Total
8266 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-4665 | 1 Cutesoft Components | 1 Cute Editor For Asp.net | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in CuteSoft_Client/CuteEditor/Load.ashx in CuteSoft Components Cute Editor for ASP.NET allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
|
|||||
| CVE-2012-4031 | 1 Wangkongbao | 2 Cns-1000, Cns-1100 | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in src/acloglogin.php in Wangkongbao CNS-1000 and 1100 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) lang or (2) langid cookie to port 85.
|
|||||
| CVE-2012-1289 | 1 Sap | 1 Netweaver | 2025-04-11 | 4.0 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in SAP NetWeaver 7.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the logfilename parameter to (1) b2b/admin/log.jsp or (2) b2b/admin/log_view.jsp in the Internet Sales (crm.b2b) component, or (3) ipc/admin/log.jsp or (4) ipc/admin/log_view.jsp in the Application Administration (com.sap.ipc.webapp.ipc) component.
|
|||||
| CVE-2012-0419 | 1 Novell | 1 Groupwise | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in the agent HTTP interfaces in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 allows remote attackers to read arbitrary files via directory traversal sequences in a request.
|
|||||
| CVE-2010-1495 | 2 Joomla, Matamko | 2 Joomla\!, Com Matamko | 2025-04-11 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in the Matamko (com_matamko) component 1.01 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
|||||
| CVE-2009-4986 | 1 In-portal | 1 In-portal | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in index.php in In-Portal 4.3.1, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the env parameter.
|
|||||
| CVE-2010-1858 | 2 Gelembjuk, Joomla | 2 Com Smestorage, Joomla\! | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in the SMEStorage (com_smestorage) component before 1.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.
|
|||||
| CVE-2010-1928 | 1 Openmairie | 1 Openplanning | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in scr/soustab.php in openMairie openPlanning 1.00, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter, a related issue to CVE-2007-2069.
|
|||||
| CVE-2012-0697 | 1 Hp | 1 Storageworks P2000 G3 Msa | 2025-04-11 | 10.0 HIGH | N/A |
|
HP StorageWorks P2000 G3 MSA array systems have a default account, which makes it easier for remote attackers to perform administrative tasks via unspecified vectors, a different vulnerability than CVE-2011-4788.
|
|||||
| CVE-2010-2655 | 1 Ibm | 2 Advanced Management Module, Bladecenter | 2025-04-11 | 4.0 MEDIUM | N/A |
|
Directory traversal vulnerability in private/file_management.php on the IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, allows remote authenticated users to list arbitrary directories and possibly have unspecified other impact via a .. (dot dot) in the DIR parameter.
|
|||||
| CVE-2010-1717 | 1 If Surfalert Project | 1 If Surfalert | 2025-04-11 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in the iF surfALERT (com_if_surfalert) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
|
|||||
| CVE-2009-4816 | 1 Andy Stedemos | 1 The Uploader | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in api/download_checker.php in MegaLab The Uploader 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.
|
|||||
| CVE-2011-5210 | 1 Limny | 1 Limny | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in admin/preview.php in Limny 3.0.0 allows remote attackers to read arbitrary files via a ..%2F (encoded dot dot slash) in the theme parameter.
|
|||||
| CVE-2009-4896 | 1 Mlmmj | 1 Mlmmj | 2025-04-11 | 6.5 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in the mlmmj-php-admin web interface for Mailing List Managing Made Joyful (mlmmj) 1.2.15 through 1.2.17 allow remote authenticated users to overwrite, create, or delete arbitrary files, or determine the existence of arbitrary directories, via a .. (dot dot) in a list name in a (1) edit or (2) save action.
|
|||||
| CVE-2013-1156 | 1 Cisco | 1 Prime Central For Hosted Collaboration Solution | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Cisco Prime Central for Hosted Collaboration Solution allows remote attackers to read arbitrary files via a crafted URL, aka Bug ID CSCud51034.
|
|||||
| CVE-2012-1221 | 1 Rabidhamster | 2 R2\/, R2\/extreme | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in the telnet server in RabidHamster R2/Extreme 1.65 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the File command.
|
|||||
| CVE-2010-0972 | 2 G4j.laoneo, Joomla | 2 Com Gcalendar, Joomla\! | 2025-04-11 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in the GCalendar (com_gcalendar) component 2.1.5 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
|
|||||
| CVE-2012-3360 | 1 Openstack | 2 Essex, Folsom | 2025-04-11 | 5.5 MEDIUM | N/A |
|
Directory traversal vulnerability in virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when used over libvirt-based hypervisors, allows remote authenticated users to write arbitrary files to the disk image via a .. (dot dot) in the path attribute of a file element.
|
|||||
| CVE-2012-4991 | 1 Axway | 1 Securetransport | 2025-04-11 | 8.5 HIGH | N/A |
|
Multiple directory traversal vulnerabilities in Axway SecureTransport 5.1 SP2 and earlier allow remote authenticated users to (1) read, (2) delete, or (3) create files, or (4) list directories, via a ..%5C (encoded dot dot backslash) in a URI.
|
|||||
| CVE-2013-5554 | 1 Cisco | 1 Wide Area Application Services Mobile | 2025-04-11 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in the web-management interface in the server in Cisco Wide Area Application Services (WAAS) Mobile before 3.5.5 allows remote attackers to upload and execute arbitrary files via a crafted POST request, aka Bug ID CSCuh69773.
|
|||||
| CVE-2012-1471 | 1 Ocportal | 1 Ocportal | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in catalogue_file.php in ocPortal before 7.1.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
|
|||||
| CVE-2013-2984 | 1 Ibm | 2 Sterling B2b Integrator, Sterling File Gateway | 2025-04-11 | 6.5 MEDIUM | N/A |
|
Directory traversal vulnerability in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allows remote authenticated users to read or modify files via unspecified vectors.
|
|||||
| CVE-2010-4613 | 1 Hycus | 1 Hycus Cms | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple directory traversal vulnerabilities in Hycus CMS 1.0.3 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the site parameter to (1) index.php and (2) admin.php.
|
|||||
| CVE-2011-0537 | 2 Mediawiki, Microsoft | 2 Mediawiki, Windows | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple directory traversal vulnerabilities in (1) languages/Language.php and (2) includes/StubObject.php in MediaWiki 1.8.0 and other versions before 1.16.2, when running on Windows and possibly Novell Netware, allow remote attackers to include and execute arbitrary local PHP files via vectors related to a crafted language file and the Language::factory function.
|
|||||
| CVE-2013-2068 | 1 Redhat | 1 Cloudforms Management Engine | 2025-04-11 | 9.4 HIGH | N/A |
|
Multiple directory traversal vulnerabilities in the AgentController in Red Hat CloudForms Management Engine 2.0 allow remote attackers to create and overwrite arbitrary files via a .. (dot dot) in the filename parameter to the (1) log, (2) upload, or (3) linuxpkgs method.
|
|||||
| CVE-2013-3661 | 1 Microsoft | 8 Windows 7, Windows 8, Windows Rt and 5 more | 2025-04-11 | 4.9 MEDIUM | N/A |
|
The EPATHOBJ::bFlatten function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not check whether linked-list traversal is continually accessing the same list member, which allows local users to cause a denial of service (infinite traversal) via vectors that trigger a crafted PATHRECORD chain.
|
|||||
| CVE-2010-3102 | 1 3dftp | 1 3d-ftp Client | 2025-04-11 | 9.3 HIGH | N/A |
|
Directory traversal vulnerability in SiteDesigner Technologies, Inc. 3D-FTP Client 9.0 build 2, and probably earlier versions, allows remote FTP servers to write arbitrary files via a "..\" (dot dot backslash) in a filename.
|
|||||
| CVE-2010-2143 | 1 Getsymphony | 1 Symphony | 2025-04-11 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in index.php in Symphony CMS 2.0.7 allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the mode parameter.
|
|||||
| CVE-2010-4801 | 1 Baconmap | 1 Baconmap | 2025-04-11 | 6.0 MEDIUM | N/A |
|
Directory traversal vulnerability in admin/updatelist.php in BaconMap 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the filepath parameter.
|
|||||
| CVE-2009-4679 | 2 Inertialfate, Joomla | 2 Com If Nexus, Joomla\! | 2025-04-11 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in the inertialFATE iF Portfolio Nexus (com_if_nexus) component 1.5 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
|
|||||
| CVE-2010-3100 | 1 Portaplus | 1 Porta\+ Ftp Client | 2025-04-11 | 9.3 HIGH | N/A |
|
Directory traversal vulnerability in Porta+ FTP Client 4.1, and possibly other versions, allows remote FTP servers to overwrite arbitrary files via a directory traversal sequences in a filename.
|
|||||
| CVE-2010-3099 | 1 Smartftp | 1 Smartftp | 2025-04-11 | 9.3 HIGH | N/A |
|
Directory traversal vulnerability in SmartSoft Ltd SmartFTP Client 4.0.1124.0, and possibly other versions before 4.0 Build 1133, allows remote FTP servers to overwrite arbitrary files via a "..\" (dot dot backslash) in a filename. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2013-0544 | 2 Ibm, Linux | 2 Websphere Application Server, Linux Kernel | 2025-04-11 | 4.0 MEDIUM | N/A |
|
Directory traversal vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 on Linux and UNIX allows remote authenticated users to modify data via unspecified vectors.
|
|||||
| CVE-2010-3261 | 1 Rsa | 1 Authentication Agent For Web | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in RSA Authentication Agent 7.0 before P2 for Web allows remote attackers to read unspecified data via unknown vectors.
|
|||||
| CVE-2010-2334 | 1 Yamamah | 1 Yamamah | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in themes/default/download.php in Yamamah Photo Gallery 1.00, as distributed before 20100618, allows remote attackers to read arbitrary files via a .. (dot dot) in the download parameter.
|
|||||
| CVE-2012-0998 | 1 Lepton-cms | 1 Lepton | 2025-04-11 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in account/preferences.php in LEPTON before 1.1.4 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the language parameter.
|
|||||
| CVE-2009-4726 | 1 Olivier Michaud Pierre-yves | 1 Quickdev4php | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in download.php in Quickdev 4 PHP allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
|
|||||
| CVE-2012-6038 | 1 Razorcms | 1 Razorcms | 2025-04-11 | 6.5 MEDIUM | N/A |
|
admin/core/admin_func.php in razorCMS before 1.2.1 does not properly restrict access to certain administrator directories and files, which allows remote authenticated users to read, edit, rename, move, copy and delete files via the (1) dir parameter in a fileman or (2) filemanview action. NOTE: this issue has been referred to as a "path traversal."
|
|||||
| CVE-2011-2508 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-11 | 6.0 MEDIUM | N/A |
|
Directory traversal vulnerability in libraries/display_tbl.lib.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1, when a certain MIME transformation feature is enabled, allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in a GLOBALS[mime_map][$meta->name][transformation] parameter.
|
|||||
| CVE-2012-4347 | 1 Symantec | 1 Messaging Gateway | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in the management console in Symantec Messaging Gateway (SMG) 9.5.x allow remote authenticated users to read arbitrary files via a .. (dot dot) in the (1) logFile parameter in a logs action to brightmail/export or (2) localBackupFileSelection parameter in an APPLIANCE restoreSource action to brightmail/admin/restore/download.do.
|
|||||