Total
8266 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-3305 | 1 Ibm | 1 Websphere Application Server | 2025-04-11 | 6.4 MEDIUM | N/A |
|
Directory traversal vulnerability in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 allows remote attackers to overwrite arbitrary files via a crafted application file.
|
|||||
| CVE-2013-6688 | 1 Cisco | 1 Unified Communications Manager | 2025-04-11 | 6.3 MEDIUM | N/A |
|
Directory traversal vulnerability in the license-upload interface in the Enterprise License Manager (ELM) component in Cisco Unified Communications Manager 9.1(1) and earlier allows remote authenticated users to create arbitrary files via a crafted path, aka Bug ID CSCui58222.
|
|||||
| CVE-2010-1059 | 1 Phpkobo | 1 Address Book Script | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in staff/app/common.inc.php in Phpkobo Address Book Script 1.09, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the LANG_CODE parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2013-0262 | 1 Rack Project | 1 Rack | 2025-04-11 | 4.3 MEDIUM | N/A |
|
rack/file.rb (Rack::File) in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATH_INFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka "symlink path traversals."
|
|||||
| CVE-2011-4712 | 1 Monoxide0184 | 1 Oxide Webserver | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Oxide WebServer allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in an HTTP request.
|
|||||
| CVE-2012-1047 | 1 Cyberoam | 1 Cyberoam Central Console | 2025-04-11 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in the WWWHELP Service (js/html/wwhelp.htm) in Cyberoam Central Console (CCC) 2.00.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the file parameter in an Online_help action.
|
|||||
| CVE-2011-4800 | 1 Solarwinds | 1 Serv-u File Server | 2025-04-11 | 9.0 HIGH | N/A |
|
Directory traversal vulnerability in Serv-U FTP Server before 11.1.0.5 allows remote authenticated users to read and write arbitrary files, and list and create arbitrary directories, via a "..:/" (dot dot colon forward slash) in the (1) list, (2) put, or (3) get commands.
|
|||||
| CVE-2009-4946 | 2 Joomla, Thetricky | 2 Joomla\!, Com Messaging | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in the Messaging (com_messaging) component before 1.5.1 for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the controller parameter in a messages action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2011-1900 | 1 Indusoft | 1 Web Studio | 2025-04-11 | 10.0 HIGH | N/A |
|
Directory traversal vulnerability in NTWebServer in InduSoft Web Studio 6.1 and 7.x before 7.0+Patch 1 allows remote attackers to execute arbitrary code via an invalid request.
|
|||||
| CVE-2013-3921 | 1 Easytimestudio | 1 Easy File Manager | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Easytime Studio Easy File Manager 1.1 for iOS allows remote attackers to read arbitrary files via a ..%2f (encoded dot dot slash) to the default URI.
|
|||||
| CVE-2010-1956 | 2 Joomla, Thefactory | 2 Joomla\!, Com Gadgetfactory | 2025-04-11 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in the Gadget Factory (com_gadgetfactory) component 1.0.0 and 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2011-1099 | 1 Focalmedia.net | 1 Quick Polls | 2025-04-11 | 5.8 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in FocalMedia.Net Quick Polls before 1.0.2 allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the p parameter in a preview action to index.php, or (2) delete arbitrary files via a .. (dot dot) in the p parameter in a delete action to index.php.
|
|||||
| CVE-2010-1577 | 1 Cisco | 2 Content Delivery System, Internet Streamer | 2025-04-11 | 7.8 HIGH | N/A |
|
Directory traversal vulnerability in Cisco Internet Streamer, as used in Cisco Content Delivery System (CDS) 2.2.x, 2.3.x, 2.4.x, and 2.5.x before 2.5.7 allows remote attackers to read arbitrary files via a crafted URL.
|
|||||
| CVE-2013-0895 | 4 Apple, Google, Linux and 1 more | 4 Mac Os X, Chrome, Linux Kernel and 1 more | 2025-04-11 | 7.5 HIGH | N/A |
|
Google Chrome before 25.0.1364.97 on Linux, and before 25.0.1364.99 on Mac OS X, does not properly handle pathnames during copy operations, which might make it easier for remote attackers to execute arbitrary programs via unspecified vectors.
|
|||||
| CVE-2011-4168 | 1 Hp | 1 Managed Printing Administration | 2025-04-11 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in hpmpa/jobDelivery/Default.asp in HP Managed Printing Administration before 2.6.4 allows remote attackers to create arbitrary files via crafted form data.
|
|||||
| CVE-2010-1607 | 2 Joomla, Paysyspro | 2 Joomla\!, Com Wmi | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in wmi.php in the Webmoney Web Merchant Interface (aka WMI or com_wmi) component 1.5.0 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
|
|||||
| CVE-2010-1540 | 2 Joomla, Myblog | 2 Joomla\!, Com Myblog | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in index.php in the MyBlog (com_myblog) component 3.0.329 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the task parameter. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2011-0903 | 1 Awcm-cms | 1 Ar Web Content Manager | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in AR Web Content Manager (AWCM) 2.2 allow remote attackers to read arbitrary files and possibly have other unspecified impact via a .. (dot dot) in the (1) awcm_theme or (2) awcm_lang cookie to (a) index.php or (b) header.php.
|
|||||
| CVE-2010-1848 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2025-04-11 | 6.5 MEDIUM | N/A |
|
Directory traversal vulnerability in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to bypass intended table grants to read field definitions of arbitrary tables, and on 5.1 to read or delete content of arbitrary tables, via a .. (dot dot) in a table name.
|
|||||
| CVE-2010-1475 | 2 Joomla, Ternaria | 2 Joomla\!, Com Preventive | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in the Preventive & Reservation (com_preventive) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
|
|||||
| CVE-2010-2036 | 2 Joomla, Percha | 2 Joomla\!, Com Perchafieldsattach | 2025-04-11 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in the Percha Fields Attach (com_perchafieldsattach) component 1.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
|
|||||
| CVE-2011-3315 | 1 Cisco | 4 Unified Ccx, Unified Communications Manager, Unified Ip Interactive Voice Response and 1 more | 2025-04-11 | 7.8 HIGH | N/A |
|
Directory traversal vulnerability in Cisco Unified Communications Manager (CUCM) 5.x and 6.x before 6.1(5)SU2, 7.x before 7.1(5b)SU2, and 8.x before 8.0(3), and Cisco Unified Contact Center Express (aka Unified CCX or UCCX) and Cisco Unified IP Interactive Voice Response (Unified IP-IVR) before 6.0(1)SR1ES8, 7.0(x) before 7.0(2)ES1, 8.0(x) through 8.0(2)SU3, and 8.5(x) before 8.5(1)SU2, allows remote attackers to read arbitrary files via a crafted URL, aka Bug IDs CSCth09343 and CSCts44049.
|
|||||
| CVE-2013-1627 | 2 Advantech, Indusoft | 2 Advantech Studio, Web Studio | 2025-04-11 | 7.8 HIGH | N/A |
|
Absolute path traversal vulnerability in NTWebServer.exe in Indusoft Studio 7.0 and earlier and Advantech Studio 7.0 and earlier allows remote attackers to read arbitrary files via a full pathname in an argument to the sub_401A90 CreateFileW function.
|
|||||
| CVE-2011-0505 | 1 Remi Jean | 1 Zwii | 2025-04-11 | 5.1 MEDIUM | N/A |
|
Directory traversal vulnerability in system/system.php in Zwii 2.1.1, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the set[template][value] parameter.
|
|||||
| CVE-2010-2006 | 1 Letodms | 1 Letodms | 2025-04-11 | 6.5 MEDIUM | N/A |
|
Directory traversal vulnerability in op/op.Login.php in LetoDMS (formerly MyDMS) 1.7.2 and earlier allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
|
|||||
| CVE-2011-0049 | 1 Mj2 | 1 Majordomo 2 | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in the _list_file_get function in lib/Majordomo.pm in Majordomo 2 before 20110131 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the help command, as demonstrated using (1) a crafted email and (2) cgi-bin/mj_wwwusr in the web interface.
|
|||||
| CVE-2011-2744 | 1 Chyrp | 1 Chyrp | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in Chyrp 2.1 and earlier allows remote attackers to include and execute arbitrary local files via a ..%2F (encoded dot dot slash) in the action parameter to the default URI.
|
|||||
| CVE-2013-2978 | 1 Ibm | 1 Cognos Business Intelligence | 2025-04-11 | 2.1 LOW | N/A |
|
Absolute path traversal vulnerability in the server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1, 10.1.1, 10.2, and 10.2.1 allows remote authenticated users to read files by leveraging the Report Author privilege, a different vulnerability than CVE-2013-2988.
|
|||||
| CVE-2013-2117 | 2 Jason A Donenfeld, Lars Hjemli | 2 Cgit, Cgit | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Directory traversal vulnerability in the cgit_parse_readme function in ui-summary.c in cgit before 0.9.2, when a readme file is set to a filesystem path, allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter.
|
|||||
| CVE-2009-4626 | 1 Phpnagios | 1 Phpnagios | 2025-04-11 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in menu.php in phpNagios 1.2.0 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the conf[lang] parameter.
|
|||||
| CVE-2010-2848 | 2 Gonzalo Maser, Joomla | 2 Com Artforms, Joomla\! | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in assets/captcha/includes/alikon/playcode.php in the InterJoomla ArtForms (com_artforms) component 2.1b7.2 RC2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the l parameter.
|
|||||
| CVE-2012-1918 | 1 Atmail | 1 Atmail Open | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in (1) compose.php and (2) libs/Atmail/SendMsg.php in @Mail WebMail Client in AtMail Open-Source before 1.05 allow remote attackers to read arbitrary files via a .. (dot dot) in the Attachment[] parameter.
|
|||||
| CVE-2010-1571 | 1 Cisco | 3 Customer Response Solution, Unified Contact Center Express, Unified Ip Interactive Voice Response | 2025-04-11 | 7.8 HIGH | N/A |
|
Directory traversal vulnerability in the bootstrap service in Cisco Unified Contact Center Express (UCCX) 7.0 before 7.0(1)SR4 and 7.0(2), unspecified 6.0 versions, and 5.0 before 5.0(2)SR3 allows remote attackers to read arbitrary files via a crafted bootstrap message to TCP port 6295.
|
|||||
| CVE-2010-2018 | 1 Bukulokomedia | 1 Lokomedia Cms | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in downlot.php in Lokomedia CMS 1.4.1 and 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
|
|||||
| CVE-2011-0497 | 1 Sybase | 4 Appeon For Powerbuilder, Easerver, Replication Server and 1 more | 2025-04-11 | 7.8 HIGH | N/A |
|
Directory traversal vulnerability in Sybase EAServer 6.x before 6.3 ESD#2, as used in Appeon, Replication Server Messaging Edition (RSME), and WorkSpace, allows remote attackers to read arbitrary files via "../\" (dot dot forward-slash backslash) sequences in a crafted request.
|
|||||
| CVE-2010-1715 | 2 Joomla, Pucit.edu | 2 Joomla\!, Com Onlineexam | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in the Online Examination (aka Online Exam or com_onlineexam) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2011-5219 | 1 Mpdf1 | 1 Mpdf | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in examples/show_code.php in mPDF 5.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.
|
|||||
| CVE-2010-0348 | 1 C-3.co.jp | 1 Webcalenderc3 | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in C3 Corp. WebCalenderC3 0.32 and earlier allows remote attackers to read arbitrary files via unknown vectors.
|
|||||
| CVE-2011-1572 | 1 Gitolite | 1 Gitolite | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in the Admin Defined Commands (ADC) feature in gitolite before 1.5.9.1 allows remote attackers to execute arbitrary commands via .. (dot dot) sequences in admin-defined commands.
|
|||||
| CVE-2012-1024 | 1 Dream-multimedia-tv | 1 Enigma2 Webinterface | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in file in Enigma2 Webinterface 1.5rc1 and 1.5beta4 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
|
|||||