Total
8266 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-5952 | 1 Thomsonreuters | 1 Fatca | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
Directory traversal vulnerability in Thomson Reuters for FATCA before 5.2 allows remote attackers to execute arbitrary files via the item parameter.
|
|||||
| CVE-2015-5467 | 1 Yiiframework | 1 Yii | 2024-11-21 | N/A | 9.8 CRITICAL |
|
web\ViewAction in Yii (aka Yii2) 2.x before 2.0.5 allows attackers to execute any local .php file via a relative path in the view parameeter.
|
|||||
| CVE-2015-5079 | 1 Blackcat-cms | 1 Blackcat Cms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Directory traversal vulnerability in widgets/logs.php in BlackCat CMS before 1.1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the dl parameter.
|
|||||
| CVE-2015-4632 | 1 Koha | 1 Koha | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Multiple directory traversal vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the template_path parameter to (1) svc/virtualshelves/search or (2) svc/members/search.
|
|||||
| CVE-2015-4617 | 1 Easy2map | 1 Easy2map-photos | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Vulnerability in Easy2map-photos WordPress Plugin v1.09 MapPinImageUpload.php and MapPinIconSave.php allows path traversal when specifying file names creating files outside of the upload directory.
|
|||||
| CVE-2015-4461 | 1 Efrontlearning | 1 Efront | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Absolute path traversal vulnerability in eFront CMS 3.6.15.4 and earlier allows remote Professor users to obtain sensitive information via a full pathname in the other parameter.
|
|||||
| CVE-2015-3309 | 1 Etherpad | 1 Etherpad | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Directory traversal vulnerability in node/utils/Minify.js in Etherpad 1.1.2 through 1.5.4 allows remote attackers to read arbitrary files with permissions of the user running the service via a .. (dot dot) in the path parameter of HTTP API requests. NOTE: This vulnerability is due to an incomplete fix to CVE-2015-3297.
|
|||||
| CVE-2015-3151 | 1 Redhat | 1 Automatic Bug Reporting Tool | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
Directory traversal vulnerability in abrt-dbus in Automatic Bug Reporting Tool (ABRT) allows local users to read, write to, or change ownership of arbitrary files via unspecified vectors to the (1) NewProblem, (2) GetInfo, (3) SetElement, or (4) DeleteElement method.
|
|||||
| CVE-2015-2074 | 1 Sap | 1 Businessobjects Edge | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The File Repository Server (FRS) CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to write to arbitrary files via a full pathname, aka SAP Note 2018681.
|
|||||
| CVE-2015-2073 | 1 Sap | 1 Businessobjects Edge | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The File RepositoRy Server (FRS) CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to read arbitrary files via a full pathname, aka SAP Note 2018682.
|
|||||
| CVE-2015-2060 | 2 Cabextract Project, Linux | 2 Cabextract, Linux Kernel | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
cabextract before 1.6 does not properly check for leading slashes when extracting files, which allows remote attackers to conduct absolute directory traversal attacks via a malformed UTF-8 character that is changed to a UTF-8 encoded slash.
|
|||||
| CVE-2015-1503 | 1 Icewarp | 1 Mail Server | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
Multiple directory traversal vulnerabilities in IceWarp Mail Server before 11.2 allow remote attackers to read arbitrary files via a (1) .. (dot dot) in the file parameter to a webmail/client/skins/default/css/css.php page or .../. (dot dot dot slash dot) in the (2) script or (3) style parameter to webmail/old/calendar/minimizer/index.php.
|
|||||
| CVE-2015-1396 | 2 Debian, Gnu | 2 Debian Linux, Patch | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
|
A Directory Traversal vulnerability exists in the GNU patch before 2.7.4. A remote attacker can write to arbitrary files via a symlink attack in a patch file. NOTE: this issue exists because of an incomplete fix for CVE-2015-1196.
|
|||||
| CVE-2015-10043 | 1 Apollo Project | 1 Apollo | 2024-11-21 | 5.2 MEDIUM | 5.5 MEDIUM |
|
A vulnerability, which was classified as critical, was found in abreen Apollo. This affects an unknown part. The manipulation of the argument file leads to path traversal. The patch is named 6206406630780bbd074aff34f4683fb764faba71. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218307.
|
|||||
| CVE-2015-10030 | 1 Surpass Project | 1 Surpass | 2024-11-21 | 5.2 MEDIUM | 5.5 MEDIUM |
|
A vulnerability has been found in SUKOHI Surpass and classified as critical. This vulnerability affects unknown code of the file src/Sukohi/Surpass/Surpass.php. The manipulation of the argument dir leads to pathname traversal. Upgrading to version 1.0.0 is able to address this issue. The patch is identified as d22337d453a2a14194cdb02bf12cdf9d9f827aa7. It is recommended to upgrade the affected component. VDB-217642 is the identifier assigned to this vulnerability.
|
|||||
| CVE-2015-10024 | 1 Larasync Project | 1 Larasync | 2024-11-21 | 5.2 MEDIUM | 5.5 MEDIUM |
|
A vulnerability classified as critical was found in hoffie larasync. This vulnerability affects unknown code of the file repository/content/file_storage.go. The manipulation leads to path traversal. The name of the patch is 776bad422f4bd4930d09491711246bbeb1be9ba5. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217612.
|
|||||
| CVE-2014-9609 | 1 Netsweeper | 1 Netsweeper | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Directory traversal vulnerability in webadmin/reporter/view_server_log.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to list directory contents via a .. (dot dot) in the log parameter in a stats action.
|
|||||
| CVE-2014-9485 | 1 Minizip Project | 1 Minizip | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
Directory traversal vulnerability in the do_extract_currentfile function in miniunz.c in miniunzip in minizip before 1.1-5 might allow remote attackers to write to arbitrary files via a crafted entry in a ZIP archive.
|
|||||
| CVE-2014-9356 | 1 Docker | 1 Docker | 2024-11-21 | 8.5 HIGH | 8.6 HIGH |
|
Path traversal vulnerability in Docker before 1.3.3 allows remote attackers to write to arbitrary files and bypass a container protection mechanism via a full pathname in a symlink in an (1) image or (2) build in a Dockerfile.
|
|||||
| CVE-2014-9014 | 1 Wpmarketplace Project | 1 Wpmarketplace | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
Directory traversal vulnerability in the ajaxinit function in wpmarketplace/libs/cart.php in the WP Marketplace plugin before 2.4.1 for WordPress allows remote authenticated users to download arbitrary files via a .. (dot dot) in the file parameter.
|
|||||
| CVE-2014-8939 | 1 Piwigo | 1 Lexiglot | 2024-11-21 | 4.3 MEDIUM | 5.3 MEDIUM |
|
Lexiglot through 2014-11-20 allows remote attackers to obtain sensitive information (full path) via an include/smarty/plugins/modifier.date_format.php request if PHP has a non-recommended configuration that produces warning messages.
|
|||||
| CVE-2014-8742 | 1 Lexmark | 1 Markvision Enterprise | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
Directory traversal vulnerability in the ReportDownloadServlet servlet in Lexmark MarkVision Enterprise before 2.1 allows remote attackers to read arbitrary files via unspecified vectors.
|
|||||
| CVE-2014-8741 | 1 Lexmark | 1 Markvision Enterprise | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
Directory traversal vulnerability in the GfdFileUploadServerlet servlet in Lexmark MarkVision Enterprise before 2.1 allows remote attackers to write to arbitrary files via unspecified vectors.
|
|||||
| CVE-2014-7951 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 4.6 MEDIUM |
|
Directory traversal vulnerability in the Android debug bridge (aka adb) in Android 4.0.4 allows physically proximate attackers with a direct connection to the target Android device to write to arbitrary files owned by system via a .. (dot dot) in the tar archive headers.
|
|||||
| CVE-2014-7174 | 1 Farsite | 2 Farlinx X25 Gateway, Farlinx X25 Gateway Firmware | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
FarLinX X25 Gateway through 2014-09-25 allows directory traversal via the log-handling feature.
|
|||||
| CVE-2014-5436 | 1 Honeywell | 1 Experion Process Knowledge System | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A directory traversal vulnerability exists in the confd.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, which could lead to possible information disclosure. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version.
|
|||||
| CVE-2014-5236 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Multiple absolute path traversal vulnerabilities in documentconverter in Open-Xchange (OX) AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allow remote attackers to read application files via a full pathname in a crafted (1) OLE Object or (2) image in an OpenDocument text file.
|
|||||
| CVE-2014-5068 | 1 Microsemi | 2 S350i, S350i Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Directory traversal vulnerability in the web application in Symmetricom s350i 2.70.15 allows remote attackers to read arbitrary files via a (1) ../ (dot dot slash) or (2) ..\ (dot dot forward slash) before a file name.
|
|||||
| CVE-2014-5007 | 1 Zohocorp | 2 Manageengine Desktop Central, Manageengine Desktop Central Managed Service Providers | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
Directory traversal vulnerability in the agentLogUploader servlet in ZOHO ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MSP) edition before 9 build 90055 allows remote attackers to write to and execute arbitrary files as SYSTEM via a .. (dot dot) in the filename parameter.
|
|||||
| CVE-2014-4650 | 2 Python, Redhat | 3 Python, Enterprise Linux, Software Collections | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demonstrated by a %2f separator.
|
|||||
| CVE-2014-3972 | 1 Apexis | 2 Apm-j601-ws, Apm-j601-ws Firmware | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Directory traversal vulnerability in Apexis APM-J601-WS cameras with firmware before 17.35.2.49 allows remote attackers to read arbitrary files via unspecified vectors.
|
|||||
| CVE-2014-3626 | 1 Grails | 1 Resources | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The Grails Resource Plugin often has to exchange URIs for resources with other internal components. Those other components will decode any URI passed to them. To protect against directory traversal the Grails Resource Plugin did the following: normalized the URI, checked the normalized URI did not step outside the appropriate root directory (e.g. the web application root), decoded the URI and checked that this did not introduce additional /../ (and similar) sequences. A bug was introduced where ...
Show More |
|||||
| CVE-2014-2674 | 1 Ajax-pagination Project | 1 Ajax-pagination | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Directory traversal vulnerability in the Ajax Pagination (twitter Style) plugin 1.1 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the loop parameter in an ajax_navigation action to wp-admin/admin-ajax.php.
|
|||||
| CVE-2014-2069 | 1 Eshtery.she7ata | 1 Eshtery Cms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Absolute path traversal vulnerability in Eshtery CMS allows remote attackers to read arbitrary files via a full pathname in the file parameter to FileManager.aspx.
|
|||||
| CVE-2014-1923 | 1 Koha | 1 Koha | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Multiple directory traversal vulnerabilities in the (1) staff interface help editor (edithelp.pl) or (2) member-picupload.pl in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allow remote attackers to write to arbitrary files via unspecified vectors.
|
|||||
| CVE-2014-1922 | 1 Koha | 1 Koha | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Absolute path traversal vulnerability in tools/pdfViewer.pl in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allows remote attackers to read arbitrary files via unspecified vectors.
|
|||||
| CVE-2014-125080 | 1 Faplanet Project | 1 Faplanet | 2024-11-21 | 5.2 MEDIUM | 5.5 MEDIUM |
|
A vulnerability has been found in frontaccounting faplanet and classified as critical. This vulnerability affects unknown code. The manipulation leads to path traversal. The patch is identified as a5dcd87f46080a624b1a9ad4b0dd035bbd24ac50. It is recommended to apply a patch to fix this issue. VDB-218398 is the identifier assigned to this vulnerability.
|
|||||
| CVE-2014-125069 | 1 Maps-js-icoads Project | 1 Maps-js-icoads | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability was found in saxman maps-js-icoads. It has been classified as problematic. Affected is an unknown function. The manipulation leads to exposure of information through directory listing. It is possible to launch the attack remotely. The name of the patch is 34b8b0cce2807b119f4cffda2ac48fc8f427d69a. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217644.
|
|||||
| CVE-2014-125068 | 1 Maps-js-icoads Project | 1 Maps-js-icoads | 2024-11-21 | 5.2 MEDIUM | 5.5 MEDIUM |
|
A vulnerability was found in saxman maps-js-icoads and classified as critical. This issue affects some unknown processing of the file http-server.js. The manipulation leads to path traversal. The patch is named 34b8b0cce2807b119f4cffda2ac48fc8f427d69a. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217643.
|
|||||
| CVE-2014-125033 | 1 Rails-cv-app Project | 1 Rails-cv-app | 2024-11-21 | 2.7 LOW | 3.5 LOW |
|
A vulnerability was found in rails-cv-app. It has been rated as problematic. Affected by this issue is some unknown functionality of the file app/controllers/uploaded_files_controller.rb. The manipulation with the input ../../../etc/passwd leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. The patch is identified as 0d20362af0a5f8a126f67c77833868908484a863. It is recommended to apply a patch to fix this issue. VDB-217178 is the identifier assigne ...
Show More |
|||||