Total
8266 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-2583 | 1 Linux-pam | 1 Linux-pam | 2025-04-12 | 5.8 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in pam_timestamp.c in the pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users to create arbitrary files or possibly bypass authentication via a .. (dot dot) in the (1) PAM_RUSER value to the get_ruser function or (2) PAM_TTY value to the check_tty function, which is used by the format_timestamp_name function.
|
|||||
| CVE-2014-4577 | 1 Websupporter | 1 Wp Amasin - The Amazon Affiliate Shop | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Absolute path traversal vulnerability in reviews.php in the WP AmASIN - The Amazon Affiliate Shop plugin 0.9.6 and earlier for WordPress allows remote attackers to read arbitrary files via a full pathname in the url parameter.
|
|||||
| CVE-2015-2166 | 1 Ericsson | 1 Drutt Mobile Service Delivery Platform | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in the Instance Monitor in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, and 6 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the default URI.
|
|||||
| CVE-2015-2071 | 1 Etouch | 1 Samepage | 2025-04-12 | 4.0 MEDIUM | N/A |
|
Directory traversal vulnerability in cm/newui/blog/export.jsp in eTouch SamePage Enterprise Edition 4.4.0.0.239 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the filepath parameter.
|
|||||
| CVE-2015-6914 | 1 Mindbite | 1 Sitefactory Cms | 2025-04-12 | 7.8 HIGH | N/A |
|
Absolute path traversal vulnerability in SiteFactory CMS 5.5.9 allows remote attackers to read arbitrary files via a full pathname in the file parameter to assets/download.aspx.
|
|||||
| CVE-2015-3648 | 1 Montala | 1 Resourcespace | 2025-04-12 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in pages/setup.php in Montala Limited ResourceSpace before 7.2.6727 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the defaultlanguage parameter.
|
|||||
| CVE-2016-5639 | 1 Crestron | 2 Airmedia Am-100, Airmedia Am-100 Firmware | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
Directory traversal vulnerability in cgi-bin/login.cgi on Crestron AirMedia AM-100 devices with firmware before 1.4.0.13 allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter.
|
|||||
| CVE-2012-4920 | 2 Wordpress, Zingiri | 2 Wordpress, Forums | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in the zing_forum_output function in forum.php in the Zingiri Forum (aka Forums) plugin before 1.4.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter to index.php.
|
|||||
| CVE-2015-8228 | 1 Huawei | 10 Ar120, Ar1200, Ar150 and 7 more | 2025-04-12 | 4.0 MEDIUM | N/A |
|
Directory traversal vulnerability in the SFTP server in Huawei AR 120, 150, 160, 200, 500, 1200, 2200, 3200, and 3600 routers with software before V200R006SPH003 allows remote authenticated users to access arbitrary directories via unspecified vectors.
|
|||||
| CVE-2013-6975 | 1 Cisco | 1 Nx-os | 2025-04-12 | 4.6 MEDIUM | N/A |
|
Directory traversal vulnerability in the command-line interface in Cisco NX-OS 6.2(2a) and earlier allows local users to read arbitrary files via unspecified input, aka Bug ID CSCul05217.
|
|||||
| CVE-2016-5092 | 1 Fortinet | 1 Fortiweb | 2025-04-12 | 4.0 MEDIUM | 4.9 MEDIUM |
|
Directory traversal vulnerability in Fortinet FortiWeb before 5.5.3 allows remote authenticated administrators with read and write privileges to read arbitrary files by leveraging the autolearn feature.
|
|||||
| CVE-2013-3514 | 1 Openx | 1 Openx | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in OpenX before 2.8.10 revision 82710 allow remote administrators to read arbitrary files via a .. (dot dot) in the group parameter to (1) plugin-preferences.php or (2) plugin-settings.php in www/admin, a different vulnerability than CVE-2013-7376. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to read arbitrary files.
|
|||||
| CVE-2014-3625 | 2 Pivotal Software, Vmware | 2 Spring Framework, Spring Framework | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling.
|
|||||
| CVE-2015-3897 | 1 Bonitasoft | 1 Bonita Bpm Portal | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Bonita BPM Portal before 6.5.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the theme parameter and a file path in the location parameter to bonita/portal/themeResource.
|
|||||
| CVE-2016-2097 | 1 Rubyonrails | 2 Rails, Ruby On Rails | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.2 and 4.x before 4.1.14.2 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-0752.
|
|||||
| CVE-2015-1830 | 2 Apache, Microsoft | 2 Activemq, Windows | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in the fileserver upload/download functionality for blob messages in Apache ActiveMQ 5.x before 5.11.2 for Windows allows remote attackers to create JSP files in arbitrary directories via unspecified vectors.
|
|||||
| CVE-2014-2626 | 1 Hp | 1 Network Virtualization | 2025-04-12 | 9.4 HIGH | N/A |
|
Directory traversal vulnerability in the toServerObject function in HP Network Virtualization 8.6 (aka Shunra Network Virtualization) allows remote attackers to create files, and consequently execute arbitrary code, via crafted input, aka ZDI-CAN-2024.
|
|||||
| CVE-2015-4694 | 1 Zip Attachments Project | 1 Zip Attachments | 2025-04-12 | 5.0 MEDIUM | 8.6 HIGH |
|
Directory traversal vulnerability in download.php in the Zip Attachments plugin before 1.5.1 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the za_file parameter.
|
|||||
| CVE-2015-2950 | 1 Open Explorer Beta Project | 1 Open Explorer Beta | 2025-04-12 | 6.4 MEDIUM | N/A |
|
Directory traversal vulnerability in the Brandon Bowles Open Explorer application before 0.254 Beta for Android allows remote attackers to write to arbitrary files via a crafted filename.
|
|||||
| CVE-2014-9375 | 1 Lexmark | 1 Markvision Enterprise | 2025-04-12 | 9.0 HIGH | N/A |
|
Directory traversal vulnerability in the LibraryFileUploadServlet servlet in Lexmark Markvision Enterprise allows remote authenticated users to write to and execute arbitrary files via a .. (dot dot) in a file path in a ZIP archive.
|
|||||
| CVE-2014-3777 | 1 Reportico | 1 Php Report Designer | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Reportico PHP Report Designer before 4.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the xmlin parameter.
|
|||||
| CVE-2014-9234 | 1 D-link | 2 Dcs-2103 Hd Cube Network Camera, Dcs-2103 Hd Cube Network Camera Firmware | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in cgi-bin/sddownload.cgi in D-link IP camera DCS-2103 with firmware 1.0.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
|
|||||
| CVE-2016-1145 | 1 Nec | 1 Expresscluster X | 2025-04-12 | 7.8 HIGH | 7.5 HIGH |
|
Directory traversal vulnerability in WebManager in NEC EXPRESSCLUSTER X through 3.3 11.31 on Windows and through 3.3 3.3.1-1 on Linux and Solaris allows remote attackers to read arbitrary files via unspecified vectors.
|
|||||
| CVE-2015-1192 | 1 Kgb Project | 1 Kgb | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Absolute path traversal vulnerability in kgb 1.0b4 allows remote attackers to write to arbitrary files via a full pathname in a crafted archive.
|
|||||
| CVE-2014-9581 | 1 Codiad | 1 Codiad | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in components/filemanager/download.php in Codiad 2.4.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter. NOTE: this issue was originally incorrectly mapped to CVE-2014-1137; see CVE-2014-1137 for more information.
|
|||||
| CVE-2013-1806 | 1 Php-fusion | 1 Php-fusion | 2025-04-12 | 6.5 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in PHP-Fusion before 7.02.06 allow remote authenticated users to include and execute arbitrary files via a .. (dot dot) in the (1) user_theme parameter to maincore.php; or remote authenticated administrators to delete arbitrary files via the (2) enable parameter to administration/user_fields.php or (3) file parameter to administration/db_backup.php.
|
|||||
| CVE-2015-2243 | 1 Webshophun | 1 Webshop Hun | 2025-04-12 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in Webshop hun 1.062S allows remote attackers to have unspecified impact via directory traversal sequences in the mappa parameter to index.php.
|
|||||
| CVE-2014-2575 | 1 Devexpress | 1 Aspxfilemanager Control For Webforms And Mvc | 2025-04-12 | 6.5 MEDIUM | N/A |
|
Directory traversal vulnerability in the File Manager component in DevExpress ASPxFileManager Control for ASP.NET WebForms and MVC before 13.1.10 and 13.2.x before 13.2.9 allows remote authenticated users to read or write arbitrary files via a .. (dot dot) in the __EVENTARGUMENT parameter.
|
|||||
| CVE-2016-1525 | 1 Netgear | 1 Prosafe Network Management Software 300 | 2025-04-12 | 7.8 HIGH | 8.6 HIGH |
|
Directory traversal vulnerability in data/config/image.do in NETGEAR Management System NMS300 1.5.0.11 and earlier allows remote authenticated users to read arbitrary files via a .. (dot dot) in the realName parameter.
|
|||||
| CVE-2014-7819 | 1 Sprockets Project | 1 Sprockets | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in server.rb in Sprockets before 2.0.5, 2.1.x before 2.1.4, 2.2.x before 2.2.3, 2.3.x before 2.3.3, 2.4.x before 2.4.6, 2.5.x before 2.5.1, 2.6.x and 2.7.x before 2.7.1, 2.8.x before 2.8.3, 2.9.x before 2.9.4, 2.10.x before 2.10.2, 2.11.x before 2.11.3, 2.12.x before 2.12.3, and 3.x before 3.0.0.beta.3, as distributed with Ruby on Rails 3.x and 4.x, allow remote attackers to determine the existence of files outside the application root via a ../ (dot ...
Show More |
|||||
| CVE-2015-6003 | 1 Qnap | 1 Qts | 2025-04-12 | 9.3 HIGH | N/A |
|
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.
|
|||||
| CVE-2014-4941 | 1 Cross-rss Plugin Project | 1 Wp-cross-rss | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Absolute path traversal vulnerability in Cross-RSS (wp-cross-rss) plugin 1.7 for WordPress allows remote attackers to read arbitrary files via a full pathname in the rss parameter to proxy.php.
|
|||||
| CVE-2015-0906 | 1 Lhaplus | 1 Lhaplus | 2025-04-12 | 5.8 MEDIUM | N/A |
|
Directory traversal vulnerability in Lhaplus before 1.70 allows remote attackers to write to arbitrary files via a crafted archive.
|
|||||
| CVE-2014-9452 | 1 Vdgsecurity | 1 Vdg Sense | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in VDG Security SENSE (formerly DIVA) 2.3.13 allows remote attackers to read arbitrary files via a .. (dot dot) in the default URI to images/.
|
|||||
| CVE-2011-5273 | 1 Gplhost | 1 Domain Technologie Control | 2025-04-12 | 6.5 MEDIUM | N/A |
|
Directory traversal vulnerability in shared/package-installer in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary PHP code via a .. (dot dot) in the pkg parameter in a do_install action to dtc/.
|
|||||
| CVE-2014-0605 | 1 Attachmate | 1 Reflection Ftp Client | 2025-04-12 | 10.0 HIGH | N/A |
|
Directory traversal vulnerability in the rftpcom.dll ActiveX control in Attachmate Reflection FTP Client before 14.1.429 allows remote attackers to execute arbitrary code via unspecified vectors to the SaveSettings method.
|
|||||
| CVE-2014-1974 | 1 Lyesoft | 1 Andexplorer | 2025-04-12 | 6.4 MEDIUM | N/A |
|
Directory traversal vulnerability in the LYSESOFT AndExplorer application before 20140403 and AndExplorerPro application before 20140405 for Android allows attackers to overwrite or create arbitrary files via unspecified vectors.
|
|||||
| CVE-2014-6308 | 1 Osclass | 1 Osclass | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in OSClass before 3.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter in a render action to oc-admin/index.php.
|
|||||
| CVE-2014-2611 | 1 Hp | 1 Executive Scorecard | 2025-04-12 | 9.0 HIGH | N/A |
|
Directory traversal vulnerability in the fndwar web application in HP Executive Scorecard 9.40 and 9.41 allows remote authenticated users to execute arbitrary code, or obtain sensitive information or delete data, via unspecified vectors, aka ZDI-CAN-2120.
|
|||||
| CVE-2014-2976 | 1 Sixnet | 1 Sixview Manager | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Sixnet SixView Manager 2.4.1 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request to TCP port 18081.
|
|||||