Total
8266 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-2059 | 1 Jenkins | 1 Jenkins | 2025-04-12 | 6.5 MEDIUM | N/A |
|
Directory traversal vulnerability in the CLI job creation (hudson/cli/CreateJobCommand.java) in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to overwrite arbitrary files via the job name.
|
|||||
| CVE-2014-0358 | 1 Xangati | 2 Xangati Software Release, Xangati Xnr | 2025-04-12 | 7.8 HIGH | N/A |
|
Multiple directory traversal vulnerabilities in Xangati XSR before 11 and XNR before 7 allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the file parameter in a getUpgradeStatus action to servlet/MGConfigData, (2) the download parameter in a download action to servlet/MGConfigData, (3) the download parameter in a port_svc action to servlet/MGConfigData, (4) the file parameter in a getfile action to servlet/Installer, or (5) the binfile parameter to servlet/MGConfigData.
|
|||||
| CVE-2014-7866 | 1 Zohocorp | 3 Manageengine It360, Manageengine Opmanager, Manageengine Social It Plus | 2025-04-12 | 7.5 HIGH | N/A |
|
Multiple directory traversal vulnerabilities in ZOHO ManageEngine OpManager 8 (build 88xx) through 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allow remote attackers or remote authenticated users to write and execute arbitrary files via a .. (dot dot) in the (1) fileName parameter to the MigrateLEEData servlet or (2) zipFileName parameter in a downloadFileFromProbe operation to the MigrateCentralData servlet.
|
|||||
| CVE-2015-1490 | 1 Symantec | 1 Endpoint Protection Manager | 2025-04-12 | 5.5 MEDIUM | N/A |
|
Directory traversal vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to read arbitrary files via a relative pathname in a client installation package.
|
|||||
| CVE-2015-2007 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2025-04-12 | 4.0 MEDIUM | 5.0 MEDIUM |
|
Directory traversal vulnerability in IBM Security QRadar SIEM 7.2.x before 7.2.5 Patch 6 allows remote authenticated users to read arbitrary files via a crafted URL.
|
|||||
| CVE-2015-1003 | 1 Ininet Solutions | 1 Scada Web Server | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in IniNet embeddedWebServer (aka eWebServer) before 2.02 allows remote attackers to read arbitrary files via a crafted pathname.
|
|||||
| CVE-2015-1550 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-04-12 | 9.0 HIGH | N/A |
|
Directory traversal vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allows remote administrators to execute arbitrary files via unspecified vectors.
|
|||||
| CVE-2014-6035 | 1 Zohocorp | 1 Manageengine Opmanager | 2025-04-12 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in the FileCollector servlet in ZOHO ManageEngine OpManager 11.4, 11.3, and earlier allows remote attackers to write and execute arbitrary files via a .. (dot dot) in the FILENAME parameter.
|
|||||
| CVE-2016-1212 | 1 Futomi | 1 Mp Form Mail Cgi | 2025-04-12 | 4.0 MEDIUM | 2.7 LOW |
|
Directory traversal vulnerability in futomi MP Form Mail CGI Professional Edition 3.2.3 and earlier allows remote authenticated administrators to read arbitrary files via unspecified vectors.
|
|||||
| CVE-2015-7815 | 1 Matomo | 1 Matomo | 2025-04-12 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in core/ViewDataTable/Factory.php in Piwik before 2.15.0 allows remote attackers to include and execute arbitrary local files via the viewDataTable parameter.
|
|||||
| CVE-2014-2535 | 1 Mcafee | 1 Web Gateway | 2025-04-12 | 4.0 MEDIUM | N/A |
|
Directory traversal vulnerability in McAfee Web Gateway (MWG) 7.4.x before 7.4.1, 7.3.x before 7.3.2.6, and 7.2.0.9 and earlier allows remote authenticated users to read arbitrary files via a crafted request to the web filtering port.
|
|||||
| CVE-2016-10037 | 1 Modx | 1 Modx Revolution | 2025-04-12 | 7.5 HIGH | 7.3 HIGH |
|
Directory traversal in /connectors/index.php in MODX Revolution before 2.5.2-pl allows remote attackers to perform local file inclusion/traversal/manipulation via a crafted id (aka dir) parameter, related to browser/directory/getlist.
|
|||||
| CVE-2014-9282 | 1 Speed Software | 2 Explorer, Root Explorer | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in the Speed Root Explorer application before 3.2 for Android and the Speed Explorer application before 2.2 for Android allows remote attackers to write to arbitrary files via a crafted filename.
|
|||||
| CVE-2014-2625 | 1 Hp | 1 Network Virtualization | 2025-04-12 | 8.5 HIGH | N/A |
|
Directory traversal vulnerability in the storedNtxFile function in HP Network Virtualization 8.6 (aka Shunra Network Virtualization) allows remote attackers to read arbitrary files via crafted input, aka ZDI-CAN-2023.
|
|||||
| CVE-2016-1231 | 3 Debian, Fedoraproject, Prosody | 3 Debian Linux, Fedora, Prosody | 2025-04-12 | 4.3 MEDIUM | 5.9 MEDIUM |
|
Directory traversal vulnerability in the HTTP file-serving module (mod_http_files) in Prosody 0.9.x before 0.9.9 allows remote attackers to read arbitrary files via a .. (dot dot) in an unspecified path.
|
|||||
| CVE-2014-8606 | 1 Xcloner | 1 Xcloner | 2025-04-12 | 4.0 MEDIUM | N/A |
|
Directory traversal vulnerability in the XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! allows remote administrators to read arbitrary files via a .. (dot dot) in the file parameter in a json_return action in the xcloner_show page to wp-admin/admin-ajax.php.
|
|||||
| CVE-2014-4940 | 1 Tera Charts Plugin Project | 1 Tera-charts | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in Tera Charts (tera-charts) plugin 0.1 for WordPress allow remote attackers to read arbitrary files via a .. (dot dot) in the fn parameter to (1) charts/treemap.php or (2) charts/zoomabletreemap.php.
|
|||||
| CVE-2015-2996 | 1 Sysaid | 1 Sysaid | 2025-04-12 | 8.5 HIGH | N/A |
|
Multiple directory traversal vulnerabilities in SysAid Help Desk before 15.2 allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the fileName parameter to getGfiUpgradeFile or (2) cause a denial of service (CPU and memory consumption) via a .. (dot dot) in the fileName parameter to calculateRdsFileChecksum.
|
|||||
| CVE-2015-0516 | 1 Emc | 2 Vipr Srm, Watch4net | 2025-04-12 | 4.0 MEDIUM | N/A |
|
Directory traversal vulnerability in EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 allows remote authenticated users to read arbitrary files via a crafted URL.
|
|||||
| CVE-2016-9210 | 1 Cisco | 1 Unified Communications Manager | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
A vulnerability in the Cisco Unified Reporting upload tool accessed via the Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to modify arbitrary files on the file system. More Information: CSCvb61698. Known Affected Releases: 11.5(1.11007.2). Known Fixed Releases: 12.0(0.98000.168) 12.0(0.98000.178) 12.0(0.98000.399) 12.0(0.98000.510) 12.0(0.98000.536) 12.0(0.98500.7).
|
|||||
| CVE-2014-8799 | 1 Dukapress | 1 Dukapress | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in the dp_img_resize function in php/dp-functions.php in the DukaPress plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter to lib/dp_image.php.
|
|||||
| CVE-2013-2641 | 1 Sophos | 2 Web Appliance, Web Appliance Firmware | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in patience.cgi in Sophos Web Appliance before 3.7.8.2 allows remote attackers to read arbitrary files via the id parameter.
|
|||||
| CVE-2015-2971 | 1 Seeds | 1 Acmailer | 2025-04-12 | 5.5 MEDIUM | N/A |
|
Directory traversal vulnerability in Seeds acmailer before 3.8.18 and 3.9.x before 3.9.12 Beta allows remote authenticated users to delete arbitrary files via a crafted string.
|
|||||
| CVE-2014-9155 | 1 Avatar Uploader Project | 1 Avatar Uploader | 2025-04-12 | 4.0 MEDIUM | N/A |
|
Directory traversal vulnerability in the Avatar Uploader module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.0-beta6 for Drupal allows remote authenticated users to read arbitrary files via a .. (dot dot) in the path of a cropped picture in the uploader panel.
|
|||||
| CVE-2013-5639 | 1 Raoul Proenca | 1 Gnew | 2025-04-12 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in users/login.php in Gnew 2013.1 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the gnew_language cookie.
|
|||||
| CVE-2016-6038 | 1 Ibm | 1 Aix | 2025-04-12 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Directory traversal vulnerability in Eclipse Help in IBM Tivoli Lightweight Infrastructure (aka LWI), as used in AIX 5.3, 6.1, and 7.1, allows remote authenticated users to read arbitrary files via a crafted URL.
|
|||||
| CVE-2016-1605 | 1 Netiq | 1 Sentinel | 2025-04-12 | 6.8 MEDIUM | 6.5 MEDIUM |
|
Directory traversal vulnerability in the ReportViewServlet servlet in the server in NetIQ Sentinel 7.4.x before 7.4.2 allows remote attackers to read arbitrary files via a PREVIEW value for the fileType field.
|
|||||
| CVE-2014-5115 | 1 Dirphp Project | 1 Dirphp | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Absolute path traversal vulnerability in DirPHP 1.0 allows remote attackers to read arbitrary files via a full pathname in the phpfile parameter to index.php.
|
|||||
| CVE-2015-2970 | 1 Lemon-s Php | 1 Simple Oekaki | 2025-04-12 | 6.4 MEDIUM | N/A |
|
index.php in LEMON-S PHP Simple Oekaki BBS before 1.21 allows remote attackers to delete arbitrary files via the oekakis parameter.
|
|||||
| CVE-2014-6194 | 1 Ibm | 12 Change And Configuration Management Database, Maximo Asset Management, Maximo Asset Management Essentials and 9 more | 2025-04-12 | 4.0 MEDIUM | N/A |
|
Directory traversal vulnerability in an unspecified web form in IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX007, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to read arbitrary files via a .. (dot dot) in a pathname.
|
|||||
| CVE-2015-2990 | 1 Neojapan | 1 Desknet Neo | 2025-04-12 | 4.0 MEDIUM | N/A |
|
Directory traversal vulnerability in zhtml.cgi in NEOJAPAN desknet NEO 2.0R1.0 through 2.5R1.4 allows remote authenticated users to read arbitrary files via a crafted parameter.
|
|||||
| CVE-2015-4414 | 1 Se Html5 Album Audio Player Project | 1 Se Html5 Album Audio Player | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in download_audio.php in the SE HTML5 Album Audio Player (se-html5-album-audio-player) plugin 1.1.0 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
|
|||||
| CVE-2014-5465 | 1 Werdswords | 1 Download Shortcode | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in force-download.php in the Download Shortcode plugin 0.2.3 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
|
|||||
| CVE-2014-5446 | 1 Zohocorp | 2 Manageengine It360, Manageengine Netflow Analyzer | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in the DisplayChartPDF servlet in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 allows remote attackers and remote authenticated users to read arbitrary files via a .. (dot dot) in the filename parameter.
|
|||||
| CVE-2015-1195 | 1 Openstack | 1 Image Registry And Delivery Service \(glance\) | 2025-04-12 | 6.5 MEDIUM | N/A |
|
The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.1.4 and 2014.2.x before 2014.2.2 allows remote authenticated users to read or delete arbitrary files via a full pathname in a filesystem: URL in the image location property. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-9493.
|
|||||
| CVE-2014-8737 | 3 Canonical, Fedoraproject, Gnu | 3 Ubuntu Linux, Fedora, Binutils | 2025-04-12 | 3.6 LOW | N/A |
|
Multiple directory traversal vulnerabilities in GNU binutils 2.24 and earlier allow local users to delete arbitrary files via a .. (dot dot) or full path name in an archive to (1) strip or (2) objcopy or create arbitrary files via (3) a .. (dot dot) or full path name in an archive to ar.
|
|||||
| CVE-2010-5323 | 1 Novell | 1 Zenworks Configuration Management | 2025-04-12 | 10.0 HIGH | N/A |
|
Directory traversal vulnerability in UploadServlet in the Remote Management component in Novell ZENworks Configuration Management (ZCM) 10 before 10.3 allows remote attackers to execute arbitrary code via a crafted WAR pathname in the filename parameter in conjunction with WAR content in the POST data, a different vulnerability than CVE-2010-5324.
|
|||||
| CVE-2014-9574 | 1 Fluxbb | 1 Fluxbb | 2025-04-12 | 9.3 HIGH | N/A |
|
Directory traversal vulnerability in install.php in FluxBB before 1.5.8 allows remote attackers to include and execute arbitrary local install.php files via a .. (dot dot) in the install_lang parameter.
|
|||||
| CVE-2014-5005 | 1 Zohocorp | 1 Manageengine Desktop Central | 2025-04-12 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) before 9 build 90055 allows remote attackers to execute arbitrary code via a .. (dot dot) in the fileName parameter in an LFU action to statusUpdate.
|
|||||
| CVE-2015-5531 | 1 Elasticsearch | 1 Elasticsearch | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Elasticsearch before 1.6.1 allows remote attackers to read arbitrary files via unspecified vectors related to snapshot API calls.
|
|||||