Total
8266 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-10397 | 1 Para | 1 Antioch | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The Antioch theme through 2014-09-07 for WordPress allows arbitrary file downloads via the file parameter to lib/scripts/download.php.
|
|||||
| CVE-2014-10396 | 1 Organizedthemes | 1 Epic | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The epic theme through 2014-09-07 for WordPress allows arbitrary file downloads via the file parameter to includes/download.php.
|
|||||
| CVE-2014-10390 | 1 Wpsupportplus | 1 Wp Support Plus Responsive Ticket System | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
|
The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has directory traversal.
|
|||||
| CVE-2014-10073 | 2 Debian, Wpitchoune | 2 Debian Linux, Psensor | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The create_response function in server/server.c in Psensor before 1.1.4 allows Directory Traversal because it lacks a check for whether a file is under the webserver directory.
|
|||||
| CVE-2014-10068 | 1 Hapi | 1 Inert | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The inert directory handler in inert node module before 1.1.1 always allows files in hidden directories to be served, even when `showHidden` is false.
|
|||||
| CVE-2014-10066 | 1 Fancy-server Project | 1 Fancy-server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Versions less than 0.1.4 of the static file server module fancy-server are vulnerable to directory traversal. An attacker can provide input such as `../` to read files outside of the served directory.
|
|||||
| CVE-2013-7466 | 1 Simplemachines | 1 Simple Machines Forum | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
Simple Machines Forum (SMF) 2.0.4 allows local file inclusion, with resultant remote code execution, in install.php via ../ directory traversal in the db_type parameter if install.php remains present after installation.
|
|||||
| CVE-2013-6785 | 1 Supermicro | 1 Intelligent Platform Management Interface | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
Directory traversal vulnerability in url_redirect.cgi in Supermicro IPMI before SMT_X9_315 allows authenticated attackers to read arbitrary files via the url_name parameter.
|
|||||
| CVE-2013-6225 | 1 Livezilla | 1 Livezilla | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
LiveZilla 5.0.1.4 has a Remote Code Execution vulnerability
|
|||||
| CVE-2013-6056 | 1 Alienvault | 1 Open Source Security Information Management | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
OSSIM before 4.3.3.1 has tele_compress.php path traversal vulnerability
|
|||||
| CVE-2013-4861 | 1 Micasaverde | 2 Veralite, Veralite Firmware | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Directory traversal vulnerability in cgi-bin/cmh/get_file.sh in MiCasaVerde VeraLite with firmware 1.5.408 allows remote authenticated users to read arbirary files via a .. (dot dot) in the filename parameter.
|
|||||
| CVE-2013-4855 | 1 Dlink | 2 Dir-865l, Dir-865l Firmware | 2024-11-21 | 7.9 HIGH | 8.8 HIGH |
|
D-Link DIR-865L has SMB Symlink Traversal due to misconfiguration in the SMB service allowing symbolic links to be created to locations outside of the Samba share.
|
|||||
| CVE-2013-4658 | 1 Linksys | 2 Ea6500, Ea6500 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
Linksys EA6500 has SMB Symlink Traversal allowing symbolic links to be created to locations outside of the Samba share.
|
|||||
| CVE-2013-4657 | 1 Netgear | 4 Wnr3500l, Wnr3500l Firmware, Wnr3500u and 1 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
Symlink Traversal vulnerability in NETGEAR WNR3500U and WNR3500L due to misconfiguration in the SMB service.
|
|||||
| CVE-2013-4656 | 1 Asus | 4 Rt-ac66u, Rt-ac66u Firmware, Rt-n56u and 1 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
Symlink Traversal vulnerability in ASUS RT-AC66U and RT-N56U due to misconfiguration in the SMB service.
|
|||||
| CVE-2013-4654 | 1 Tp-link | 4 Tl-1043nd, Tl-1043nd Firmware, Tl-wdr4300 and 1 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
Symlink Traversal vulnerability in TP-LINK TL-WDR4300 and TL-1043ND..
|
|||||
| CVE-2013-3311 | 1 Loftek | 2 Nexus 543, Nexus 543 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Directory traversal vulnerability in the Loftek Nexus 543 IP Camera allows remote attackers to read arbitrary files via a .. (dot dot) in the URL of an HTTP GET request.
|
|||||
| CVE-2013-3073 | 1 Netgear | 2 Wndr4700, Wndr4700 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
A Symlink Traversal vulnerability exists in NETGEAR Centria WNDR4700 Firmware 1.0.0.34.
|
|||||
| CVE-2013-3001 | 1 Ibm | 1 Infosphere Data Replication Dashboard | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Directory traversal vulnerability in IBM InfoSphere Data Replication Dashboard 9.7 and 10.1 allows remote attackers to read arbitrary files via unspecified vectors. IBM X-Force ID: 84127.
|
|||||
| CVE-2013-2565 | 1 Mambo-foundation | 1 Mambo Cms | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A vulnerability in Mambo CMS v4.6.5 where the scripts thumbs.php, editorFrame.php, editor.php, images.php, manager.php discloses the root path of the webserver.
|
|||||
| CVE-2013-2474 | 1 Aws-dms | 1 Aws Xms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Directory traversal vulnerability in AWS XMS 2.5 allows remote attackers to view arbitrary files via the 'what' parameter.
|
|||||
| CVE-2013-1891 | 2 Microsoft, Opencart | 2 Windows, Opencart | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
|
In OpenCart 1.4.7 to 1.5.5.1, implemented anti-traversal code in filemanager.php is ineffective and can be bypassed.
|
|||||
| CVE-2013-1597 | 1 Vivotek | 2 Pt7135, Pt7135 Firmware | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
A Directory Traversal vulnerability exists in Vivotek PT7135 IP Cameras 0300a and 0400a via a specially crafted GET request, which could let a malicious user obtain user credentials.
|
|||||
| CVE-2012-6664 | 2024-11-21 | N/A | 9.1 CRITICAL | ||
|
Multiple directory traversal vulnerabilities in the TFTP Server in Distinct Intranet Servers 3.10 and earlier allow remote attackers to read or write arbitrary files via a .. (dot dot) in the (1) get or (2) put commands.
|
|||||
| CVE-2012-6652 | 1 Page Flip Book Project | 1 Page Flip Book | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Directory traversal vulnerability in pageflipbook.php script from index.php in Page Flip Book plugin for WordPress (wppageflip) allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pageflipbook_language parameter.
|
|||||
| CVE-2012-6609 | 1 Polycom | 3 Hdx 8000, Hdx Video End Points, Uc Apl | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Directory traversal vulnerability in a_getlog.cgi in Polycom HDX Video End Points before 3.0.4 and UC APL before 2.7.1.J allows remote attackers to read arbitrary files via a .. (dot dot) in the name parameter.
|
|||||
| CVE-2012-3337 | 1 Ibm | 1 Infosphere Guardium | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
IBM InfoSphere Guardium 8.0, 8.01, and 8.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to download arbitrary files on the system. IBM X-Force ID: 78284.
|
|||||
| CVE-2011-4350 | 2 Debian, Yaws | 2 Debian Linux, Yaws | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Yaws 1.91 has a directory traversal vulnerability in the way certain URLs are processed. A remote authenticated user could use this flaw to obtain content of arbitrary local files via specially-crafted URL request.
|
|||||
| CVE-2010-5335 | 1 Icewarp | 1 Webclient | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver and the operating system. Input passed via a certain parameter (script to basic/minimizer/index.php) is not properly sanitised and can therefore be exploited to browse the partition where IceWarp is installed (or the whole system) and read arbitrary files.
|
|||||
| CVE-2010-5334 | 1 Icewarp | 1 Webclient | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver and the operating system. Input passed via a certain parameter (_c to basic/index.html) is not properly sanitised and can therefore be exploited to browse the partition where IceWarp is installed (or the whole system) and read arbitrary files.
|
|||||
| CVE-2010-10011 | 1 Acritum | 1 Femitter Server | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability, which was classified as problematic, was found in Acritum Femitter Server 1.04. Affected is an unknown function. The manipulation leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-250446 is the identifier assigned to this vulnerability.
|
|||||
| CVE-2009-3887 | 1 Ytnef Project | 1 Ytnef | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
ytnef has directory traversal
|
|||||
| CVE-2009-3721 | 2 Gnome, Ytnef Project | 2 Evolution, Ytnef | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Multiple directory traversal and buffer overflow vulnerabilities were discovered in yTNEF, and in Evolution's TNEF parser that is derived from yTNEF. A crafted email could cause these applications to write data in arbitrary locations on the filesystem, crash, or potentially execute arbitrary code when decoding attachments.
|
|||||
| CVE-2005-2349 | 1 Zoo Project | 1 Zoo | 2024-11-20 | 5.0 MEDIUM | 7.5 HIGH |
|
Zoo 2.10 has Directory traversal
|
|||||
| CVE-2005-10002 | 1 Wp-plugins | 1 Secure Files | 2024-11-20 | 5.2 MEDIUM | 5.5 MEDIUM |
|
A vulnerability, which was classified as critical, was found in almosteffortless secure-files Plugin up to 1.1 on WordPress. Affected is the function sf_downloads of the file secure-files.php. The manipulation of the argument downloadfile leads to path traversal. Upgrading to version 1.2 is able to address this issue. The name of the patch is cab025e5fc2bcdad8032d833ebc38e6bd2a13c92. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-243804.
|
|||||
| CVE-2024-11309 | 1 Trcore | 1 Dvc | 2024-11-20 | N/A | 7.5 HIGH |
|
The DVC from TRCore has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files.
|
|||||
| CVE-2024-11310 | 1 Trcore | 1 Dvc | 2024-11-20 | N/A | 7.5 HIGH |
|
The DVC from TRCore has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files.
|
|||||
| CVE-2024-11311 | 1 Trcore | 1 Dvc | 2024-11-20 | N/A | 9.8 CRITICAL |
|
The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells.
|
|||||
| CVE-2024-11312 | 1 Trcore | 1 Dvc | 2024-11-20 | N/A | 9.8 CRITICAL |
|
The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells.
|
|||||
| CVE-2024-11313 | 1 Trcore | 1 Dvc | 2024-11-20 | N/A | 9.8 CRITICAL |
|
The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells.
|
|||||