Total
8266 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-100002 | 1 Zohocorp | 1 Manageengine Supportcenter Plus | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in ManageEngine SupportCenter Plus 7.9 before 7917 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the attach parameter to WorkOrder.do in the file attachment for a new ticket.
|
|||||
| CVE-2016-5098 | 2 Opensuse, Phpmyadmin | 2 Opensuse, Phpmyadmin | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Directory traversal vulnerability in libraries/error_report.lib.php in phpMyAdmin before 4.6.2-prerelease allows remote attackers to determine the existence of arbitrary files by triggering an error.
|
|||||
| CVE-2014-1836 | 1 Impresscms | 1 Impresscms | 2025-04-12 | 6.4 MEDIUM | N/A |
|
Absolute path traversal vulnerability in htdocs/libraries/image-editor/image-edit.php in ImpressCMS before 1.3.6 allows remote attackers to delete arbitrary files via a full pathname in the image_path parameter in a cancel action.
|
|||||
| CVE-2014-4507 | 1 Theforeman | 1 Foreman | 2025-04-12 | 6.4 MEDIUM | N/A |
|
Directory traversal vulnerability in Smart-Proxy in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the dst parameter to tftp/fetch_boot_file.
|
|||||
| CVE-2013-6720 | 1 Ibm | 1 Tealeaf Cx | 2025-04-12 | 5.5 MEDIUM | N/A |
|
Directory traversal vulnerability in download.php in the Passive Capture Application (PCA) web console in IBM Tealeaf CX 7.x, 8.x through 8.6, 8.7 before FP2, and 8.8 before FP2 allows remote authenticated users to bypass intended access restrictions via a .. (dot dot) in the log parameter, as demonstrated using a crafted request for a customer-support file, as demonstrated by a log file.
|
|||||
| CVE-2016-1000112 | 1 Contussupport | 1 Contus-video-comments | 2025-04-12 | 9.4 HIGH | 9.1 CRITICAL |
|
Unauthenticated remote .jpg file upload in contus-video-comments v1.0 wordpress plugin
|
|||||
| CVE-2015-1191 | 1 Zlib | 1 Pigz | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in pigz 2.3.1 allow remote attackers to write to arbitrary files via a (1) full pathname or (2) .. (dot dot) in an archive.
|
|||||
| CVE-2014-4306 | 1 Webtitan | 1 Webtitan | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in logs-x.php in WebTitan before 4.04 allows remote attackers to read arbitrary files via a .. (dot dot) in the logfile parameter in a download action.
|
|||||
| CVE-2015-3301 | 1 Thecartpress | 1 Thecartpress Ecommerce Shopping Cart | 2025-04-12 | 4.0 MEDIUM | N/A |
|
Directory traversal vulnerability in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote administrators to read arbitrary files via a .. (dot dot) in the tcp_box_path parameter in the checkout_editor_settings page to wp-admin/admin.php.
|
|||||
| CVE-2010-5324 | 1 Novell | 1 Zenworks Configuration Management | 2025-04-12 | 10.0 HIGH | N/A |
|
Directory traversal vulnerability in UploadServlet in the Remote Management component in Novell ZENworks Configuration Management (ZCM) 10 before 10.3 allows remote attackers to execute arbitrary code via a zenworks-fileupload request with a crafted directory name in the type parameter, in conjunction with a WAR filename in the filename parameter and WAR content in the POST data, a different vulnerability than CVE-2010-5323.
|
|||||
| CVE-2014-8727 | 1 F5 | 1 Big-ip Local Traffic Manager | 2025-04-12 | 6.2 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in F5 BIG-IP before 10.2.2 allow local users with the "Resource Administrator" or "Administrator" role to enumerate and delete arbitrary files via a .. (dot dot) in the name parameter to (1) tmui/Control/jspmap/tmui/system/archive/properties.jsp or (2) tmui/Control/form.
|
|||||
| CVE-2015-1087 | 1 Apple | 1 Iphone Os | 2025-04-12 | 2.1 LOW | N/A |
|
Directory traversal vulnerability in Backup in Apple iOS before 8.3 allows attackers to read arbitrary files via a crafted relative path.
|
|||||
| CVE-2014-9119 | 1 Db Backup Project | 1 Db Backup | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in download.php in the DB Backup plugin 4.5 and earlier for Wordpress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
|
|||||
| CVE-2014-6154 | 3 Ibm, Linux, Microsoft | 3 Optim Performance Manager, Linux Kernel, Windows | 2025-04-12 | 7.8 HIGH | N/A |
|
Directory traversal vulnerability in IBM Optim Performance Manager for DB2 4.1.0.1 through 4.1.1 on Linux, UNIX, and Windows and IBM InfoSphere Optim Performance Manager for DB2 5.1 through 5.3.1 on Linux, UNIX, and Windows allows remote attackers to access arbitrary files via a .. (dot dot) in a URL.
|
|||||
| CVE-2014-3697 | 1 Pidgin | 1 Pidgin | 2025-04-12 | 6.4 MEDIUM | N/A |
|
Absolute path traversal vulnerability in the untar_block function in win32/untar.c in Pidgin before 2.10.10 on Windows allows remote attackers to write to arbitrary files via a drive name in a tar archive of a smiley theme.
|
|||||
| CVE-2015-6459 | 1 Ge | 1 Mds Pulsenet | 2025-04-12 | 10.0 HIGH | N/A |
|
Absolute path traversal vulnerability in the download feature in FileDownloadServlet in GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise before 3.1.5 allows remote attackers to read or delete arbitrary files via a full pathname.
|
|||||
| CVE-2014-3227 | 1 Debian | 1 Dpkg | 2025-04-12 | 6.4 MEDIUM | N/A |
|
dpkg 1.15.9, 1.16.x before 1.16.14, and 1.17.x before 1.17.9 expect the patch program to be compliant with a need for the "C-style encoded filenames" feature, but is supported in environments with noncompliant patch programs, which triggers an interaction error that allows remote attackers to conduct directory traversal attacks and modify files outside of the intended directories via a crafted source package. NOTE: this vulnerability exists because of reliance on unrealistic constraints on the b ...
Show More |
|||||
| CVE-2015-2862 | 1 Kaseya | 1 Virtual System Administrator | 2025-04-12 | 4.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 allows remote authenticated users to read arbitrary files via a crafted HTTP request.
|
|||||
| CVE-2015-7250 | 1 Zte | 2 Zxhn H108n R1a, Zxhn H108n R1a Firmware | 2025-04-12 | 7.8 HIGH | 7.5 HIGH |
|
Absolute path traversal vulnerability in cgi-bin/webproc on ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allows remote attackers to read arbitrary files via a full pathname in the getpage parameter.
|
|||||
| CVE-2014-8360 | 1 Glpi-project | 1 Glpi | 2025-04-12 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in inc/autoload.function.php in GLPI before 0.84.8 allows remote attackers to include and execute arbitrary local files via a .._ (dot dot underscore) in an item type to the getItemForItemtype, as demonstrated by the itemtype parameter in ajax/common.tabs.php.
|
|||||
| CVE-2015-0878 | 1 Almail | 1 Al-mail32 | 2025-04-12 | 5.8 MEDIUM | N/A |
|
Directory traversal vulnerability in CREAR AL-Mail32 before 1.13d allows remote attackers to write to arbitrary files via a crafted filename of an attachment.
|
|||||
| CVE-2014-3127 | 1 Debian | 1 Dpkg | 2025-04-12 | 7.1 HIGH | N/A |
|
dpkg 1.15.9 on Debian squeeze introduces support for the "C-style encoded filenames" feature without recognizing that the squeeze patch program lacks this feature, which triggers an interaction error that allows remote attackers to conduct directory traversal attacks and modify files outside of the intended directories via a crafted source package. NOTE: this can be considered a release engineering problem in the effort to fix CVE-2014-0471.
|
|||||
| CVE-2014-5370 | 1 New Atlanta | 1 Bluedragon | 2025-04-12 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in the CFChart servlet (com.naryx.tagfusion.cfm.cfchartServlet) in New Atlanta BlueDragon before 7.1.1.18527 allows remote attackers to read or possibly delete arbitrary files via a .. (dot dot) in the QUERY_STRING to cfchart.cfchart.
|
|||||
| CVE-2015-5662 | 1 Avast | 1 Avast Antivirus | 2025-04-12 | 6.4 MEDIUM | N/A |
|
Directory traversal vulnerability in Avast before 150918-0 allows remote attackers to delete or write to arbitrary files via a crafted entry in a ZIP archive.
|
|||||
| CVE-2015-6500 | 1 Owncloud | 1 Owncloud Server | 2025-04-12 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in ownCloud Server before 8.0.6 and 8.1.x before 8.1.1 allows remote authenticated users to list directory contents and possibly cause a denial of service (CPU consumption) via a .. (dot dot) in the dir parameter to index.php/apps/files/ajax/scan.php.
|
|||||
| CVE-2016-1593 | 1 Novell | 1 Service Desk | 2025-04-12 | 6.5 MEDIUM | 7.2 HIGH |
|
Directory traversal vulnerability in the import users feature in Micro Focus Novell Service Desk before 7.2 allows remote authenticated administrators to upload and execute arbitrary JSP files via a .. (dot dot) in a filename within a multipart/form-data POST request to a LiveTime.woa URL.
|
|||||
| CVE-2014-2536 | 2 Intel, Mcafee | 3 Expressway Cloud Access 360, Cloud Identity Manager, Cloud Single Sign On | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Directory traversal vulnerability in McAfee Cloud Identity Manager 3.0, 3.1, and 3.5.1, McAfee Cloud Single Sign On (MCSSO) before 4.0.1, and Intel Expressway Cloud Access 360-SSO 2.1 and 2.5 allows remote authenticated users to read an unspecified file containing a hash of the administrator password via unknown vectors.
|
|||||
| CVE-2014-7818 | 2 Opensuse, Rubyonrails | 3 Opensuse, Rails, Ruby On Rails | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.20, 4.0.x before 4.0.11, 4.1.x before 4.1.7, and 4.2.x before 4.2.0.beta3, when serve_static_assets is enabled, allows remote attackers to determine the existence of files outside the application root via a /..%2F sequence.
|
|||||
| CVE-2014-3323 | 1 Cisco | 1 Unified Contact Center Enterprise | 2025-04-12 | 4.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Cisco Unified Contact Center Enterprise allows remote authenticated users to read arbitrary web-root files via a crafted URL, aka Bug ID CSCun25262.
|
|||||
| CVE-2014-3865 | 1 Debian | 1 Dpkg-dev | 2025-04-12 | 6.4 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in dpkg-source in dpkg-dev 1.3.0 allow remote attackers to modify files outside of the intended directories via a source package with a crafted Index: pseudo-header in conjunction with (1) missing --- and +++ header lines or (2) a +++ header line with a blank pathname.
|
|||||
| CVE-2015-2775 | 4 Canonical, Debian, Gnu and 1 more | 4 Ubuntu Linux, Debian Linux, Mailman and 1 more | 2025-04-12 | 7.6 HIGH | N/A |
|
Directory traversal vulnerability in GNU Mailman before 2.1.20, when not using a static alias, allows remote attackers to execute arbitrary files via a .. (dot dot) in a list name.
|
|||||
| CVE-2014-1715 | 4 Apple, Google, Linux and 1 more | 4 Mac Os X, Chrome, Linux Kernel and 1 more | 2025-04-12 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows has unspecified impact and attack vectors.
|
|||||
| CVE-2015-5688 | 1 Geddyjs | 1 Geddy | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in lib/app/index.js in Geddy before 13.0.8 for Node.js allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the PATH_INFO to the default URI.
|
|||||
| CVE-2016-9208 | 1 Cisco | 1 Emergency Responder | 2025-04-12 | 4.0 MEDIUM | 6.5 MEDIUM |
|
A vulnerability in the File Management Utility, the Download File form, and the Serviceability application of Cisco Emergency Responder could allow an authenticated, remote attacker to access files in arbitrary locations on the file system of an affected device. More Information: CSCva98951 CSCva98954 CSCvb57494. Known Affected Releases: 11.5(2.10000.5). Known Fixed Releases: 12.0(0.98000.14) 12.0(0.98000.16).
|
|||||
| CVE-2015-7006 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2025-04-12 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in the BOM (aka Bill of Materials) component in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code via a crafted CPIO archive.
|
|||||
| CVE-2015-6833 | 1 Php | 1 Php | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
Directory traversal vulnerability in the PharData class in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to write to arbitrary files via a .. (dot dot) in a ZIP archive entry that is mishandled during an extractTo call.
|
|||||
| CVE-2016-4814 | 1 Gsi | 1 Old Gsi Maps | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
Directory traversal vulnerability in kml2jsonp.php in Geospatial Information Authority of Japan (aka GSI) Old_GSI_Maps before January 2015 on Windows allows remote attackers to read arbitrary files via unspecified vectors.
|
|||||
| CVE-2014-100029 | 1 Ganesha Digital Library Project | 1 Ganesha Digital Library | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in class/session.php in Ganesha Digital Library (GDL) 4.2 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) newlang or (2) newtheme parameter.
|
|||||
| CVE-2015-2995 | 1 Sysaid | 1 Sysaid | 2025-04-12 | 6.8 MEDIUM | N/A |
|
The RdsLogsEntry servlet in SysAid Help Desk before 15.2 does not properly check file extensions, which allows remote attackers to upload and execute arbitrary files via a NULL byte after the extension, as demonstrated by a .war%00 file.
|
|||||
| CVE-2014-4384 | 1 Apple | 1 Iphone Os | 2025-04-12 | 1.9 LOW | N/A |
|
Directory traversal vulnerability in the App Installation feature in Apple iOS before 8 allows local users to install unverified apps by triggering code-signature validation of an unintended bundle.
|
|||||