Total
7284 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-4320 | 1 Atlassian | 1 Bitbucket | 2025-04-20 | N/A |
| Atlassian Bitbucket Server before 4.7.1 allows remote attackers to read the first line of an arbitrary file via a directory traversal attack on the pull requests resource. | ||||
| CVE-2016-4323 | 3 Canonical, Debian, Pidgin | 3 Ubuntu Linux, Debian Linux, Pidgin | 2025-04-20 | N/A |
| A directory traversal exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an overwrite of files. A malicious server or someone with access to the network traffic can provide an invalid filename for a splash image triggering the vulnerability. | ||||
| CVE-2016-4986 | 1 Jenkins | 1 Tap | 2025-04-20 | 7.5 High |
| Directory traversal vulnerability in the TAP plugin before 1.25 in Jenkins allows remote attackers to read arbitrary files via an unspecified parameter. | ||||
| CVE-2016-4987 | 1 Jenkins | 1 Image Gallery | 2025-04-20 | 6.5 Medium |
| Directory traversal vulnerability in the Image Gallery plugin before 1.4 in Jenkins allows remote attackers to list arbitrary directories and read arbitrary files via unspecified form fields. | ||||
| CVE-2017-5229 | 1 Rapid7 | 1 Metasploit | 2025-04-20 | N/A |
| All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter extapi Clipboard.parse_dump() function. By using a specially-crafted build of Meterpreter, it is possible to write to an arbitrary directory on the Metasploit console with the permissions of the running Metasploit instance. | ||||
| CVE-2016-2087 | 1 Hexchat Project | 1 Hexchat | 2025-04-20 | N/A |
| Directory traversal vulnerability in the client in HexChat 2.11.0 allows remote IRC servers to read or modify arbitrary files via a .. (dot dot) in the server name. | ||||
| CVE-2016-3151 | 1 Barco | 6 Clickshare Csc-1, Clickshare Csc-1 Firmware, Clickshare Cse-200 and 3 more | 2025-04-20 | N/A |
| Directory traversal vulnerability in the wallpaper parsing functionality in Barco ClickShare CSC-1 devices with firmware before 01.09.03, CSM-1 devices with firmware before 01.06.02, and CSE-200 devices with firmware before 01.03.02 allows remote attackers to read /etc/shadow via unspecified vectors. | ||||
| CVE-2016-10183 | 1 Dlink | 2 Dwr-932b, Dwr-932b Firmware | 2025-04-20 | 7.5 High |
| An issue was discovered on the D-Link DWR-932B router. qmiweb allows directory listing with ../ traversal. | ||||
| CVE-2016-10184 | 1 Dlink | 2 Dwr-932b, Dwr-932b Firmware | 2025-04-20 | 7.5 High |
| An issue was discovered on the D-Link DWR-932B router. qmiweb allows file reading with ..%2f traversal. | ||||
| CVE-2016-10330 | 1 Synology | 1 Photo Station | 2025-04-20 | N/A |
| Directory traversal vulnerability in synophoto_dsm_user, a SUID program, as used in Synology Photo Station before 6.5.3-3226 allows local users to write to arbitrary files via unspecified vectors. | ||||
| CVE-2016-10331 | 1 Synology | 1 Photo Station | 2025-04-20 | N/A |
| Directory traversal vulnerability in download.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to read arbitrary files via a full pathname in the id parameter. | ||||
| CVE-2016-10367 | 1 Opsview | 1 Opsview | 2025-04-20 | N/A |
| In Opsview Monitor Pro (Prior to 5.1.0.162300841, prior to 5.0.2.27475, prior to 4.6.4.162391051, and 4.5.x without a certain 2016 security patch), an unauthenticated Directory Traversal vulnerability can be exploited by issuing a specially crafted HTTP GET request utilizing a simple URL encoding bypass, %252f instead of /. | ||||
| CVE-2016-10400 | 1 Atutor | 1 Atutor | 2025-04-20 | N/A |
| Directory Traversal exists in ATutor before 2.2.2 via the icon parameter to /mods/_core/courses/users/create_course.php. The attacker can read an arbitrary file by visiting get_course_icon.php?id= after the traversal attack. | ||||
| CVE-2016-10048 | 2 Imagemagick, Opensuse Project | 2 Imagemagick, Leap | 2025-04-20 | N/A |
| Directory traversal vulnerability in magick/module.c in ImageMagick 6.9.4-7 allows remote attackers to load arbitrary modules via unspecified vectors. | ||||
| CVE-2015-7669 | 1 Easy2map | 1 Easy2map | 2025-04-20 | N/A |
| Multiple directory traversal vulnerabilities in (1) includes/MapImportCSV2.php and (2) includes/MapImportCSV.php in the Easy2Map plugin before 1.3.0 for WordPress allow remote attackers to include and execute arbitrary files via the csvfile parameter related to "upload file functionality." | ||||
| CVE-2015-7780 | 1 Zohocorp | 1 Manageengine Firewall Analyzer | 2025-04-20 | N/A |
| Directory traversal vulnerability in ManageEngine Firewall Analyzer before 8.0. | ||||
| CVE-2015-8235 | 1 Call-cc | 1 Spiffy | 2025-04-20 | N/A |
| Directory traversal vulnerability in Spiffy before 5.4. | ||||
| CVE-2015-8283 | 1 Seawell Networks | 1 Spectrum Sdc | 2025-04-20 | N/A |
| Directory traversal vulnerability in configure_manage.php in SeaWell Networks Spectrum SDC 02.05.00. | ||||
| CVE-2015-8309 | 1 Fomori | 1 Cherrymusic | 2025-04-20 | N/A |
| Directory traversal vulnerability in Cherry Music before 0.36.0 allows remote authenticated users to read arbitrary files via the "value" parameter to "download." | ||||
| CVE-2015-8352 | 1 Zen-cart | 1 Zen Cart | 2025-04-20 | N/A |
| Directory traversal vulnerability in Zen Cart 1.5.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the act parameter to ajax.php. | ||||