Total
8266 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-1063 | 1 Phpkobo | 1 Free Real Estate Contact Form Script | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in Phpkobo Free Real Estate Contact Form 1.09, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the LANG_CODE parameter to (1) codelib/cfg/common.inc.php, (2) form/app/common.inc.php, and (3) staff/app/common.inc.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2010-1478 | 2 Joomla, Ternaria | 2 Joomla\!, Com Jfeedback | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in the Ternaria Informatica Jfeedback! (com_jfeedback) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
|
|||||
| CVE-2010-0967 | 1 Geekhelps | 1 Admp | 2025-04-11 | 5.1 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in Geekhelps ADMP 1.01, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the style parameter to (1) colorvoid/footer.php, (2) default-green/footer.php, (3) default-orange/footer.php, and (4) default/footer.php in themes/. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2010-2850 | 1 Nusoftware | 1 Nubuilder | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in productionnu2/fileuploader.php in nuBuilder 10.04.20, and possibly other versions before 10.07.12, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the dir parameter.
|
|||||
| CVE-2013-4093 | 1 Imperva | 1 Securesphere | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows remote attackers to obtain sensitive information via (1) a direct request to dwr/call/plaincall/AsyncOperationsContainer.getOperationState.dwr, which reveals the installation path in the s0.filePath field, or (2) a T/keyManagement request to plain/settings.html, which reveals a temporary path in an error message.
|
|||||
| CVE-2009-4974 | 1 Sweetphp | 1 Totalcalendar | 2025-04-11 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in box_display.php in TotalCalendar 2.4 allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the box parameter.
|
|||||
| CVE-2013-3043 | 1 Ibm | 2 Rational Software Architect Design Manager, Rhapsody Design Manager | 2025-04-11 | 2.1 LOW | N/A |
|
Directory traversal vulnerability in the client in IBM Rational Software Architect Design Manager and Rhapsody Design Manager 3.x and 4.x before 4.0.5 allows local users to read arbitrary files via vectors involving temporary files.
|
|||||
| CVE-2010-3101 | 1 Ftpx | 1 Ftp Explorer | 2025-04-11 | 9.3 HIGH | N/A |
|
Directory traversal vulnerability in FTPx Corp FTP Explorer 10.5.19.1 for Windows, and probably earlier versions, allows remote FTP servers to write arbitrary files via a "..\" (dot dot backslash) in a filename.
|
|||||
| CVE-2009-4957 | 1 Interspire | 1 Activekb | 2025-04-11 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in loadpanel.php in Interspire ActiveKB allows remote attackers to read arbitrary files and possibly have unspecified other impact via directory traversal sequences in the Panel parameter.
|
|||||
| CVE-2010-1003 | 1 Efrontlearning | 1 Efront | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in www/editor/tiny_mce/langs/language.php in eFront 3.5.x through 3.5.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the langname parameter.
|
|||||
| CVE-2011-2653 | 1 Novell | 1 Zenworks Asset Management | 2025-04-11 | 10.0 HIGH | N/A |
|
Directory traversal vulnerability in the rtrlet component in Novell ZENworks Asset Management (ZAM) 7.5 allows remote attackers to execute arbitrary code by uploading an executable file.
|
|||||
| CVE-2012-5386 | 1 Nicolas Tormo | 1 Phppaleo | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in index.php in phpPaleo 4.8b180 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the phppaleo4_lang cookie, a different vulnerability than CVE-2012-1671. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2011-2780 | 1 Chyrp | 1 Chyrp | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in includes/lib/gz.php in Chyrp 2.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, a different vulnerability than CVE-2011-2744.
|
|||||
| CVE-2011-0966 | 1 Cisco | 1 Ciscoworks Common Services | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in cwhp/auditLog.do in the Homepage Auditing component in Cisco CiscoWorks Common Services 3.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, aka Bug ID CSCto35577.
|
|||||
| CVE-2010-1115 | 1 Comscripts | 1 Web Server Creator Web Portal | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in news/include/customize.php in Web Server Creator - Web Portal 0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the l parameter.
|
|||||
| CVE-2012-0987 | 1 Impresscms | 1 Impresscms | 2025-04-11 | 6.0 MEDIUM | N/A |
|
Directory traversal vulnerability in edituser.php in ImpressCMS 1.2.x before 1.2.7 Final and 1.3.x before 1.3.1 Final allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the icmsConfigPlugins[sanitizer_plugins][] parameter.
|
|||||
| CVE-2012-4997 | 1 Anecms | 1 Anecms | 2025-04-11 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in acp/index.php in AneCMS allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the p parameter.
|
|||||
| CVE-2010-1935 | 1 Openmairie | 1 Openpresse | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in scr/soustab.php in openMairie Openpresse 1.01, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter, a related issue to CVE-2007-2069.
|
|||||
| CVE-2013-4173 | 1 Xymon | 1 Xymon | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in the trend-data daemon (xymond_rrd) in Xymon 4.x before 4.3.12 allows remote attackers to delete arbitrary files via a .. (dot dot) in the host name in a "drophost" command.
|
|||||
| CVE-2012-3011 | 1 Fultek | 1 Wintr Scada | 2025-04-11 | 7.8 HIGH | N/A |
|
Directory traversal vulnerability in the web server in Fultek WinTr Scada 4.0.5 and earlier allows remote attackers to read arbitrary files via a crafted request.
|
|||||
| CVE-2010-0958 | 1 Thomas Perez | 1 Tribisur | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in modules/hayoo/index.php in Tribisur 2.1, 2.0, and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary files via directory traversal sequences in the theme parameter. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2013-5648 | 1 Id | 2 Id-software, Libdigidoc | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Absolute path traversal vulnerability in the handleStartDataFile function in DigiDocSAXParser.c in libdigidoc 3.6.0.0, as used in ID-software before 3.7.2 and other products, allows remote attackers to overwrite arbitrary files via a filename beginning with / (slash) or \ (backslash) in a DDOC file.
|
|||||
| CVE-2010-4731 | 1 Intellicom | 7 Netbiter Easyconnect Ec150, Netbiter Modbus Rtu-tcp Gateway Mb100, Netbiter Nb100 and 4 more | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Absolute path traversal vulnerability in cgi-bin/read.cgi in WebSCADA WS100 and WS200, Easy Connect EC150, Modbus RTU - TCP Gateway MB100, and Serial Ethernet Server SS100 on the IntelliCom NetBiter NB100 and NB200 platforms allows remote authenticated administrators to read arbitrary files via a full pathname in the file parameter, a different vulnerability than CVE-2009-4463.
|
|||||
| CVE-2012-4680 | 1 Ioserver | 1 Ioserver | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Directory traversal vulnerability in the XML Server in IOServer before 1.0.19.0, when the Root Directory pathname lacks a trailing \ (backslash) character, allows remote attackers to read arbitrary files or list arbitrary directories via a .. (dot dot) in a URI.
|
|||||
| CVE-2008-7262 | 1 G.rodola | 1 Pyftpdlib | 2025-04-11 | 6.5 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in FTPServer.py in pyftpdlib before 0.3.0 allow remote authenticated users to access arbitrary files and directories via vectors involving a symlink in a pathname to a (1) CWD, (2) DELE, (3) STOR, or (4) RETR command.
|
|||||
| CVE-2013-4097 | 1 Ds3 | 1 Authentication Server | 2025-04-11 | 5.0 MEDIUM | N/A |
|
ServerAdmin/TestDRConnection.jsp in DS3 Authentication Server allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in a -REG-E-OPEN error message.
|
|||||
| CVE-2010-0287 | 1 Dokuwiki | 1 Dokuwiki | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25b allows remote attackers to list the contents of arbitrary directories via a .. (dot dot) in the ns parameter.
|
|||||
| CVE-2013-5011 | 1 Symantec | 1 Endpoint Protection | 2025-04-11 | 7.2 HIGH | N/A |
|
Unquoted Windows search path vulnerability in the client in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x before 12.1.2 RU2 allows local users to gain privileges via a crafted program in the %SYSTEMDRIVE% directory.
|
|||||
| CVE-2009-2902 | 1 Apache | 1 Tomcat | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
|
|||||
| CVE-2010-2034 | 2 Joomla, Percha | 2 Joomla\!, Com Perchaimageattach | 2025-04-11 | 7.5 HIGH | N/A |
|
Directory traversal vulnerability in the Percha Image Attach (com_perchaimageattach) component 1.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
|
|||||
| CVE-2013-3042 | 1 Ibm | 2 Rational Software Architect Design Manager, Rhapsody Design Manager | 2025-04-11 | 2.1 LOW | N/A |
|
Directory traversal vulnerability in the server in IBM Rational Software Architect Design Manager and Rhapsody Design Manager 3.x and 4.x before 4.0.5 allows local users to read arbitrary files via vectors involving temporary files.
|
|||||
| CVE-2012-2421 | 2 Intuit, Microsoft | 2 Quickbooks, Internet Explorer | 2025-04-11 | 1.8 LOW | N/A |
|
Absolute path traversal vulnerability in the intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, might allow remote attackers to read arbitrary files in ZIP archives via a full pathname in the URI.
|
|||||
| CVE-2013-1167 | 1 Cisco | 9 Asr 1001, Asr 1002, Asr 1002-x and 6 more | 2025-04-11 | 7.1 HIGH | N/A |
|
Cisco IOS XE 3.2 through 3.4 before 3.4.2S, and 3.5, on 1000 series Aggregation Services Routers (ASR), when bridge domain interface (BDI) is enabled, allows remote attackers to cause a denial of service (card reload) via packets that are not properly handled during the processing of encapsulation, aka Bug ID CSCtt11558.
|
|||||
| CVE-2010-1217 | 2 Je Form Creator, Joomla | 2 Je Form Creator, Joomla | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Directory traversal vulnerability in the JE Form Creator (com_jeformcr) component for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via directory traversal sequences in the view parameter to index.php. NOTE: the original researcher states that the affected product is JE Tooltip, not Form Creator; however, the exploit URL suggests that Form Creator is affected.
|
|||||
| CVE-2010-3488 | 1 Houbysoft | 1 Quickshare | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in QuickShare 1.0 allows remote attackers to read arbitrary files via a ... (triple dot) in the URL.
|
|||||
| CVE-2010-0696 | 2 Joomla, Joomlaworks | 2 Joomla, Jw Allvideos | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in includes/download.php in the JoomlaWorks AllVideos (Jw_allVideos) plugin 3.0 through 3.2 for Joomla! allows remote attackers to read arbitrary files via a ./../.../ (modified dot dot) in the file parameter.
|
|||||
| CVE-2010-3863 | 2 Apache, Jsecurity | 2 Shiro, Jsecurity | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.
|
|||||
| CVE-2010-1512 | 1 Tatsuhiro Tsujikawa | 1 Aria2 | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Directory traversal vulnerability in aria2 before 1.9.3 allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file.
|
|||||
| CVE-2011-4596 | 1 Openstack | 1 Nova | 2025-04-11 | 6.0 MEDIUM | N/A |
|
Multiple directory traversal vulnerabilities in OpenStack Nova before 2011.3.1, when the EC2 API and the S3/RegisterImage image-registration method are enabled, allow remote authenticated users to overwrite arbitrary files via a crafted (1) tarball or (2) manifest.
|
|||||
| CVE-2013-3923 | 1 Savysoda | 1 Wifi Free Hd | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in SavySoda WiFi HD Free before 7.0 allows remote attackers to read arbitrary files via a ..%2f (encoded dot dot slash) in a GET request.
|
|||||