Total
8266 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-9181 | 1 Plex | 1 Media Server | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in Plex Media Server before 0.9.9.3 allow remote attackers to read arbitrary files via a .. (dot dot) in the URI to (1) manage/ or (2) web/ or remote authenticated users to read arbitrary files via a .. (dot dot) in the URI to resources/.
|
|||||
| CVE-2014-9373 | 1 Manageengine | 1 Netflow Analyzer | 2025-04-12 | 10.0 HIGH | N/A |
|
Directory traversal vulnerability in the CollectorConfInfoServlet servlet in ManageEngine NetFlow Analyzer allows remote attackers to execute arbitrary code via a .. (dot dot) in the filename.
|
|||||
| CVE-2011-5310 | 1 Cherry-design | 1 Wikipad | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in pages.php in Wikipad 1.6.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter.
|
|||||
| CVE-2016-7116 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2025-04-12 | 2.1 LOW | 6.0 MEDIUM |
|
Directory traversal vulnerability in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to access host files outside the export path via a .. (dot dot) in an unspecified string.
|
|||||
| CVE-2015-4641 | 2 Samsung, Swiftkey | 5 Galaxy S4, Galaxy S4 Mini, Galaxy S5 and 2 more | 2025-04-12 | 6.4 MEDIUM | N/A |
|
Directory traversal vulnerability in the SwiftKey language-pack update implementation on Samsung Galaxy S4, S4 Mini, S5, and S6 devices allows remote web servers to write to arbitrary files, and consequently execute arbitrary code in a privileged context, by leveraging control of the skslm.swiftkey.net domain name and providing a .. (dot dot) in an entry in a ZIP archive, as demonstrated by a traversal to the /data/dalvik-cache directory.
|
|||||
| CVE-2016-8280 | 1 Huawei | 1 Esight | 2025-04-12 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Directory traversal vulnerability in Huawei eSight before V300R003C20SPC005 allows remote authenticated users to read arbitrary files via unspecified vectors.
|
|||||
| CVE-2015-5472 | 1 Ibs Mappro Project | 1 Ibs Mappro | 2025-04-12 | 7.8 HIGH | N/A |
|
Absolute path traversal vulnerability in lib/download.php in the IBS Mappro plugin before 1.0 for WordPress allows remote attackers to read arbitrary files via a full pathname in the file parameter.
|
|||||
| CVE-2016-10038 | 1 Modx | 1 Modx Revolution | 2025-04-12 | 7.5 HIGH | 7.3 HIGH |
|
Directory traversal in /connectors/index.php in MODX Revolution before 2.5.2-pl allows remote attackers to perform local file inclusion/traversal/manipulation via a crafted dir parameter, related to browser/directory/remove.
|
|||||
| CVE-2014-1973 | 1 Nextapp | 1 File Explorer | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in the NextApp File Explorer application before 2.1.0.3 for Android allows remote attackers to overwrite or create arbitrary files via a crafted filename.
|
|||||
| CVE-2014-3864 | 1 Debian | 1 Dpkg-dev | 2025-04-12 | 6.4 MEDIUM | N/A |
|
Directory traversal vulnerability in dpkg-source in dpkg-dev 1.3.0 allows remote attackers to modify files outside of the intended directories via a crafted source package that lacks a --- header line.
|
|||||
| CVE-2014-6222 | 1 Ibm | 1 Marketing Operations | 2025-04-12 | 4.0 MEDIUM | N/A |
|
Directory traversal vulnerability in IBM Marketing Operations 7.x and 8.x before 8.5.0.7.2, 8.6.x before 8.6.0.8, 9.0.x before 9.0.0.4.1, 9.1.0.x before 9.1.0.5, and 9.1.1.x before 9.1.1.2 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URL.
|
|||||
| CVE-2013-3304 | 1 Dell | 1 Equallogic Ps4000 Firmware | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Dell EqualLogic PS4000 with firmware 6.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the default URI.
|
|||||
| CVE-2016-2205 | 1 Symantec | 2 Workspace Streaming, Workspace Virtualization | 2025-04-12 | 6.1 MEDIUM | 5.7 MEDIUM |
|
Directory traversal vulnerability in the file-download configuration file in the management console in Symantec Workspace Streaming (SWS) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 and Symantec Workspace Virtualization (SWV) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 allows remote authenticated users to read unspecified application files via unknown vectors.
|
|||||
| CVE-2014-2858 | 1 Gopivotal | 2 Grails, Grails-resources | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in the Resources plugin 1.0.0 before 1.2.6 for Pivotal Grails 2.0.0 through 2.3.6 allows remote attackers to obtain sensitive information via unspecified vectors related to a "configured block." NOTE: this issue was SPLIT from CVE-2014-0053 per ADT2 due to different vulnerability types.
|
|||||
| CVE-2015-8798 | 1 Broadcom | 5 Symantec Critical System Protection, Symantec Data Center Security Server, Symantec Data Center Security Server And Agents and 2 more | 2025-04-12 | 7.7 HIGH | 8.0 HIGH |
|
Directory traversal vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allows remote authe ...
Show More |
|||||
| CVE-2015-5149 | 1 Zohocorp | 1 Manageengine Supportcenter Plus | 2025-04-12 | 5.5 MEDIUM | N/A |
|
Directory traversal vulnerability in Zoho ManageEngine SupportCenter Plus 7.90 allows remote authenticated users to write to arbitrary files via a .. (dot dot) in the component parameter in the Request component to workorder/Attachment.jsp.
|
|||||
| CVE-2016-1610 | 1 Novell | 1 Filr | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
Directory traversal vulnerability in the email-template feature in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allows remote attackers to bypass intended access restrictions and write to arbitrary files via a .. (dot dot) in a blob name.
|
|||||
| CVE-2016-0855 | 1 Advantech | 1 Webaccess | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
Directory traversal vulnerability in Advantech WebAccess before 8.1 allows remote attackers to list arbitrary virtual-directory files via unspecified vectors.
|
|||||
| CVE-2016-0709 | 1 Apache | 1 Jetspeed | 2025-04-12 | 9.0 HIGH | 7.2 HIGH |
|
Directory traversal vulnerability in the Import/Export function in the Portal Site Manager in Apache Jetspeed before 2.3.1 allows remote authenticated administrators to write to arbitrary files, and consequently execute arbitrary code, via a .. (dot dot) in a ZIP archive entry, as demonstrated by "../../webapps/x.jsp."
|
|||||
| CVE-2015-1884 | 1 Ibm | 2 Business Process Manager, Websphere | 2025-04-12 | 4.0 MEDIUM | N/A |
|
Directory traversal vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 and WebSphere Lombardi Edition (WLE) 7.2 through 7.2.0.5 allows remote authenticated users to read arbitrary files via a crafted internationalization-file URL.
|
|||||
| CVE-2015-3939 | 1 Ids | 3 Ids Rtu 850c, Nc854, Nc856 | 2025-04-12 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in the NC854 and NC856 modules for IDS RTU 850C devices allows remote authenticated users to read arbitrary files via unspecified vectors involving an internal web server, as demonstrated by reading a TELNET credentials file.
|
|||||
| CVE-2014-3319 | 1 Cisco | 1 Unified Communications Manager | 2025-04-12 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in the Real-Time Monitoring Tool (RTMT) in Cisco Unified Communications Manager (CM) 10.0(1) allows remote authenticated users to read arbitrary files via a crafted URL, aka Bug ID CSCup57676.
|
|||||
| CVE-2014-3664 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | 4.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Overall/READ permission to read arbitrary files via unspecified vectors.
|
|||||
| CVE-2016-1192 | 1 Cybozu | 1 Garoon | 2025-04-12 | 4.0 MEDIUM | 4.3 MEDIUM |
|
Directory traversal vulnerability in the logging implementation in Cybozu Garoon 3.7 through 4.2 allows remote authenticated users to read a log file via unspecified vectors.
|
|||||
| CVE-2015-5482 | 1 Dev4press | 1 Gd Bbpress Attachments | 2025-04-12 | 4.0 MEDIUM | N/A |
|
Directory traversal vulnerability in the GD bbPress Attachments plugin before 2.3 for WordPress allows remote administrators to include and execute arbitrary local files via a .. (dot dot) in the tab parameter in the gdbbpress_attachments page to wp-admin/edit.php.
|
|||||
| CVE-2015-8564 | 1 Joomla | 1 Joomla\! | 2025-04-12 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in Joomla! 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via directory traversal sequences in the XML install file in an extension package archive.
|
|||||
| CVE-2015-8799 | 1 Broadcom | 5 Symantec Critical System Protection, Symantec Data Center Security Server, Symantec Data Center Security Server And Agents and 2 more | 2025-04-12 | 7.1 HIGH | 7.6 HIGH |
|
Directory traversal vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allows remote authe ...
Show More |
|||||
| CVE-2016-8343 | 1 Indasengineering | 1 Web Scada | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
Directory traversal vulnerability in INDAS Web SCADA before 3 allows remote attackers to read arbitrary files via unspecified vectors.
|
|||||
| CVE-2016-6371 | 1 Cisco | 1 Hosted Collaboration Mediation Fulfillment | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
Directory traversal vulnerability in the web interface in Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) 10.6(3) and earlier allows remote attackers to write to arbitrary files via a crafted URL, aka Bug ID CSCuz64717.
|
|||||
| CVE-2013-3295 | 1 Exponentcms | 1 Exponent Cms | 2025-04-12 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in install/popup.php in Exponent CMS before 2.2.0 RC1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.
|
|||||
| CVE-2015-0550 | 1 Emc | 1 Documentum Thumbnail Server | 2025-04-12 | 8.5 HIGH | N/A |
|
Directory traversal vulnerability in EMC Documentum Thumbnail Server 6.7SP1 before P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P01 allows remote attackers to bypass intended Content Server access restrictions via unspecified vectors.
|
|||||
| CVE-2011-4821 | 1 Dlink | 2 Dir-601, Dir-601 Firmware | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in the TFTP server in D-Link DIR-601 Wireless N150 Home Router with firmware 1.02NA allows remote attackers to read arbitrary files via unspecified vectors.
|
|||||
| CVE-2012-3521 | 1 Qbnz | 1 Geshi | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in the cssgen contrib module in GeSHi before 1.0.8.11 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) geshi-path or (2) geshi-lang-path parameter.
|
|||||
| CVE-2015-5174 | 3 Apache, Canonical, Debian | 3 Tomcat, Ubuntu Linux, Debian Linux | 2025-04-12 | 4.0 MEDIUM | 4.3 MEDIUM |
|
Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory.
|
|||||
| CVE-2015-1000006 | 1 Recent-backups Project | 1 Recent-backups | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
Remote file download vulnerability in recent-backups v0.7 wordpress plugin
|
|||||
| CVE-2016-6232 | 2 Canonical, Kde | 2 Ubuntu Linux, Karchives | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
Directory traversal vulnerability in KArchive before 5.24, as used in KDE Frameworks, allows remote attackers to write to arbitrary files via a ../ (dot dot slash) in a filename in an archive file, related to KNewsstuff downloads.
|
|||||
| CVE-2014-8961 | 2 Opensuse, Phpmyadmin | 2 Opensuse, Phpmyadmin | 2025-04-12 | 4.0 MEDIUM | N/A |
|
Directory traversal vulnerability in libraries/error_report.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users to obtain potentially sensitive information about a file's line count via a crafted parameter.
|
|||||
| CVE-2015-4153 | 1 Zanematthew | 1 Zm Ajax Login \& Register | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in the zM Ajax Login & Register plugin before 1.1.0 for WordPress allows remote attackers to include and execute arbitrary php files via a relative path in the template parameter in a load_template action to wp-admin/admin-ajax.php.
|
|||||
| CVE-2014-3914 | 1 Rocketsoftware | 1 Rocket Servergraph | 2025-04-12 | 10.0 HIGH | N/A |
|
Directory traversal vulnerability in the Admin Center for Tivoli Storage Manager (TSM) in Rocket ServerGraph 1.2 allows remote attackers to (1) create arbitrary files via a .. (dot dot) in the query parameter in a writeDataFile action to the fileRequestor servlet, execute arbitrary files via a .. (dot dot) in the query parameter in a (2) run or (3) runClear action to the fileRequestor servlet, (4) read arbitrary files via a readDataFile action to the fileRequestor servlet, (5) execute arbitrary ...
Show More |
|||||
| CVE-2014-1970 | 2 Estrongs, Google | 2 Es File Explorer, Android | 2025-04-12 | 5.8 MEDIUM | N/A |
|
Directory traversal vulnerability in the ES File Explorer File Manager application before 3.0.4 for Android allows remote attackers to overwrite or create arbitrary files via unspecified vectors.
|
|||||