Unauthenticated remote .jpg file upload in contus-video-comments v1.0 wordpress plugin
Max CVSS
9.4
EPSS Score
1.33%
Published
2016-10-06
Updated
2020-04-29
Directory traversal in /connectors/index.php in MODX Revolution before 2.5.2-pl allows remote attackers to perform local file inclusion/traversal/manipulation via a crafted dir parameter, related to browser/directory/getfiles.
Max CVSS
7.5
EPSS Score
0.16%
Published
2016-12-24
Updated
2019-11-14
Directory traversal in /connectors/index.php in MODX Revolution before 2.5.2-pl allows remote attackers to perform local file inclusion/traversal/manipulation via a crafted dir parameter, related to browser/directory/remove.
Max CVSS
7.5
EPSS Score
0.16%
Published
2016-12-24
Updated
2016-12-29
Directory traversal in /connectors/index.php in MODX Revolution before 2.5.2-pl allows remote attackers to perform local file inclusion/traversal/manipulation via a crafted id (aka dir) parameter, related to browser/directory/getlist.
Max CVSS
7.5
EPSS Score
0.16%
Published
2016-12-24
Updated
2019-11-14
An issue was discovered in Apport before 2.20.4. There is a path traversal issue in the Apport crash file "Package" and "SourcePackage" fields. These fields are used to build a path to the package specific hook files in the /usr/share/apport/package-hooks/ directory. An attacker can exploit this path traversal to execute arbitrary Python files from the local system.
Max CVSS
9.3
EPSS Score
0.13%
Published
2016-12-17
Updated
2017-01-07
An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.
Max CVSS
7.5
EPSS Score
0.34%
Published
2016-12-29
Updated
2022-04-11
Directory traversal vulnerability in file "jcss.php" in Zikula 1.3.x before 1.3.11 and 1.4.x before 1.4.4 on Windows allows a remote attacker to launch a PHP object injection by uploading a serialized file.
Max CVSS
9.8
EPSS Score
0.39%
Published
2016-12-05
Updated
2016-12-27
A vulnerability in the Cisco Unified Reporting upload tool accessed via the Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to modify arbitrary files on the file system. More Information: CSCvb61698. Known Affected Releases: 11.5(1.11007.2). Known Fixed Releases: 12.0(0.98000.168) 12.0(0.98000.178) 12.0(0.98000.399) 12.0(0.98000.510) 12.0(0.98000.536) 12.0(0.98500.7).
Max CVSS
7.5
EPSS Score
0.13%
Published
2016-12-14
Updated
2017-01-04
A vulnerability in the File Management Utility, the Download File form, and the Serviceability application of Cisco Emergency Responder could allow an authenticated, remote attacker to access files in arbitrary locations on the file system of an affected device. More Information: CSCva98951 CSCva98954 CSCvb57494. Known Affected Releases: 11.5(2.10000.5). Known Fixed Releases: 12.0(0.98000.14) 12.0(0.98000.16).
Max CVSS
6.5
EPSS Score
0.12%
Published
2016-12-14
Updated
2016-12-22
A vulnerability in the Cisco application-hosting framework (CAF) of Cisco IOx could allow an authenticated, remote attacker to read arbitrary files on a targeted system. Affected Products: This vulnerability affects specific releases of the Cisco IOx subsystem of Cisco IOS and IOS XE Software. More Information: CSCvb23331. Known Affected Releases: 15.2(6.0.57i)E CAF-1.1.0.0.
Max CVSS
6.8
EPSS Score
0.12%
Published
2016-12-14
Updated
2016-12-22
Directory traversal vulnerability in Spark 2.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.
Max CVSS
7.5
EPSS Score
0.30%
Published
2016-11-04
Updated
2018-01-05
NVIDIA GeForce Experience 3.x before GFE 3.1.0.52 contains a vulnerability in NVIDIA Web Helper.exe where a local web API endpoint, /VisualOPS/v.1.0./, lacks proper access control and parameter validation, allowing for information disclosure via a directory traversal attack.
Max CVSS
6.5
EPSS Score
0.24%
Published
2016-12-16
Updated
2021-02-11
Directory traversal vulnerability in INDAS Web SCADA before 3 allows remote attackers to read arbitrary files via unspecified vectors.
Max CVSS
7.5
EPSS Score
0.16%
Published
2016-10-05
Updated
2016-12-02
Directory traversal vulnerability in Huawei eSight before V300R003C20SPC005 allows remote authenticated users to read arbitrary files via unspecified vectors.
Max CVSS
6.5
EPSS Score
0.13%
Published
2016-10-03
Updated
2016-10-04
The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch 2 could be used to upload a malicious file to any folder on the site via a cpi directory traversal.
Max CVSS
7.5
EPSS Score
0.29%
Published
2016-11-03
Updated
2018-02-27
Directory traversal vulnerability in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to access host files outside the export path via a .. (dot dot) in an unspecified string.
Max CVSS
6.0
EPSS Score
0.06%
Published
2016-12-10
Updated
2023-02-12
Directory traversal vulnerability in the Connection Server in VMware Horizon View 5.x before 5.3.7, 6.x before 6.2.3, and 7.x before 7.0.1 allows remote attackers to obtain sensitive information via unspecified vectors.
Max CVSS
5.3
EPSS Score
4.54%
Published
2016-12-29
Updated
2017-07-30
An issue was discovered in phpMyAdmin involving the %u username replacement functionality of the SaveDir and UploadDir features. When the username substitution is configured, a specially-crafted user name can be used to circumvent restrictions to traverse the file system. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.
Max CVSS
6.8
EPSS Score
0.16%
Published
2016-12-11
Updated
2018-07-08
Directory traversal vulnerability in the web interface in Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) 10.6(3) and earlier allows remote attackers to write to arbitrary files via a crafted URL, aka Bug ID CSCuz64717.
Max CVSS
7.5
EPSS Score
0.20%
Published
2016-09-12
Updated
2016-12-12
Directory traversal vulnerability in the web interface in Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) 10.6(3) and earlier allows remote authenticated users to read arbitrary files via a crafted pathname in an HTTP request, aka Bug ID CSCuz27255.
Max CVSS
4.3
EPSS Score
0.09%
Published
2016-09-12
Updated
2016-12-12
Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER.
Max CVSS
7.5
EPSS Score
0.49%
Published
2016-12-09
Updated
2023-02-13
Directory traversal vulnerability in KArchive before 5.24, as used in KDE Frameworks, allows remote attackers to write to arbitrary files via a ../ (dot dot slash) in a filename in an archive file, related to KNewsstuff downloads.
Max CVSS
7.5
EPSS Score
1.44%
Published
2016-08-02
Updated
2016-11-28
Directory traversal vulnerability in SAP TREX 7.10 Revision 63 allows remote attackers to read arbitrary files via unspecified vectors, aka SAP Security Note 2203591.
Max CVSS
10.0
EPSS Score
1.60%
Published
2016-08-05
Updated
2016-11-28
Directory traversal vulnerability in Eclipse Help in IBM Tivoli Lightweight Infrastructure (aka LWI), as used in AIX 5.3, 6.1, and 7.1, allows remote authenticated users to read arbitrary files via a crafted URL.
Max CVSS
6.5
EPSS Score
0.15%
Published
2016-09-26
Updated
2017-07-30
Directory traversal vulnerability in the Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows remote attackers to read arbitrary files via a crafted URL.
Max CVSS
7.5
EPSS Score
0.30%
Published
2016-10-06
Updated
2016-11-28
99 vulnerabilities found
1 2 3 4
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!