Total
8266 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-8794 | 1 Roundcube | 1 Roundcube Webmail | 2025-04-12 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Absolute path traversal vulnerability in program/steps/addressbook/photo.inc in Roundcube before 1.0.6 and 1.1.x before 1.1.2 allows remote authenticated users to read arbitrary files via a full pathname in the _alt parameter, related to contact photo handling.
|
|||||
| CVE-2015-1807 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | 3.5 LOW | N/A |
|
Directory traversal vulnerability in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with certain permissions to read arbitrary files via a symlink, related to building artifacts.
|
|||||
| CVE-2014-0604 | 1 Attachmate | 1 Reflection Ftp Client | 2025-04-12 | 10.0 HIGH | N/A |
|
Directory traversal vulnerability in the rftpcom.dll ActiveX control in Attachmate Reflection FTP Client before 14.1.429 allows remote attackers to execute arbitrary code via unspecified vectors to the StartLog method.
|
|||||
| CVE-2014-5319 | 1 S-link | 1 Slfilemanager | 2025-04-12 | 6.4 MEDIUM | N/A |
|
Directory traversal vulnerability in the S-Link SLFileManager application 1.2.5 and earlier for Android allows remote attackers to write to files via unspecified vectors.
|
|||||
| CVE-2014-2313 | 2 Atlassian, Microsoft | 2 Jira, Windows | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Directory traversal vulnerability in the Importers plugin in Atlassian JIRA before 6.0.5 allows remote attackers to create arbitrary files via unspecified vectors.
|
|||||
| CVE-2015-4703 | 1 Rename Project | 1 Rename | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Absolute path traversal vulnerability in mysqldump_download.php in the WordPress Rename plugin 1.0 for WordPress allows remote attackers to read arbitrary files via a full pathname in the dumpfname parameter.
|
|||||
| CVE-2016-5664 | 1 Accellion | 1 Kiteworks Appliance | 2025-04-12 | 5.0 MEDIUM | 4.3 MEDIUM |
|
Directory traversal vulnerability on Accellion Kiteworks appliances before kw2016.03.00 allows remote attackers to read files via a crafted URI.
|
|||||
| CVE-2014-0475 | 1 Gnu | 1 Glibc | 2025-04-12 | 6.8 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in GNU C Library (aka glibc or libc6) before 2.20 allow context-dependent attackers to bypass ForceCommand restrictions and possibly have other unspecified impact via a .. (dot dot) in a (1) LC_*, (2) LANG, or other locale environment variable.
|
|||||
| CVE-2014-5181 | 1 Last.fm Rotation Plugin Project | 1 Lastfm-rotation Plugin | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in lastfm-proxy.php in the Last.fm Rotation (lastfm-rotation) plugin 1.0 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the snode parameter.
|
|||||
| CVE-2014-6034 | 1 Zohocorp | 3 Manageengine It360, Manageengine Opmanager, Manageengine Social It Plus | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in the com.me.opmanager.extranet.remote.communication.fw.fe.FileCollector servlet in ZOHO ManageEngine OpManager 8.8 through 11.3, Social IT Plus 11.0, and IT360 10.4 and earlier allows remote attackers or remote authenticated users to write to and execute arbitrary WAR files via a .. (dot dot) in the regionID parameter.
|
|||||
| CVE-2014-10010 | 1 Phpjabbers | 1 Appointment Scheduler | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in PHPJabbers Appointment Scheduler 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter in a pjActionDownload action to the pjBackup controller.
|
|||||
| CVE-2013-5655 | 1 Xiaowen Huang | 1 Yingzhi Python Programming Language | 2025-04-12 | 6.4 MEDIUM | N/A |
|
Directory traversal vulnerability in the FTP server in YingZhi Python Programming Language for iOS 1.9 allows remote attackers to read and possibly write arbitrary files via a .. (dot dot) in the default URI.
|
|||||
| CVE-2013-1604 | 1 Maygion | 1 Ip Camera Firmware | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in MayGion IP Cameras with firmware before 2013.04.22 (05.53) allows remote attackers to read arbitrary files via a .. (dot dot) in the default URI.
|
|||||
| CVE-2014-9238 | 1 D-link | 2 Dcs-2103 Hd Cube Network Camera, Dcs-2103 Hd Cube Network Camera Firmware | 2025-04-12 | 5.0 MEDIUM | N/A |
|
D-link IP camera DCS-2103 with firmware 1.0.0 allows remote attackers to obtain the installation path via the file parameter to cgi-bin/sddownload.cgi, as demonstrated by a / (forward slash) character.
|
|||||
| CVE-2015-4666 | 1 Xceedium | 1 Xsuite | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in opm/read_sessionlog.php in Xceedium Xsuite 2.4.4.5 and earlier allows remote attackers to read arbitrary files via a ....// (quadruple dot double slash) in the logFile parameter.
|
|||||
| CVE-2014-0598 | 1 Novell | 1 Open Enterprise Server | 2025-04-12 | 10.0 HIGH | N/A |
|
Directory traversal vulnerability in iPrint in Novell Open Enterprise Server (OES) 11 SP1 before Maintenance Update 9151 on Linux has unspecified impact and remote attack vectors.
|
|||||
| CVE-2014-5197 | 1 Splunk | 1 Splunk | 2025-04-12 | 4.0 MEDIUM | N/A |
|
Directory traversal vulnerability in (1) Splunk Web or the (2) Splunkd HTTP Server in Splunk Enterprise 6.1.x before 6.1.3 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URI, related to search ids.
|
|||||
| CVE-2015-0552 | 2 Gnome, Opensuse | 2 Gcab, Opensuse | 2025-04-12 | 6.4 MEDIUM | N/A |
|
Directory traversal vulnerability in the gcab_folder_extract function in libgcab/gcab-folder.c in gcab 0.4 allows remote attackers to write to arbitrary files via crafted path in a CAB file, as demonstrated by "\tmp\moo."
|
|||||
| CVE-2014-5111 | 1 Netfortris | 1 Trixbox | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in Fonality trixbox allow remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter to (1) home/index.php, (2) asterisk_info/asterisk_info.php, (3) repo/repo.php, or (4) endpointcfg/endpointcfg.php in maint/modules/.
|
|||||
| CVE-2016-1191 | 1 Cybozu | 1 Garoon | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Directory traversal vulnerability in the Files function in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to modify settings via unspecified vectors.
|
|||||
| CVE-2012-4915 | 2 Davistribe, Wordpress | 2 Google Doc Embedder, Wordpress | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in the Google Doc Embedder plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to libs/pdf.php.
|
|||||
| CVE-2015-5638 | 1 Dena | 1 H20 | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Directory traversal vulnerability in H2O before 1.4.5 and 1.5.x before 1.5.0-beta2, when the file.dir directive is enabled, allows remote attackers to read arbitrary files via a crafted URL.
|
|||||
| CVE-2014-1969 | 1 Apps4u\@android | 1 Sd Card Manager | 2025-04-12 | 5.8 MEDIUM | N/A |
|
Directory traversal vulnerability in the apps4u@android SD Card Manager application before 20140224 for Android allows attackers to overwrite or create arbitrary files via a crafted filename.
|
|||||
| CVE-2015-4040 | 1 F5 | 14 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 11 more | 2025-04-12 | 4.0 MEDIUM | N/A |
|
Directory traversal vulnerability in the configuration utility in F5 BIG-IP before 12.0.0 and Enterprise Manager 3.0.0 through 3.1.1 allows remote authenticated users to access arbitrary files in the web root via unspecified vectors.
|
|||||
| CVE-2014-10037 | 1 Domphp | 1 Domphp | 2025-04-12 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in DomPHP 0.83 and earlier allows remote attackers to have unspecified impact via a .. (dot dot) in the url parameter to photoalbum/index.php.
|
|||||
| CVE-2014-5258 | 1 Webedition | 1 Webedition Cms | 2025-04-12 | 4.0 MEDIUM | N/A |
|
Directory traversal vulnerability in showTempFile.php in webEdition CMS before 6.3.9.0 Beta allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter.
|
|||||
| CVE-2015-1322 | 2 Canonical, Ubuntu | 2 Ubuntu Linux, Network-manager | 2025-04-12 | 4.6 MEDIUM | N/A |
|
Directory traversal vulnerability in the Ubuntu network-manager package for Ubuntu (vivid) before 0.9.10.0-4ubuntu15.1, Ubuntu 14.10 before 0.9.8.8-0ubuntu28.1, and Ubuntu 14.04 LTS before 0.9.8.8-0ubuntu7.1 allows local users to change the modem device configuration or read arbitrary files via a .. (dot dot) in the file name in a request to read modem device contexts (com.canonical.NMOfono.ReadImsiContexts).
|
|||||
| CVE-2015-1000005 | 1 Candidate-application-form Project | 1 Candidate-application-form | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
Remote file download vulnerability in candidate-application-form v1.0 wordpress plugin
|
|||||
| CVE-2014-6394 | 3 Apple, Fedoraproject, Joyent | 3 Xcode, Fedora, Node.js | 2025-04-12 | 7.5 HIGH | N/A |
|
visionmedia send before 0.8.4 for Node.js uses a partial comparison for verifying whether a directory is within the document root, which allows remote attackers to access restricted directories, as demonstrated using "public-restricted" under a "public" directory.
|
|||||
| CVE-2014-4910 | 1 X | 1 Xf86-video-intel | 2025-04-12 | 4.6 MEDIUM | N/A |
|
Directory traversal vulnerability in tools/backlight_helper.c in X.Org xf86-video-intel 2.99.911 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the interface name.
|
|||||
| CVE-2014-6095 | 1 Ibm | 1 Security Identity Manager | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to read arbitrary files via unspecified vectors.
|
|||||
| CVE-2015-7907 | 1 Honeywell | 2 Midas Black Firmware, Midas Firmware | 2025-04-12 | 6.4 MEDIUM | 8.6 HIGH |
|
Directory traversal vulnerability in the web server on Honeywell Midas gas detectors before 1.13b3 and Midas Black gas detectors before 2.13b3 allows remote attackers to bypass authentication, and write to a configuration file or trigger a calibration or test, via unspecified vectors.
|
|||||
| CVE-2014-6155 | 1 Ibm | 1 Websphere Service Registry And Repository | 2025-04-12 | 4.0 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in the ServiceRegistry UI in IBM WebSphere Service Registry and Repository (WSRR) 7.5.x through 7.5.0.4, 8.0.x before 8.0.0.3, and 8.5.x before 8.5.0.1 allow remote authenticated users to read arbitrary files via unspecified vectors.
|
|||||
| CVE-2016-9199 | 1 Cisco | 1 Iox | 2025-04-12 | 6.8 MEDIUM | 6.5 MEDIUM |
|
A vulnerability in the Cisco application-hosting framework (CAF) of Cisco IOx could allow an authenticated, remote attacker to read arbitrary files on a targeted system. Affected Products: This vulnerability affects specific releases of the Cisco IOx subsystem of Cisco IOS and IOS XE Software. More Information: CSCvb23331. Known Affected Releases: 15.2(6.0.57i)E CAF-1.1.0.0.
|
|||||
| CVE-2013-3004 | 1 Ibm | 1 Tivoli Application Dependency Discovery Manager | 2025-04-12 | 3.5 LOW | N/A |
|
Directory traversal vulnerability in BIRT-Report Viewer in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.x and 7.2.x before 7.2.1.5 allows remote authenticated users to read arbitrary files via unspecified vectors.
|
|||||
| CVE-2016-1223 | 1 Trendmicro | 3 Officescan, Worry-free Business Security, Worry-free Business Security Services | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Directory traversal vulnerability in Trend Micro Office Scan 11.0, Worry-Free Business Security Service 5.x, and Worry-Free Business Security 9.0 allows remote attackers to read arbitrary files via unspecified vectors.
|
|||||
| CVE-2014-8084 | 1 Osclass | 1 Osclass | 2025-04-12 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in oc-includes/osclass/controller/ajax.php in OSClass before 3.4.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ajaxfile parameter in a custom action.
|
|||||
| CVE-2014-2324 | 5 Contec, Debian, Lighttpd and 2 more | 7 Sv-cpt-mc310, Sv-cpt-mc310 Firmware, Debian Linux and 4 more | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in (1) mod_evhost and (2) mod_simple_vhost in lighttpd before 1.4.35 allow remote attackers to read arbitrary files via a .. (dot dot) in the host name, related to request_check_hostname.
|
|||||
| CVE-2016-4004 | 1 Dell | 1 Openmanage Server Administrator | 2025-04-12 | 4.0 MEDIUM | 4.9 MEDIUM |
|
Directory traversal vulnerability in Dell OpenManage Server Administrator (OMSA) 8.2 allows remote authenticated administrators to read arbitrary files via a ..\ (dot dot backslash) in the file parameter to ViewFile.
|
|||||
| CVE-2014-6149 | 1 Ibm | 1 Tivoli Application Dependency Discovery Manager | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in BIRT-viewer in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.0.0 through 7.2.0.10, 7.2.1.0 through 7.2.1.6, and 7.2.2.0 through 7.2.2.2 allows remote authenticated users to read arbitrary files via unspecified vectors.
|
|||||