions 3.5.0 to 3.242.0. If this vulnerability is exploited, arbitrary code may be executed on the PC where the product is running by tampering with specific files used on the product.

Action-Not Available
Vendor-Ricoh Company, Ltd.
Product-RICOH Streamline NX V3 PC Client
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2017-12815
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||CRITICAL
EPSS-0.52% / 65.86%
||
7 Day CHG~0.00%
Published-26 Mar, 2018 | 21:00
Updated-05 Aug, 2024 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Analysis of the Bomgar Remote Support Portal JavaStart.jar Applet 52790 and earlier revealed that it is vulnerable to a path traversal vulnerability. The archive can be downloaded from a given Bomgar Remote Support Portal deployment at https://domain/api/content/JavaStart.jar and is callable from an arbitrary website using <object> and/or <appletHTML> tags. Successful exploitation results in file creation/modification/deletion in the operating system and with privileges of the user that ran the Java applet.

Action-Not Available
Vendor-bomgarn/a
Product-remote_supportn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2023-40498
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-9.8||CRITICAL
EPSS-87.83% / 99.44%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 02:11
Updated-18 Sep, 2024 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
LG Simple Editor cp Command Directory Traversal Remote Code Execution Vulnerability

LG Simple Editor cp Command Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the cp command implemented in the makeDetailContent method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. . Was ZDI-CAN-19925.

Action-Not Available
Vendor-LG Electronics Inc.
Product-Simple Editorsimple_editor
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2017-11389
Matching Score-4
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-4
Assigner-Trend Micro, Inc.
CVSS Score-9.8||CRITICAL
EPSS-7.67% / 91.54%
||
7 Day CHG~0.00%
Published-02 Aug, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in Trend Micro Control Manager 6.0 allows remote code execution by attackers able to drop arbitrary files in a web-facing directory. Formerly ZDI-CAN-4684.

Action-Not Available
Vendor-n/aTrend Micro Incorporated
Product-control_managern/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2008-0405
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-1.26% / 78.59%
||
7 Day CHG~0.00%
Published-28 Jan, 2008 | 23:00
Updated-07 Aug, 2024 | 07:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple directory traversal vulnerabilities in HTTP File Server (HFS) before 2.2c, when account names are used as log filenames, allow remote attackers to create arbitrary (1) files and (2) directories via a .. (dot dot) in an account name, when requesting the / URI; and (3) append arbitrary data to a file via a .. (dot dot) in an account name, when requesting a URI composed of a "/?%0a" sequence followed by the data.

Action-Not Available
Vendor-hfsn/a
Product-http_file_servern/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2011-4135
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-10.61% / 92.99%
||
7 Day CHG~0.00%
Published-19 Jan, 2012 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple directory traversal vulnerabilities in lmgrd in Flexera FlexNet Publisher 11.10 (aka FlexNet License Server Manager) allow remote attackers to execute arbitrary code via vectors related to save, rename, and load operations on log files. NOTE: this might overlap CVE-2011-1389.

Action-Not Available
Vendor-flexerasoftwaren/a
Product-flexnet_publishern/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2011-2653
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-83.20% / 99.22%
||
7 Day CHG~0.00%
Published-08 Dec, 2011 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in the rtrlet component in Novell ZENworks Asset Management (ZAM) 7.5 allows remote attackers to execute arbitrary code by uploading an executable file.

Action-Not Available
Vendor-n/aNovell
Product-zenworks_asset_managementn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-38197
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.87% / 74.32%
||
7 Day CHG~0.00%
Published-08 Aug, 2021 | 15:18
Updated-04 Aug, 2024 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

unarr.go in go-unarr (aka Go bindings for unarr) 0.1.1 allows Directory Traversal via ../ in a pathname within a TAR archive.

Action-Not Available
Vendor-go-unarr_projectn/a
Product-go-unarrn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2007-6453
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-14.15% / 94.11%
||
7 Day CHG~0.00%
Published-20 Dec, 2007 | 00:00
Updated-07 Aug, 2024 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in raidenhttpd-admin/workspace.php in RaidenHTTPD 2.0.19, when the WebAdmin function is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ulang parameter.

Action-Not Available
Vendor-raiden_professional_serversn/a
Product-raidenhttpdn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2023-32165
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-9.8||CRITICAL
EPSS-34.96% / 96.89%
||
7 Day CHG+1.46%
Published-03 May, 2024 | 01:56
Updated-07 Aug, 2025 | 15:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link D-View TftpReceiveFileHandler Directory Traversal Remote Code Execution Vulnerability

D-Link D-View TftpReceiveFileHandler Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TftpReceiveFileHandler class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-19497.

Action-Not Available
Vendor-D-Link Corporation
Product-d-view_8D-Viewd-view
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2007-5815
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-5.72% / 90.08%
||
7 Day CHG~0.00%
Published-05 Nov, 2007 | 18:00
Updated-07 Aug, 2024 | 15:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Absolute path traversal vulnerability in the WebCacheCleaner ActiveX control 1.3.0.3 in SonicWall SSL-VPN 200 before 2.1, and SSL-VPN 2000/4000 before 2.5, allows remote attackers to delete arbitrary files via a full pathname in the argument to the FileDelete method.

Action-Not Available
Vendor-n/aSonicWall Inc.
Product-ssl_vpn_200ssl_vpn2000\/4000n/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2007-4983
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-18.26% / 94.96%
||
7 Day CHG~0.00%
Published-19 Sep, 2007 | 19:00
Updated-07 Aug, 2024 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in the JetAudio.Interface.1 ActiveX control in JetFlExt.dll in jetAudio 7.0.3 Basic and 7.0.3.3016 allows remote attackers to create or overwrite arbitrary local files via a ..\ (dot dot backslash) in the second argument to the DownloadFromMusicStore method. NOTE: some of these details are obtained from third party information. NOTE: this can be leveraged for code execution by overwriting JetAudio.exe, which is launched by the control after completion of the method call.

Action-Not Available
Vendor-cowon_american/a
Product-jetaudion/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2007-5364
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.37% / 57.93%
||
7 Day CHG~0.00%
Published-11 Oct, 2007 | 01:00
Updated-07 Aug, 2024 | 15:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in payments/ideal_process.php in the iDEAL transaction handler in ViArt Shopping Cart allows remote attackers to have an unknown impact via directory traversal sequences in the filename parameter to the createCertFingerprint function. NOTE: this issue is disputed by CVE because PHP encounters a fatal function-call error on a direct request for payments/ideal_process.php

Action-Not Available
Vendor-viartn/a
Product-shopping_cartn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2014-5007
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-51.61% / 97.81%
||
7 Day CHG~0.00%
Published-17 Jan, 2020 | 21:59
Updated-06 Aug, 2024 | 11:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in the agentLogUploader servlet in ZOHO ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MSP) edition before 9 build 90055 allows remote attackers to write to and execute arbitrary files as SYSTEM via a .. (dot dot) in the filename parameter.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.
Product-manageengine_desktop_centralmanageengine_desktop_central_managed_service_providersn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2007-4982
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-9.35% / 92.45%
||
7 Day CHG~0.00%
Published-19 Sep, 2007 | 18:00
Updated-07 Aug, 2024 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple absolute path traversal vulnerabilities in the MW6QRCode.QRCode.1 ActiveX control in MW6QRCode.dll in MW6 Technologies QRCode ActiveX 3.0.0.1 and earlier allow remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the (1) SaveAsBMP or (2) SaveAsWMF method. NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-mw6_technologiesn/a
Product-qrcode_activexn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2007-5005
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-3.65% / 87.41%
||
7 Day CHG~0.00%
Published-01 Oct, 2007 | 20:00
Updated-07 Aug, 2024 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in rxRPC.dll in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 allows remote attackers to upload and overwrite arbitrary files via a ..\ (dot dot backslash) sequence in the destination filename argument to sub-function 8 in the rxrReceiveFileFromServer command.

Action-Not Available
Vendor-n/aBroadcom Inc.
Product-brightstor_arcserve_backup_laptops_desktopsdesktop_management_suiteprotection_suitesn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2017-12791
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.38% / 79.54%
||
7 Day CHG~0.00%
Published-23 Aug, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.11.7 and 2017.7.x before 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID.

Action-Not Available
Vendor-saltstackn/a
Product-saltn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2017-1000002
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.12% / 83.43%
||
7 Day CHG~0.00%
Published-13 Jul, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ATutor versions 2.2.1 and earlier are vulnerable to a directory traversal and file extension check bypass in the Course component resulting in code execution. ATutor versions 2.2.1 and earlier are vulnerable to a directory traversal vulnerability in the Course Icon component resulting in information disclosure.

Action-Not Available
Vendor-atutorn/a
Product-atutorn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2017-1000501
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-5.92% / 90.27%
||
7 Day CHG~0.00%
Published-03 Jan, 2018 | 15:00
Updated-05 Aug, 2024 | 22:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Awstats version 7.6 and earlier is vulnerable to a path traversal flaw in the handling of the "config" and "migrate" parameters resulting in unauthenticated remote code execution.

Action-Not Available
Vendor-awstatsn/aDebian GNU/Linux
Product-awstatsdebian_linuxn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2006-5487
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-1.70% / 81.53%
||
7 Day CHG~0.00%
Published-10 Nov, 2006 | 22:00
Updated-07 Aug, 2024 | 19:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in Marshal MailMarshal SMTP 5.x, 6.x, and 2006, and MailMarshal for Exchange 5.x, allows remote attackers to write arbitrary files via ".." sequences in filenames in an ARJ compressed archive.

Action-Not Available
Vendor-marshaln/a
Product-mailmarshal_smtpn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2016-6138
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-20.32% / 95.31%
||
7 Day CHG~0.00%
Published-05 Aug, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in SAP TREX 7.10 Revision 63 allows remote attackers to read arbitrary files via unspecified vectors, aka SAP Security Note 2203591.

Action-Not Available
Vendor-n/aSAP SE
Product-trexn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2019-9642
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.02% / 82.99%
||
7 Day CHG~0.00%
Published-05 Jun, 2019 | 16:15
Updated-04 Aug, 2024 | 21:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in proxy.php in pydio-core in Pydio through 8.2.2. Through an unauthenticated request, it possible to evaluate malicious PHP code by placing it on the fourth line of a .php file, as demonstrated by a PoC.php created by the guest account, with execution via a proxy.php?hash=../../../../../var/lib/pydio/data/personal/guest/PoC.php request. This is related to plugins/action.share/src/Store/ShareStore.php.

Action-Not Available
Vendor-pydion/a
Product-pydion/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2019-9618
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-80.82% / 99.11%
||
7 Day CHG~0.00%
Published-13 May, 2019 | 21:32
Updated-04 Aug, 2024 | 21:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The GraceMedia Media Player plugin 1.0 for WordPress allows Local File Inclusion via the "cfg" parameter.

Action-Not Available
Vendor-gracemedia_media_player_projectn/a
Product-gracemedia_media_playern/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2019-9960
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-70.08% / 98.61%
||
7 Day CHG~0.00%
Published-24 Mar, 2019 | 00:27
Updated-04 Aug, 2024 | 22:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The downloadZip function in application/controllers/admin/export.php in LimeSurvey through 3.16.1+190225 allows a relative path.

Action-Not Available
Vendor-limesurveyn/a
Product-limesurveyn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2018-19328
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.57% / 67.67%
||
7 Day CHG~0.00%
Published-17 Nov, 2018 | 15:00
Updated-05 Aug, 2024 | 11:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

LAOBANCMS 2.0 allows install/mysql_hy.php?riqi=../ Directory Traversal.

Action-Not Available
Vendor-laobancmsn/a
Product-laobancmsn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2004-0847
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-64.44% / 98.38%
||
7 Day CHG~0.00%
Published-06 Oct, 2004 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Microsoft .NET forms authentication capability for ASP.NET allows remote attackers to bypass authentication for .aspx files in restricted directories via a request containing a (1) "\" (backslash) or (2) "%5C" (encoded backslash), aka "Path Validation Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-asp.netn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2018-16858
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-92.58% / 99.73%
||
7 Day CHG+0.20%
Published-25 Mar, 2019 | 17:43
Updated-05 Aug, 2024 | 10:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

It was found that libreoffice before versions 6.0.7 and 6.1.3 was vulnerable to a directory traversal attack which could be used to execute arbitrary macros bundled with a document. An attacker could craft a document, which when opened by LibreOffice, would execute a Python method from a script in any arbitrary file system location, specified relative to the LibreOffice install location.

Action-Not Available
Vendor-libreoffice[UNKNOWN]
Product-libreofficelibreoffice
CWE ID-CWE-356
Product UI does not Warn User of Unsafe Actions
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2016-8204
Matching Score-4
Assigner-Brocade Communications Systems, LLC
ShareView Details
Matching Score-4
Assigner-Brocade Communications Systems, LLC
CVSS Score-9.8||CRITICAL
EPSS-71.34% / 98.66%
||
7 Day CHG~0.00%
Published-14 Jan, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Directory Traversal vulnerability in FileReceiveServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to upload a malicious file in a section of the file system where it can be executed.

Action-Not Available
Vendor-n/aBroadcom Inc.
Product-brocade_network_advisorBrocade Network Advisor versions released prior to and including 14.0.2
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2019-8385
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-10.68% / 93.02%
||
7 Day CHG~0.00%
Published-05 Jun, 2019 | 18:35
Updated-04 Aug, 2024 | 21:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Thomson Reuters Desktop Extensions 1.9.0.358. An unauthenticated directory traversal and local file inclusion vulnerability in the ThomsonReuters.Desktop.Service.exe and ThomsonReuters.Desktop.exe allows a remote attacker to list or enumerate sensitive contents of files via a \.. to port 6677. Additionally, this could allow for privilege escalation by dumping the affected machine's SAM and SYSTEM database files, as well as remote code execution.

Action-Not Available
Vendor-thomsonreutersn/a
Product-concourse_matter_roomfirm_central_desktopn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2016-8205
Matching Score-4
Assigner-Brocade Communications Systems, LLC
ShareView Details
Matching Score-4
Assigner-Brocade Communications Systems, LLC
CVSS Score-9.8||CRITICAL
EPSS-24.06% / 95.83%
||
7 Day CHG~0.00%
Published-14 Jan, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Directory Traversal vulnerability in DashboardFileReceiveServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to upload a malicious file in a section of the file system where it can be executed.

Action-Not Available
Vendor-n/aBrocade Communications Systems, Inc. (Broadcom Inc.)
Product-network_advisorBrocade Network Advisor versions released prior to and including 14.0.2
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2019-1620
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-85.60% / 99.33%
||
7 Day CHG~0.00%
Published-27 Jun, 2019 | 03:05
Updated-19 Nov, 2024 | 19:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Data Center Network Manager Arbitrary File Upload and Remote Code Execution Vulnerability

A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to upload arbitrary files on an affected device. The vulnerability is due to incorrect permission settings in affected DCNM software. An attacker could exploit this vulnerability by uploading specially crafted data to the affected device. A successful exploit could allow the attacker to write arbitrary files on the filesystem and execute code with root privileges on the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-data_center_network_managerCisco Data Center Network Manager
CWE ID-CWE-264
Not Available
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2014-0605
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-9.02% / 92.29%
||
7 Day CHG~0.00%
Published-06 Feb, 2015 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in the rftpcom.dll ActiveX control in Attachmate Reflection FTP Client before 14.1.429 allows remote attackers to execute arbitrary code via unspecified vectors to the SaveSettings method.

Action-Not Available
Vendor-attachmaten/a
Product-reflection_ftp_clientn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2018-14364
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-39.28% / 97.19%
||
7 Day CHG~0.00%
Published-18 Jul, 2018 | 19:00
Updated-05 Aug, 2024 | 09:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GitLab Community and Enterprise Edition before 10.7.7, 10.8.x before 10.8.6, and 11.x before 11.0.4 allows Directory Traversal with write access and resultant remote code execution via the GitLab projects import component.

Action-Not Available
Vendor-n/aGitLab Inc.
Product-gitlabn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2019-8395
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-12.19% / 93.58%
||
7 Day CHG~0.00%
Published-17 Feb, 2019 | 04:00
Updated-04 Aug, 2024 | 21:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Insecure Direct Object Reference (IDOR) vulnerability exists in Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10007 via an attachment to a request.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.
Product-manageengine_servicedesk_plusn/a
CWE ID-CWE-706
Use of Incorrectly-Resolved Name or Reference
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2019-9106
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.65% / 81.29%
||
7 Day CHG~0.00%
Published-31 May, 2019 | 21:22
Updated-04 Aug, 2024 | 21:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Small 05.01 build 1137 devices allows remote attackers to execute or include local .php files, as demonstrated by menu=php://filter/convert.base64-encode/resource=index.php to read index.php.

Action-Not Available
Vendor-saetn/a
Product-tebe_smalltebe_small_firmwarewebappn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2013-3073
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-6.69% / 90.86%
||
7 Day CHG~0.00%
Published-14 Nov, 2019 | 17:47
Updated-06 Aug, 2024 | 16:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Symlink Traversal vulnerability exists in NETGEAR Centria WNDR4700 Firmware 1.0.0.34.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wndr4700_firmwarewndr4700n/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2019-7106
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-27.65% / 96.26%
||
7 Day CHG~0.00%
Published-23 May, 2019 | 15:43
Updated-04 Aug, 2024 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe XD versions 16.0 and earlier have a path traversal vulnerability. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.
Product-xdmac_os_xAdobe XD
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2019-8074
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-7.73% / 91.58%
||
7 Day CHG~0.00%
Published-27 Sep, 2019 | 15:20
Updated-04 Aug, 2024 | 21:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Path Traversal vulnerability. Successful exploitation could lead to Access Control Bypass in the context of the current user.

Action-Not Available
Vendor-Adobe Inc.
Product-coldfusionCold Fusion
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2019-7160
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.50% / 80.41%
||
7 Day CHG~0.00%
Published-29 Jan, 2019 | 16:00
Updated-04 Aug, 2024 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

idreamsoft iCMS 7.0.13 allows admincp.php?app=files ../ Directory Traversal via the udir parameter to files.admincp.php, resulting in execution of arbitrary PHP code from a ZIP file via the admincp.php?app=apps zipfile parameter to apps.admincp.php.

Action-Not Available
Vendor-idreamsoftn/a
Product-icmsn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2019-6714
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-24.25% / 95.87%
||
7 Day CHG~0.00%
Published-17 Mar, 2019 | 17:40
Updated-04 Aug, 2024 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in BlogEngine.NET through 3.3.6.0. A path traversal and Local File Inclusion vulnerability in PostList.ascx.cs can cause unauthenticated users to load a PostView.ascx component from a potentially untrusted location on the local filesystem. This is especially dangerous if an authenticated user uploads a PostView.ascx file using the file manager utility, which is currently allowed. This results in remote code execution for an authenticated user.

Action-Not Available
Vendor-blogenginen/a
Product-blogengine.netn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2019-7105
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-27.65% / 96.26%
||
7 Day CHG~0.00%
Published-23 May, 2019 | 15:42
Updated-04 Aug, 2024 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe XD versions 16.0 and earlier have a path traversal vulnerability. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.
Product-xdmac_os_xAdobe XD
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2019-5356
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-19.72% / 95.22%
||
7 Day CHG~0.00%
Published-05 Jun, 2019 | 14:39
Updated-04 Aug, 2024 | 19:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

Action-Not Available
Vendor-n/aHP Inc.
Product-intelligent_management_centerHPE Intelligent Management Center (IMC) PLAT
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2016-7552
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-92.98% / 99.77%
||
7 Day CHG~0.00%
Published-12 Apr, 2017 | 10:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On the Trend Micro Threat Discovery Appliance 2.6.1062r1, directory traversal when processing a session_id cookie allows a remote, unauthenticated attacker to delete arbitrary files as root. This can be used to bypass authentication or cause a DoS.

Action-Not Available
Vendor-n/aTrend Micro Incorporated
Product-threat_discovery_appliancen/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2012-6652
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.26% / 83.96%
||
7 Day CHG~0.00%
Published-13 May, 2019 | 13:28
Updated-06 Aug, 2024 | 21:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in pageflipbook.php script from index.php in Page Flip Book plugin for WordPress (wppageflip) allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pageflipbook_language parameter.

Action-Not Available
Vendor-page_flip_book_projectn/a
Product-page_flip_bookn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2019-3396
Matching Score-4
Assigner-Atlassian
ShareView Details
Matching Score-4
Assigner-Atlassian
CVSS Score-9.8||CRITICAL
EPSS-94.47% / 100.00%
||
7 Day CHG~0.00%
Published-25 Mar, 2019 | 18:37
Updated-30 Jul, 2025 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-05-03||Apply updates per vendor instructions.

The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 before 6.13.3 (the fixed version for 6.13.x), and from version 6.14.0 before 6.14.2 (the fixed version for 6.14.x), allows remote attackers to achieve path traversal and remote code execution on a Confluence Server or Data Center instance via server-side template injection.

Action-Not Available
Vendor-Atlassian
Product-confluence_serverConfluence ServerConfluence Server and Data Server
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2012-4959
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-10||HIGH
EPSS-73.92% / 98.77%
||
7 Day CHG~0.00%
Published-18 Nov, 2012 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to upload and execute files via a 130 /FSF/CMD request with a .. (dot dot) in a FILE element of an FSFUI record.

Action-Not Available
Vendor-n/aNovell
Product-file_reportern/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2019-7678
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.58% / 68.07%
||
7 Day CHG~0.00%
Published-09 Feb, 2019 | 22:00
Updated-04 Aug, 2024 | 20:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A directory traversal vulnerability was discovered in Enphase Envoy R3.*.* via images/, include/, include/js, or include/css on TCP port 8888.

Action-Not Available
Vendor-enphasen/a
Product-envoyn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2019-1785
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-2.00% / 82.92%
||
7 Day CHG~0.00%
Published-08 Apr, 2019 | 19:05
Updated-19 Nov, 2024 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Clam AntiVirus RAR Directory Traversal Vulnerability

A vulnerability in the RAR file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and 0.101.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a lack of proper error-handling mechanisms when processing nested RAR files sent to an affected device. An attacker could exploit this vulnerability by sending a crafted RAR file to an affected device. An exploit could allow the attacker to view or create arbitrary files on the targeted system.

Action-Not Available
Vendor-ClamAVCisco Systems, Inc.
Product-clamavClamAV
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found