Total
7551 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2010-4149 | 1 Freshwebmaster | 1 Fresh Ftp | 2025-04-11 | N/A |
| Directory traversal vulnerability in FreshWebMaster Fresh FTP 5.36, 5.37, and possibly earlier, allows remote FTP servers to write arbitrary files via a "..\" (dot dot backslash) in a filename. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2010-3606 | 1 Netartmedia | 1 Real Estate Portal | 2025-04-11 | N/A |
| Multiple directory traversal vulnerabilities in AGENTS/index.php in NetArt MEDIA Real Estate Portal 2.0 allow remote emote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) folder and (2) action parameters. | ||||
| CVE-2010-4148 | 1 Anyconnect | 1 Anyconnect | 2025-04-11 | N/A |
| Directory traversal vulnerability in AnyConnect 1.2.3.0, and possibly earlier, allows remote FTP servers to write arbitrary files via a "..\" (dot dot backslash) in a filename. | ||||
| CVE-2010-3930 | 1 Modxcms | 1 Evolution | 2025-04-11 | N/A |
| Directory traversal vulnerability in MODx Evolution 1.0.4 and earlier allows remote attackers to read arbitrary files via unspecified vectors related to AjaxSearch, a different vulnerability than CVE-2010-1427. | ||||
| CVE-2010-1956 | 2 Joomla, Thefactory | 2 Joomla\!, Com Gadgetfactory | 2025-04-11 | N/A |
| Directory traversal vulnerability in the Gadget Factory (com_gadgetfactory) component 1.0.0 and 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2010-3910 | 1 Vtiger | 1 Vtiger Crm | 2025-04-11 | N/A |
| Multiple directory traversal vulnerabilities in the return_application_language function in include/utils/utils.php in vtiger CRM before 5.2.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the lang_crm parameter to phprint.php or (2) the current_language parameter in an Accounts Import action to graph.php. | ||||
| CVE-2010-1980 | 2 Joomla, Roberto Aloi | 2 Joomla\!, Com Joomlaflickr | 2025-04-11 | N/A |
| Directory traversal vulnerability in joomlaflickr.php in the Joomla Flickr (com_joomlaflickr) component 1.0.3 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. | ||||
| CVE-2010-0999 | 1 Freedownloadmanager | 1 Free Download Manager | 2025-04-11 | N/A |
| Directory traversal vulnerability in Free Download Manager (FDM) before 3.0.852 allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file. | ||||
| CVE-2010-3842 | 1 Curl | 1 Curl | 2025-04-11 | N/A |
| Absolute path traversal vulnerability in curl 7.20.0 through 7.21.1, when the --remote-header-name or -J option is used, allows remote servers to create or overwrite arbitrary files by using \ (backslash) as a separator of path components within the Content-disposition HTTP header. | ||||
| CVE-2010-1532 | 2 Givesight, Joomla | 2 Com Powermail, Joomla\! | 2025-04-11 | N/A |
| Directory traversal vulnerability in the givesight PowerMail Pro (com_powermail) component 1.5.3 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. | ||||
| CVE-2010-5278 | 1 Modx | 1 Modx Revolution | 2025-04-11 | N/A |
| Directory traversal vulnerability in manager/controllers/default/resource/tvs.php in MODx Revolution 2.0.2-pl, and possibly earlier, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the class_key parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2010-3743 | 1 Rene Tegel | 1 Visual Synapse | 2025-04-11 | N/A |
| Directory traversal vulnerability in Visual Synapse HTTP Server 1.0 RC1 through RC3, and 0.60 and earlier, allows remote attackers to read arbitrary files via a .. (dot dot) in the URI. | ||||
| CVE-2010-2307 | 1 Motorola | 1 Surfboard Sbv6120e | 2025-04-11 | N/A |
| Multiple directory traversal vulnerabilities in the web server for Motorola SURFBoard cable modem SBV6120E running firmware SBV6X2X-1.0.0.5-SCM-02-SHPC allow remote attackers to read arbitrary files via (1) "//" (multiple leading slash), (2) ../ (dot dot) sequences, and encoded dot dot sequences in a URL request. | ||||
| CVE-2022-4779 | 1 Elvexys | 1 Streamx | 2025-04-10 | 7.5 High |
| StreamX applications from versions 6.02.01 to 6.04.34 are affected by a logic bug that allows to bypass the implemented authentication scheme. StreamX applications using StreamView HTML component with the public web server feature activated are affected. | ||||
| CVE-2023-5505 | 1 Inpsyde | 1 Backwpup | 2025-04-10 | 6.8 Medium |
| The BackWPup plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.0.1 via the job-specific backup folder. This allows authenticated attackers to store backups in arbitrary folders on the server provided they can be written to by the server. Additionally, default settings will place an index.php and a .htaccess file into the chosen directory (unless already present) when the first backup job is run that are intended to prevent directory listing and file access. This means that an attacker could set the backup directory to the root of another site in a shared environment and thus disable that site. | ||||
| CVE-2024-3195 | 1 Mailcleaner | 1 Mailcleaner | 2025-04-10 | 4.7 Medium |
| A vulnerability was found in MailCleaner up to 2023.03.14. It has been classified as critical. This affects an unknown part of the component Admin Endpoints. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-262311. | ||||
| CVE-2024-39903 | 1 Widgetti | 1 Solara | 2025-04-10 | 8.6 High |
| Solara is a pure Python, React-style framework for scaling Jupyter and web apps. A Local File Inclusion (LFI) vulnerability was identified in widgetti/solara, in version <1.35.1, which was fixed in version 1.35.1. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as '../' when serving static files. An attacker can exploit this flaw by manipulating the fragment part of the URI to read arbitrary files on the local file system. | ||||
| CVE-2024-27776 | 2 Canonical, Milesight | 2 Ubuntu Linux, Devicehub | 2025-04-10 | 9.8 Critical |
| MileSight DeviceHub - CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') may allow Unauthenticated RCE | ||||
| CVE-2024-3783 | 1 Whitebearsolutions | 1 Wbsairback | 2025-04-10 | 7.7 High |
| The Backup Agents section in WBSAirback 21.02.04 is affected by a Path Traversal vulnerability, allowing a user with low privileges to download files from the system. | ||||
| CVE-2024-51966 | 1 Esri | 1 Arcgis Server | 2025-04-10 | 4.9 Medium |
| There is a path traversal vulnerability in ESRI ArcGIS Server versions 11.3 and below. Successful exploitation may allow a remote authenticated attacker with admin privileges to traverse the file system to access files outside of the intended directory. There is no impact to integrity or availability due to the nature of the files that can be accessed, but there is a potential high impact to confidentiality. | ||||