Total
22 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-15019 | 1 Jekbox Project | 1 Jekbox | 2024-05-17 | 7.5 High |
| A vulnerability was found in tombh jekbox. It has been rated as problematic. This issue affects some unknown processing of the file lib/server.rb. The manipulation leads to exposure of information through directory listing. The attack may be initiated remotely. The patch is named 64eb2677671018fc08b96718b81e3dbc83693190. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218375. | ||||
| CVE-2014-125069 | 1 Maps-js-icoads Project | 1 Maps-js-icoads | 2024-05-17 | 5.3 Medium |
| A vulnerability was found in saxman maps-js-icoads. It has been classified as problematic. Affected is an unknown function. The manipulation leads to exposure of information through directory listing. It is possible to launch the attack remotely. The name of the patch is 34b8b0cce2807b119f4cffda2ac48fc8f427d69a. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217644. | ||||
| CVE-2024-3707 | 2024-04-15 | 5.3 Medium | ||
| Information exposure vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to enumerate all files in the web tree by accessing a php file. | ||||
| CVE-2021-45446 | 1 Hitachi | 1 Vantara Pentaho | 2023-11-07 | 7.5 High |
| A vulnerability in Hitachi Vantara Pentaho Business Analytics Server versions before 9.2.0.2 and 8.3.0.25 does not cascade the hidden property to the children of the Home folder. This directory listing provides an attacker with the complete index of all the resources located inside the directory. | ||||
| CVE-2022-36243 | 1 Shopbeat | 1 Shop Beat Media Player | 2023-06-02 | 5.3 Medium |
| Shop Beat Solutions (pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Directory Traversal via server.shopbeat.co.za. Information Exposure Through Directory Listing vulnerability in "studio" software of Shop Beat. This issue affects: Shop Beat studio studio versions prior to 3.2.57 on arm. | ||||
| CVE-2020-8161 | 3 Canonical, Debian, Rack Project | 3 Ubuntu Linux, Debian Linux, Rack | 2023-02-02 | 8.6 High |
| A directory traversal vulnerability exists in rack < 2.2.0 that allows an attacker perform directory traversal vulnerability in the Rack::Directory app that is bundled with Rack which could result in information disclosure. | ||||
| CVE-2021-23195 | 1 Fresenius-kabi | 8 Agilia Connect, Agilia Connect Firmware, Agilia Partner Maintenance Software and 5 more | 2022-10-24 | 5.3 Medium |
| Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 has the option for automated indexing (directory listing) activated. When accessing a directory, a web server delivers its entire content in HTML form. If an index file does not exist and directory listing is enabled, all content of the directory will be displayed, allowing an attacker to identify and access files on the server. | ||||
| CVE-2022-30625 | 1 Chcnav | 2 P5e Gnss, P5e Gnss Firmware | 2022-07-23 | 5.3 Medium |
| Directory listing is a web server function that displays the directory contents when there is no index file in a specific website directory. A directory listing provides an attacker with the complete index of all the resources located inside of the directory. The specific risks and consequences vary depending on which files are listed and accessible. | ||||
| CVE-2021-27505 | 1 Myscada | 1 Mypro | 2022-05-24 | 7.5 High |
| mySCADA myPRO versions prior to 8.20.0 does not restrict unauthorized read access to sensitive directory listing information. | ||||
| CVE-2021-21528 | 1 Dell | 1 Emc Powerscale Onefs | 2021-11-17 | 7.5 High |
| Dell EMC PowerScale OneFS versions 9.1.0, 9.2.0.x, 9.2.1.x contain an Exposure of Information through Directory Listing vulnerability. This vulnerability is triggered when upgrading from a previous versions. | ||||
| CVE-2021-32515 | 1 Qsan | 1 Storage Manager | 2021-09-20 | 5.3 Medium |
| Directory listing vulnerability in share_link in QSAN Storage Manager allows attackers to list arbitrary directories and further access credential information. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3. | ||||
| CVE-2021-32511 | 1 Qsan | 1 Storage Manager | 2021-09-20 | 4.3 Medium |
| QSAN Storage Manager through directory listing vulnerability in ViewBroserList allows remote authenticated attackers to list arbitrary directories via the file path parameter. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3. | ||||
| CVE-2021-32510 | 1 Qsan | 1 Storage Manager | 2021-09-20 | 4.3 Medium |
| QSAN Storage Manager through directory listing vulnerability in antivirus function allows remote authenticated attackers to list arbitrary directories by injecting file path parameter. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3. | ||||
| CVE-2020-7858 | 2 Cdnetworks, Microsoft | 2 Aquanplayer, Windows | 2021-04-29 | 8.6 High |
| There is a directory traversing vulnerability in the download page url of AquaNPlayer 2.0.0.92. The IP of the download page url is localhost and an attacker can traverse directories using "dot dot" sequences(../../) to view host file on the system. This vulnerability can cause information leakage. | ||||
| CVE-2019-5415 | 1 Zeit | 1 Serve | 2020-10-19 | 7.5 High |
| A bug in handling the ignore files and directories feature in serve 6.5.3 allows an attacker to read a file or list the directory that the victim has not allowed access to. | ||||
| CVE-2020-15790 | 1 Siemens | 1 Spectrum Power 4 | 2020-09-14 | 5.3 Medium |
| A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP8). If configured in an insecure manner, the web server might be susceptible to a directory listing attack. | ||||
| CVE-2020-15081 | 1 Prestashop | 1 Prestashop | 2020-07-02 | 5.3 Medium |
| In PrestaShop from version 1.5.0.0 and before 1.7.6.6, there is information exposure in the upload directory. The problem is fixed in version 1.7.6.6. A possible workaround is to add an empty index.php file in the upload directory. | ||||
| CVE-2019-5437 | 1 Harpjs | 1 Harp | 2019-10-09 | N/A |
| Information exposure through the directory listing in npm's harp module allows to access files that are supposed to be ignored according to the harp server rules.Vulnerable versions are <= 0.29.0 and no fix was applied to our knowledge. | ||||
| CVE-2018-16493 | 1 Static-resource-server Project | 1 Static-resource-server | 2019-10-09 | N/A |
| A path traversal vulnerability was found in module static-resource-server 1.7.2 that allows unauthorized read access to any file on the server by appending slashes in the URL. | ||||
| CVE-2018-14785 | 1 Netcommwireless | 2 Nwl-25, Nwl-25 Firmware | 2019-10-09 | N/A |
| NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. The directory of the device is listed openly without authentication. | ||||