Search
Total
1863 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-7683 | 1 Font Project | 1 Font | 2018-10-09 | 4.0 MEDIUM | N/A |
| Absolute path traversal vulnerability in Font.php in the Font plugin before 7.5.1 for WordPress allows remote administrators to read arbitrary files via a full pathname in the url parameter to AjaxProxy.php. | |||||
| CVE-2015-8358 | 1 Bitrix | 1 Mpbuilder | 2018-10-09 | 9.0 HIGH | N/A |
| Directory traversal vulnerability in the bitrix.mpbuilder module before 1.0.12 for Bitrix allows remote administrators to include and execute arbitrary local files via a .. (dot dot) in the element name of the "work" array parameter to admin/bitrix.mpbuilder_step2.php. | |||||
| CVE-2015-7372 | 1 Revive-adserver | 1 Revive Adserver | 2018-10-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in delivery-dev/al.php in Revive Adserver before 3.2.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the layerstyle parameter. | |||||
| CVE-2015-5353 | 1 Novius-os | 1 Novius Os | 2018-10-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in Novius OS 5.0.1 (Elche) allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tab parameter to admin/. | |||||
| CVE-2015-4670 | 1 Devexpress | 1 Ajax Control Toolkit | 2018-10-09 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in the AjaxFileUpload control in DevExpress AJAX Control Toolkit (aka AjaxControlToolkit) before 15.1 allows remote attackers to write to arbitrary files via a .. (dot dot) in the fileId parameter to AjaxFileUploadHandler.axd. | |||||
| CVE-2015-5531 | 1 Elasticsearch | 1 Elasticsearch | 2018-10-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Elasticsearch before 1.6.1 allows remote attackers to read arbitrary files via unspecified vectors related to snapshot API calls. | |||||
| CVE-2015-4616 | 1 Easy2map Project | 1 Easy2map | 2018-10-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in includes/MapPinImageSave.php in the Easy2Map plugin before 1.2.5 for WordPress allows remote attackers to create arbitrary files via a .. (dot dot) in the map_id parameter. | |||||
| CVE-2015-4415 | 1 Magnifica Webscripts | 1 Anima Gallery | 2018-10-09 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in func.php in Magnifica Webscripts Anima Gallery 2.6 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) theme or (2) lang cookie parameter to AnimaGallery/. | |||||
| CVE-2015-4153 | 1 Zanematthew | 1 Zm Ajax Login \& Register | 2018-10-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the zM Ajax Login & Register plugin before 1.1.0 for WordPress allows remote attackers to include and execute arbitrary php files via a relative path in the template parameter in a load_template action to wp-admin/admin-ajax.php. | |||||
| CVE-2015-3301 | 1 Thecartpress | 1 Thecartpress Ecommerce Shopping Cart | 2018-10-09 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote administrators to read arbitrary files via a .. (dot dot) in the tcp_box_path parameter in the checkout_editor_settings page to wp-admin/admin.php. | |||||
| CVE-2015-3648 | 1 Montala | 1 Resourcespace | 2018-10-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in pages/setup.php in Montala Limited ResourceSpace before 7.2.6727 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the defaultlanguage parameter. | |||||
| CVE-2015-3035 | 1 Tp-link | 26 Archer C5 \(1.2\), Archer C5 \(1.2\) Firmware, Archer C7 \(2.0\) and 23 more | 2018-10-09 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in TP-LINK Archer C5 (1.2) with firmware before 150317, C7 (2.0) with firmware before 150304, and C8 (1.0) with firmware before 150316, Archer C9 (1.0), TL-WDR3500 (1.0), TL-WDR3600 (1.0), and TL-WDR4300 (1.0) with firmware before 150302, TL-WR740N (5.0) and TL-WR741ND (5.0) with firmware before 150312, and TL-WR841N (9.0), TL-WR841N (10.0), TL-WR841ND (9.0), and TL-WR841ND (10.0) with firmware before 150310 allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to login/. | |||||
| CVE-2015-3897 | 1 Bonitasoft | 1 Bonita Bpm Portal | 2018-10-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Bonita BPM Portal before 6.5.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the theme parameter and a file path in the location parameter to bonita/portal/themeResource. | |||||
| CVE-2015-2996 | 1 Sysaid | 1 Sysaid | 2018-10-09 | 8.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in SysAid Help Desk before 15.2 allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the fileName parameter to getGfiUpgradeFile or (2) cause a denial of service (CPU and memory consumption) via a .. (dot dot) in the fileName parameter to calculateRdsFileChecksum. | |||||
| CVE-2015-2995 | 1 Sysaid | 1 Sysaid | 2018-10-09 | 6.8 MEDIUM | N/A |
| The RdsLogsEntry servlet in SysAid Help Desk before 15.2 does not properly check file extensions, which allows remote attackers to upload and execute arbitrary files via a NULL byte after the extension, as demonstrated by a .war%00 file. | |||||
| CVE-2015-0516 | 1 Emc | 2 Vipr Srm, Watch4net | 2018-10-09 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 allows remote authenticated users to read arbitrary files via a crafted URL. | |||||
| CVE-2015-1365 | 1 Pixabay Images Project | 1 Pixabay Images | 2018-10-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress allows remote attackers to write to arbitrary files via a .. (dot dot) in the q parameter. | |||||
| CVE-2014-8084 | 1 Osclass | 1 Osclass | 2018-10-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in oc-includes/osclass/controller/ajax.php in OSClass before 3.4.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ajaxfile parameter in a custom action. | |||||
| CVE-2014-7985 | 1 Espocrm | 1 Espocrm | 2018-10-09 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in EspoCRM before 2.6.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter to install/index.php. | |||||
| CVE-2014-6308 | 1 Osclass | 1 Osclass | 2018-10-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in OSClass before 3.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter in a render action to oc-admin/index.php. | |||||
| CVE-2014-5258 | 1 Webedition | 1 Webedition Cms | 2018-10-09 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in showTempFile.php in webEdition CMS before 6.3.9.0 Beta allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter. | |||||
| CVE-2014-5393 | 1 Sos | 1 Jobscheduler | 2018-10-09 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in the JobScheduler Operations Center (JOC) in SOS JobScheduler before 1.6.4246 and 1.7.x before 1.7.4241 allows remote authenticated users with the info permission to read arbitrary files in the webroot via unspecified vectors. | |||||
| CVE-2014-3806 | 1 Vmturbo | 1 Operations Manager | 2018-10-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in cgi-bin/help/doIt.cgi in VMTurbo Operations Manager before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the xml_path parameter. | |||||
| CVE-2014-3225 | 1 Cobblerd | 1 Cobbler | 2018-10-09 | 4.0 MEDIUM | N/A |
| Absolute path traversal vulnerability in the web interface in Cobbler 2.4.x through 2.6.x allows remote authenticated users to read arbitrary files via the Kickstart field in a profile. | |||||
| CVE-2014-2858 | 1 Gopivotal | 2 Grails, Grails-resources | 2018-10-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the Resources plugin 1.0.0 before 1.2.6 for Pivotal Grails 2.0.0 through 2.3.6 allows remote attackers to obtain sensitive information via unspecified vectors related to a "configured block." NOTE: this issue was SPLIT from CVE-2014-0053 per ADT2 due to different vulnerability types. | |||||
| CVE-2014-2575 | 1 Devexpress | 1 Aspxfilemanager Control For Webforms And Mvc | 2018-10-09 | 6.5 MEDIUM | N/A |
| Directory traversal vulnerability in the File Manager component in DevExpress ASPxFileManager Control for ASP.NET WebForms and MVC before 13.1.10 and 13.2.x before 13.2.9 allows remote authenticated users to read or write arbitrary files via a .. (dot dot) in the __EVENTARGUMENT parameter. | |||||
| CVE-2014-1222 | 1 Vtiger | 1 Vtiger Crm | 2018-10-09 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in kcfinder/browse.php in Vtiger CRM before 6.0.0 Security patch 1 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter in a download action. NOTE: it is likely that this issue is actually in the KCFinder third-party component, and it affects additional products besides Vtiger CRM. | |||||
| CVE-2011-4712 | 1 Monoxide0184 | 1 Oxide Webserver | 2018-10-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Oxide WebServer allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in an HTTP request. | |||||
| CVE-2011-2744 | 1 Chyrp | 1 Chyrp | 2018-10-09 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in Chyrp 2.1 and earlier allows remote attackers to include and execute arbitrary local files via a ..%2F (encoded dot dot slash) in the action parameter to the default URI. | |||||
| CVE-2011-2780 | 1 Chyrp | 1 Chyrp | 2018-10-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in includes/lib/gz.php in Chyrp 2.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, a different vulnerability than CVE-2011-2744. | |||||
| CVE-2011-3357 | 1 Mantisbt | 1 Mantisbt | 2018-10-09 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in bug_actiongroup_ext_page.php in MantisBT before 1.2.8 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter, related to bug_actiongroup_page.php. | |||||
| CVE-2011-2508 | 1 Phpmyadmin | 1 Phpmyadmin | 2018-10-09 | 6.0 MEDIUM | N/A |
| Directory traversal vulnerability in libraries/display_tbl.lib.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1, when a certain MIME transformation feature is enabled, allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in a GLOBALS[mime_map][$meta->name][transformation] parameter. | |||||
| CVE-2011-1736 | 1 Hp | 1 Openview Storage Data Protector | 2018-10-09 | 8.5 HIGH | N/A |
| Directory traversal vulnerability in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to read arbitrary files via directory traversal sequences in a filename in a GET_FILE message. | |||||
| CVE-2011-1099 | 1 Focalmedia.net | 1 Quick Polls | 2018-10-09 | 5.8 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in FocalMedia.Net Quick Polls before 1.0.2 allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the p parameter in a preview action to index.php, or (2) delete arbitrary files via a .. (dot dot) in the p parameter in a delete action to index.php. | |||||
| CVE-2011-0751 | 1 Nazgul | 1 Nostromo | 2018-10-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in nhttpd (aka Nostromo webserver) before 1.9.4 allows remote attackers to execute arbitrary programs or read arbitrary files via a ..%2f (encoded dot dot slash) in a URI. | |||||
| CVE-2008-0782 | 1 Moinmoin | 1 Moinmoin | 2018-10-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in MoinMoin 1.5.8 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the MOIN_ID user ID in a cookie for a userform action. NOTE: this issue can be leveraged for PHP code execution via the quicklinks parameter. | |||||
| CVE-2012-1790 | 1 Webgrind Project | 1 Webgrind | 2018-08-30 | 5.0 MEDIUM | N/A |
| Absolute path traversal vulnerability in Webgrind 1.0 and 1.0.2 allows remote attackers to read arbitrary files via a full pathname in the file parameter to index.php. | |||||
| CVE-2013-5979 | 1 Springsignage | 1 Xibo | 2018-08-13 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Spring Signage Xibo 1.2.x before 1.2.3 and 1.4.x before 1.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter to index.php. | |||||
| CVE-2013-0262 | 1 Rack Project | 1 Rack | 2018-08-13 | 4.3 MEDIUM | N/A |
| rack/file.rb (Rack::File) in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATH_INFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka "symlink path traversals." | |||||
| CVE-2008-1606 | 1 Elastic Path | 1 Elastic Path | 2018-08-13 | 6.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in Elastic Path (EP) 4.1 and 4.1.1 allow remote attackers to (1) download arbitrary files via a .. (dot dot) in the file parameter to manager/getImportFileRedirect.jsp, (2) upload arbitrary files via a "..\" (dot dot backslash) in the file parameter to importData.jsp, and (3) list directory contents via a .. (dot dot) in the dir parameter to manager/fileManager.jsp. | |||||
| CVE-2007-4829 | 2 Archive\, Canonical | 2 \, Ubuntu Linux | 2018-08-08 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in the Archive::Tar Perl module 1.36 and earlier allows user-assisted remote attackers to overwrite arbitrary files via a TAR archive that contains a file whose name is an absolute path or has ".." sequences. | |||||
| CVE-2015-4666 | 1 Xceedium | 1 Xsuite | 2018-06-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in opm/read_sessionlog.php in Xceedium Xsuite 2.4.4.5 and earlier allows remote attackers to read arbitrary files via a ....// (quadruple dot double slash) in the logFile parameter. | |||||
| CVE-2012-1497 | 1 Movabletype | 4 Movable Type Advanced, Movable Type Enterprise, Movable Type Open Source and 1 more | 2018-01-18 | 4.0 MEDIUM | N/A |
| The default configuration of Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 supports the "mt:Include file=" attribute, which allows remote authenticated users to conduct directory traversal attacks and read arbitrary files by leveraging the template-designer role. | |||||
| CVE-2012-1839 | 1 Ajaxplorer | 1 Ajaxplorer | 2018-01-11 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in the Get Template feature in plugins/gui.ajax/class.AJXP_ClientDriver.php in AjaXplorer 3.2.x before 3.2.5 and 4.0.x before 4.0.4 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) pluginName or (2) pluginPath parameter in a get_template action. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2012-1841 | 2 Dell, Quantum | 7 Powervault Ml6000, Powervault Ml6000 Firmware, Powervault Ml6010 and 4 more | 2018-01-10 | 5.0 MEDIUM | N/A |
| Absolute path traversal vulnerability in logShow.htm on the Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the Dell ML6000 tape library with firmware before A20-00 (590G.GS00100), allows remote attackers to read arbitrary files via a full pathname in the file parameter. | |||||
| CVE-2012-0246 | 1 Ecava | 1 Integraxor | 2018-01-06 | 9.3 HIGH | N/A |
| Directory traversal vulnerability in an unspecified ActiveX control in Ecava IntegraXor before 3.71.4200 allows remote attackers to execute arbitrary code via vectors involving an HTML document on the server. | |||||
| CVE-2011-4543 | 1 Oscommerce | 1 Oscommerce | 2018-01-06 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in osCommerce 3.0.2 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) set or (2) module parameter to (a) OM/Core/Site/Admin/Application/templates_modules/pages/info.php, (b) OM/Core/Site/Admin/Application/templates_modules/pages/edit.php, or (c) OM/Core/Site/Admin/Application/templates_modules/pages/uninstall.php; the (3) set parameter to OM/Core/Site/Admin/Application/templates_modules/pages/main.php; the module parameter to (4) OM/Core/Site/Admin/Application/modules_order_total/pages/edit.php, (5) OM/Core/Site/Admin/Application/modules_order_total/pages/uninstall.php, (6) OM/Core/Site/Admin/Application/modules_order_total/pages/info.php, (7) OM/Core/Site/Admin/Application/modules_geoip/pages/edit.php, (8) OM/Core/Site/Admin/Application/modules_geoip/pages/uninstall.php, (9) OM/Core/Site/Admin/Application/images/pages/main.php, (10) OM/Core/Site/Admin/Application/modules_shipping/pages/edit.php, or (11) OM/Core/Site/Admin/Application/modules_shipping/pages/uninstall.php; the filter parameter to (12) OM/Core/Site/Admin/Application/templates_modules_layout/pages/main.php, (13) OM/Core/Site/Admin/Application/templates_modules_layout/pages/new.php, or (14) OM/Core/Site/Admin/Application/templates_modules_layout/pages/edit.php; or the template parameter to (15) OM/Core/Site/Admin/Application/templates/pages/info.php, (16) OM/Core/Site/Admin/Application/templates/pages/edit.php, or (17) OM/Core/Site/Admin/Application/templates/pages/uninstall.php. | |||||
| CVE-2012-0365 | 1 Cisco | 12 Small Business Srp520-u Series Firmware, Small Business Srp520 Series Firmware, Small Business Srp521w and 9 more | 2018-01-04 | 9.0 HIGH | N/A |
| Directory traversal vulnerability in the Local TFTP file-upload application on Cisco SRP 520 series devices with firmware before 1.1.26 and SRP 520W-U and 540 series devices with firmware before 1.2.4 allows remote authenticated users to upload software to arbitrary directories via unspecified vectors, aka Bug ID CSCtw56009. | |||||
| CVE-2014-1833 | 1 Devscripts Devel Team | 1 Devscripts | 2018-01-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in uupdate in devscripts 2.14.1 allows remote attackers to modify arbitrary files via a crafted .orig.tar file, related to a symlink. | |||||
| CVE-2014-3864 | 1 Debian | 1 Dpkg-dev | 2017-12-29 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in dpkg-source in dpkg-dev 1.3.0 allows remote attackers to modify files outside of the intended directories via a crafted source package that lacks a --- header line. | |||||