Total
8266 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-39369 | 1 Philips | 4 Myvue, Speech, Vue Motion and 1 more | 2025-04-14 | N/A | 6.5 MEDIUM |
|
In Philips (formerly Carestream) Vue MyVue PACS through 12.2.x.x, the VideoStream function allows Path Traversal by authenticated users to access files stored outside of the web root.
|
|||||
| CVE-2024-34315 | 1 Cmseasy | 1 Cmseasy | 2025-04-14 | N/A | 7.5 HIGH |
|
CmsEasy v7.7.7.9 was discovered to contain a local file inclusion vunerability via the file_get_contents function in the fckedit_action method of /admin/template_admin.php. This vulnerability allows attackers to read arbitrary files.
|
|||||
| CVE-2024-32163 | 1 Cmseasy | 1 Cmseasy | 2025-04-14 | N/A | 6.4 MEDIUM |
|
CMSeasy 7.7.7.9 is vulnerable to code execution.
|
|||||
| CVE-2023-40279 | 1 Openclinic Ga Project | 1 Openclinic Ga | 2025-04-14 | N/A | 7.5 HIGH |
|
An issue was discovered in OpenClinic GA 5.247.01. An attacker can perform a directory path traversal via the Page parameter in a GET request to main.do.
|
|||||
| CVE-2023-40280 | 1 Openclinic Ga Project | 1 Openclinic Ga | 2025-04-14 | N/A | 7.5 HIGH |
|
An issue was discovered in OpenClinic GA 5.247.01. An attacker can perform a directory path traversal via the Page parameter in a GET request to popup.jsp.
|
|||||
| CVE-2015-0933 | 1 Sharelatex | 1 Sharelatex | 2025-04-12 | 3.5 LOW | N/A |
|
Absolute path traversal vulnerability in ShareLaTeX 0.1.3 and earlier, when the paranoid openin_any setting is omitted, allows remote authenticated users to read arbitrary files via a \include command.
|
|||||
| CVE-2015-4716 | 2 Microsoft, Owncloud | 3 Windows, Owncloud, Owncloud Server | 2025-04-12 | 10.0 HIGH | N/A |
|
Directory traversal vulnerability in the routing component in ownCloud Server before 7.0.6 and 8.0.x before 8.0.4, when running on Windows, allows remote attackers to reinstall the application or execute arbitrary code via unspecified vectors.
|
|||||
| CVE-2014-1841 | 1 Southrivertech | 1 Titan Ftp Server | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to copy an arbitrary user's home folder via a Move action with a .. (dot dot) in the src parameter.
|
|||||
| CVE-2013-4413 | 2 Ruby-lang, Schneems | 2 Ruby, Wicked | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in controller/concerns/render_redirect.rb in the Wicked gem before 1.0.1 for Ruby allows remote attackers to read arbitrary files via a %2E%2E%2F (encoded dot dot slash) in the step.
|
|||||
| CVE-2014-8659 | 1 Sap | 1 Environment Health And Safety | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in SAP Environment, Health, and Safety allows remote attackers to read arbitrary files via unspecified vectors.
|
|||||
| CVE-2014-2864 | 1 Paperthin | 1 Commonspot Content Server | 2025-04-12 | 10.0 HIGH | N/A |
|
Multiple directory traversal vulnerabilities in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allow remote attackers to have an unspecified impact via a filename parameter containing directory traversal sequences.
|
|||||
| CVE-2014-3225 | 1 Cobblerd | 1 Cobbler | 2025-04-12 | 4.0 MEDIUM | N/A |
|
Absolute path traversal vulnerability in the web interface in Cobbler 2.4.x through 2.6.x allows remote authenticated users to read arbitrary files via the Kickstart field in a profile.
|
|||||
| CVE-2011-4696 | 1 Eye | 1 Eye-fi Helper | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Directory traversal vulnerability in Eye-Fi Helper before 3.4.23 allows man-in-the-middle attackers to create arbitrary files via a .. (dot dot) in the filesignature in a GetPhotoStatus request.
|
|||||
| CVE-2016-2872 | 1 Ibm | 2 Qradar Security Information And Event Manager, Security Qradar Incident Forensics | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Directory traversal vulnerability in IBM Security QRadar SIEM 7.2.x before 7.2.7 and QRadar Incident Forensics 7.2.x before 7.2.7 allows remote attackers to read arbitrary files via a crafted URL.
|
|||||
| CVE-2015-5353 | 1 Novius-os | 1 Novius Os | 2025-04-12 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in Novius OS 5.0.1 (Elche) allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tab parameter to admin/.
|
|||||
| CVE-2015-4152 | 1 Elastic | 1 Logstash | 2025-04-12 | 6.4 MEDIUM | N/A |
|
Directory traversal vulnerability in the file output plugin in Elasticsearch Logstash before 1.4.3 allows remote attackers to write to arbitrary files via vectors related to dynamic field references in the path option.
|
|||||
| CVE-2014-8019 | 1 Cisco | 1 Enterprise Content Delivery System | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Cisco Enterprise Content Delivery System (ECDS) allows remote attackers to read arbitrary files via a crafted URL, aka Bug ID CSCuo90148.
|
|||||
| CVE-2014-4929 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-12 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in the routing component in ownCloud Server before 5.0.17 and 6.0.x before 6.0.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in a filename, related to index.php.
|
|||||
| CVE-2014-1442 | 1 Coreftp | 1 Core Ftp | 2025-04-12 | 4.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Core FTP Server 1.2 before build 515 allows remote authenticated users to determine the existence of arbitrary files via a /../ sequence in an XCRC command.
|
|||||
| CVE-2015-3337 | 1 Elasticsearch | 1 Elasticsearch | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Directory traversal vulnerability in Elasticsearch before 1.4.5 and 1.5.x before 1.5.2, when a site plugin is enabled, allows remote attackers to read arbitrary files via unspecified vectors.
|
|||||
| CVE-2013-3739 | 1 Network-weathermap | 1 .network Weathermap | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in editor.php in Network Weathermap 0.97c and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the mapname parameter in a show_config action.
|
|||||
| CVE-2016-6614 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-12 | 4.3 MEDIUM | 6.8 MEDIUM |
|
An issue was discovered in phpMyAdmin involving the %u username replacement functionality of the SaveDir and UploadDir features. When the username substitution is configured, a specially-crafted user name can be used to circumvent restrictions to traverse the file system. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.
|
|||||
| CVE-2015-4289 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2025-04-12 | 6.4 MEDIUM | N/A |
|
Directory traversal vulnerability in Cisco AnyConnect Secure Mobility Client 4.0(2049) allows remote head-end systems to write to arbitrary files via a crafted configuration attribute, aka Bug ID CSCut93920.
|
|||||
| CVE-2011-4722 | 1 Ipswitch | 1 Tftp Server | 2025-04-12 | 7.8 HIGH | N/A |
|
Directory traversal vulnerability in the TFTP Server 1.0.0.24 in Ipswitch WhatsUp Gold allows remote attackers to read arbitrary files via a .. (dot dot) in the Filename field of an RRQ operation.
|
|||||
| CVE-2014-9461 | 1 Reality66 | 1 Cart66 Lite | 2025-04-12 | 3.5 LOW | N/A |
|
Directory traversal vulnerability in models/Cart66.php in the Cart66 Lite plugin before 1.5.4 for WordPress allows remote authenticated users to read arbitrary files via a .. (dot dot) in the member_download action to wp-admin/admin-ajax.php.
|
|||||
| CVE-2014-4937 | 1 Bookx Plugin Project | 1 Bookx | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in includes/bookx_export.php BookX plugin 1.7 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
|
|||||
| CVE-2016-9878 | 2 Pivotal Software, Vmware | 2 Spring Framework, Spring Framework | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.
|
|||||
| CVE-2015-4425 | 1 Pimcore | 1 Pimcore | 2025-04-12 | 4.9 MEDIUM | N/A |
|
Directory traversal vulnerability in pimcore before build 3473 allows remote authenticated users with the "assets" permission to create or write to arbitrary files via a .. (dot dot) in the dir parameter to admin/asset/add-asset-compatibility.
|
|||||
| CVE-2015-7237 | 1 Mcafee | 1 Mcafee Agent | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in the remote log viewing functionality in McAfee Agent (MA) 5.x before 5.0.2 allows remote attackers to obtain sensitive information via unspecified vectors.
|
|||||
| CVE-2016-5332 | 1 Vmware | 1 Vrealize Log Insight | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Directory traversal vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.6.0 allows remote attackers to read arbitrary files via unspecified vectors.
|
|||||
| CVE-2014-5006 | 1 Zohocorp | 1 Manageengine Desktop Central | 2025-04-12 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) before 9 build 90055 allows remote attackers to execute arbitrary code via a .. (dot dot) in the fileName parameter to mdm/mdmLogUploader.
|
|||||
| CVE-2014-3317 | 1 Cisco | 1 Unified Communications Manager | 2025-04-12 | 5.5 MEDIUM | N/A |
|
Directory traversal vulnerability in the Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager 10.0(1) allows remote authenticated users to delete arbitrary files via a crafted URL, aka Bug ID CSCup76314.
|
|||||
| CVE-2014-1842 | 1 Southrivertech | 1 Titan Ftp Server | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to list all usernames via a Go action with a .. (dot dot) in the search-bar value.
|
|||||
| CVE-2015-0171 | 1 Ibm | 1 Security Siteprotector System | 2025-04-12 | 5.5 MEDIUM | N/A |
|
Directory traversal vulnerability in IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to write to arbitrary files via unspecified vectors.
|
|||||
| CVE-2016-5970 | 1 Ibm | 1 Security Privileged Identity Manager Virtual Appliance | 2025-04-12 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Directory traversal vulnerability in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URL.
|
|||||
| CVE-2015-4546 | 1 Emc | 2 Rsa Certificate Manager, Rsa Onestep | 2025-04-12 | 7.8 HIGH | N/A |
|
Directory traversal vulnerability in EMC RSA OneStep 6.9 before build 559, as used in RSA Certificate Manager and RSA Registration Manager through 6.9 build 558 and other products, allows remote attackers to read arbitrary files via a crafted KCSOSC_ERROR_PAGE parameter.
|
|||||
| CVE-2014-3975 | 1 Auracms | 1 Auracms | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Absolute path traversal vulnerability in filemanager.php in AuraCMS 3.0 allows remote attackers to list a directory via a full pathname in the viewdir parameter.
|
|||||
| CVE-2011-3602 | 1 Litech | 1 Router Advertisement Daemon | 2025-04-12 | 6.4 MEDIUM | N/A |
|
Directory traversal vulnerability in device-linux.c in the router advertisement daemon (radvd) before 1.8.2 allows local users to overwrite arbitrary files, and remote attackers to overwrite certain files, via a .. (dot dot) in an interface name. NOTE: this can be leveraged with a symlink to overwrite arbitrary files.
|
|||||
| CVE-2015-7372 | 1 Revive-adserver | 1 Revive Adserver | 2025-04-12 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in delivery-dev/al.php in Revive Adserver before 3.2.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the layerstyle parameter.
|
|||||
| CVE-2014-2610 | 1 Hp | 1 Executive Scorecard | 2025-04-12 | 7.1 HIGH | N/A |
|
Directory traversal vulnerability in the Content Acceleration Pack (CAP) web application in HP Executive Scorecard 9.40 and 9.41 allows remote authenticated users to execute arbitrary code by uploading an executable file, aka ZDI-CAN-2117.
|
|||||