Total
7235 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-17992 | 1 Iwcnetwork | 1 Biometric Shift Employee Management System | 2025-04-20 | N/A |
| Biometric Shift Employee Management System allows Arbitrary File Download via directory traversal sequences in the index.php form_file_name parameter in a download_form action. | ||||
| CVE-2017-2090 | 1 Cubecart | 1 Cubecart | 2025-04-20 | N/A |
| Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors. | ||||
| CVE-2017-2098 | 1 Cubecart | 1 Cubecart | 2025-04-20 | N/A |
| Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors. | ||||
| CVE-2017-2117 | 1 Cubecart | 1 Cubecart | 2025-04-20 | N/A |
| Directory traversal vulnerability in CubeCart versions prior to 6.1.5 allows attacker with administrator rights to read arbitrary files via unspecified vectors. | ||||
| CVE-2017-2119 | 1 Wbce | 1 Wbce Cms | 2025-04-20 | N/A |
| Directory traversal vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to read arbitrary files via unspecified vectors. | ||||
| CVE-2017-2150 | 1 Booking Calendar Project | 1 Booking Calendar | 2025-04-20 | N/A |
| Directory traversal vulnerability in Booking Calendar version 7.0 and earlier allows remote attackers to read arbitrary files via specially crafted captcha_chalange parameter. | ||||
| CVE-2017-2163 | 1 N-i-agroinformatics | 1 Soy Cms | 2025-04-20 | N/A |
| Directory traversal vulnerability in SOY CMS Ver.1.8.1 to Ver.1.8.12 allows authenticated attackers to read arbitrary files via shop_id. | ||||
| CVE-2017-2240 | 2 Apple, Hammock | 2 Mac Os X, Assetview | 2025-04-20 | N/A |
| Directory traversal vulnerability in AssetView for MacOS Ver.9.2.0 and earlier versions allows remote attackers to read arbitrary files via "File Transfer Web Service". | ||||
| CVE-2017-2245 | 1 Getshortcodes | 1 Shortcodes Ultimate | 2025-04-20 | 5.0 Medium |
| Directory traversal vulnerability in Shortcodes Ultimate prior to version 4.10.0 allows remote attackers to read arbitrary files via unspecified vectors. | ||||
| CVE-2017-17671 | 2 Microsoft, Vbulletin | 2 Windows, Vbulletin | 2025-04-20 | 9.8 Critical |
| vBulletin through 5.3.x on Windows allows remote PHP code execution because a require_once call is reachable with an unauthenticated request that can include directory traversal sequences to specify an arbitrary pathname, and because ../ traversal is blocked but ..\ traversal is not blocked. For example, an attacker can make an invalid HTTP request containing PHP code, and then make an index.php?routestring= request with enough instances of ".." to reach an Apache HTTP Server log file. | ||||
| CVE-2017-17715 | 1 Telegram | 1 Telegram Messenger | 2025-04-20 | N/A |
| The saveFile method in MediaController.java in the Telegram Messenger application before 2017-12-08 for Android allows directory traversal via a pathname obtained in a file-transfer request from a remote peer, as demonstrated by writing to tgnet.dat or tgnet.dat.bak. | ||||
| CVE-2017-17739 | 1 Brightsign | 2 4k242, 4k242 Firmware | 2025-04-20 | N/A |
| The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) has directory traversal via the /storage.html rp parameter, allowing an attacker to read or write to files. | ||||
| CVE-2017-16936 | 1 Tenda | 6 Ac15, Ac15 Firmware, Ac18 and 3 more | 2025-04-20 | N/A |
| Directory Traversal vulnerability in app_data_center on Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01, Ac9 ac9_kf_V15.03.05.19(6318_)_cn, Ac15 US_AC15V1.0BR_V15.03.05.18_multi_TD01, Ac15 US_AC15V1.0BR_V15.03.05.19_multi_TD01, Ac18 US_AC18V1.0BR_V15.03.05.05_multi_TD01, and Ac18 ac18_kf_V15.03.05.19(6318_)_cn devices allows remote unauthenticated attackers to read arbitrary files via a cgi-bin/luci/request?op=1&path= URI that uses directory traversal sequences after a /usb/ substring. | ||||
| CVE-2017-16959 | 1 Tp-link | 108 Tl-er3210g, Tl-er3210g Firmware, Tl-er3220g and 105 more | 2025-04-20 | N/A |
| The locale feature in cgi-bin/luci on TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allows remote authenticated users to test for the existence of arbitrary files by making an operation=write;locale=%0d request, and then making an operation=read request with a crafted Accept-Language HTTP header, related to the set_sysinfo and get_sysinfo functions in /usr/lib/lua/luci/controller/locale.lua in uhttpd. | ||||
| CVE-2017-17042 | 1 Yardoc | 1 Yard | 2025-04-20 | N/A |
| lib/yard/core_ext/file.rb in the server in YARD before 0.9.11 does not block relative paths with an initial ../ sequence, which allows attackers to conduct directory traversal attacks and read arbitrary files. | ||||
| CVE-2017-17058 | 1 Automattic | 1 Woocommerce | 2025-04-20 | 7.5 High |
| The WooCommerce plugin through 3.x for WordPress has a Directory Traversal Vulnerability via a /wp-content/plugins/woocommerce/templates/emails/plain/ URI, which accesses a parent directory. NOTE: a software maintainer indicates that Directory Traversal is not possible because all of the template files have "if (!defined('ABSPATH')) {exit;}" code | ||||
| CVE-2017-16759 | 1 Librenms | 1 Librenms | 2025-04-20 | N/A |
| The installation process in LibreNMS before 2017-08-18 allows remote attackers to read arbitrary files, related to html/install.php. | ||||
| CVE-2017-16762 | 1 Sanic Project | 1 Sanic | 2025-04-20 | N/A |
| Sanic before 0.5.1 allows reading arbitrary files with directory traversal, as demonstrated by the /static/..%2f substring. | ||||
| CVE-2017-16788 | 1 Meinbergglobal | 2 Lantime, Lantime Firmware | 2025-04-20 | N/A |
| Directory traversal vulnerability in the "Upload Groupkey" functionality in the Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with Admin-User access to write to arbitrary files and consequently gain root privileges by uploading a file, as demonstrated by storing a file in the cron.d directory. | ||||
| CVE-2017-16806 | 1 Ulterius | 1 Ulterius Server | 2025-04-20 | N/A |
| The Process function in RemoteTaskServer/WebServer/HttpServer.cs in Ulterius before 1.9.5.0 allows HTTP server directory traversal. | ||||