Search
Total
4706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-7250 | 1 Zte | 2 Zxhn H108n R1a, Zxhn H108n R1a Firmware | 2017-09-13 | 7.8 HIGH | 7.5 HIGH |
| Absolute path traversal vulnerability in cgi-bin/webproc on ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allows remote attackers to read arbitrary files via a full pathname in the getpage parameter. | |||||
| CVE-2014-9238 | 1 D-link | 2 Dcs-2103 Hd Cube Network Camera, Dcs-2103 Hd Cube Network Camera Firmware | 2017-09-09 | 5.0 MEDIUM | N/A |
| D-link IP camera DCS-2103 with firmware 1.0.0 allows remote attackers to obtain the installation path via the file parameter to cgi-bin/sddownload.cgi, as demonstrated by a / (forward slash) character. | |||||
| CVE-2014-9574 | 1 Fluxbb | 1 Fluxbb | 2017-09-08 | 9.3 HIGH | N/A |
| Directory traversal vulnerability in install.php in FluxBB before 1.5.8 allows remote attackers to include and execute arbitrary local install.php files via a .. (dot dot) in the install_lang parameter. | |||||
| CVE-2014-100029 | 1 Ganesha Digital Library Project | 1 Ganesha Digital Library | 2017-09-08 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in class/session.php in Ganesha Digital Library (GDL) 4.2 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) newlang or (2) newtheme parameter. | |||||
| CVE-2014-10037 | 1 Domphp | 1 Domphp | 2017-09-08 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in DomPHP 0.83 and earlier allows remote attackers to have unspecified impact via a .. (dot dot) in the url parameter to photoalbum/index.php. | |||||
| CVE-2014-9452 | 1 Vdgsecurity | 1 Vdg Sense | 2017-09-08 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in VDG Security SENSE (formerly DIVA) 2.3.13 allows remote attackers to read arbitrary files via a .. (dot dot) in the default URI to images/. | |||||
| CVE-2015-1589 | 1 Archmage Project | 1 Archmage | 2017-09-08 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in arCHMage 0.2.4 allows remote attackers to write to arbitrary files via a .. (dot dot) in a CHM file. | |||||
| CVE-2014-8727 | 1 F5 | 1 Big-ip Local Traffic Manager | 2017-09-08 | 6.2 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in F5 BIG-IP before 10.2.2 allow local users with the "Resource Administrator" or "Administrator" role to enumerate and delete arbitrary files via a .. (dot dot) in the name parameter to (1) tmui/Control/jspmap/tmui/system/archive/properties.jsp or (2) tmui/Control/form. | |||||
| CVE-2014-9119 | 1 Db Backup Project | 1 Db Backup | 2017-09-08 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in download.php in the DB Backup plugin 4.5 and earlier for Wordpress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | |||||
| CVE-2014-9436 | 1 Sysaid | 1 Sysaid | 2017-09-08 | 5.0 MEDIUM | N/A |
| Absolute path traversal vulnerability in SysAid On-Premise before 14.4.2 allows remote attackers to read arbitrary files via a \\\\ (four backslashes) in the fileName parameter to getRdsLogFile. | |||||
| CVE-2014-10010 | 1 Phpjabbers | 1 Appointment Scheduler | 2017-09-08 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in PHPJabbers Appointment Scheduler 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter in a pjActionDownload action to the pjBackup controller. | |||||
| CVE-2014-100002 | 1 Zohocorp | 1 Manageengine Supportcenter Plus | 2017-09-08 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in ManageEngine SupportCenter Plus 7.9 before 7917 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the attach parameter to WorkOrder.do in the file attachment for a new ticket. | |||||
| CVE-2014-6394 | 3 Apple, Fedoraproject, Joyent | 3 Xcode, Fedora, Node.js | 2017-09-08 | 7.5 HIGH | N/A |
| visionmedia send before 0.8.4 for Node.js uses a partial comparison for verifying whether a directory is within the document root, which allows remote attackers to access restricted directories, as demonstrated using "public-restricted" under a "public" directory. | |||||
| CVE-2014-6182 | 1 Ibm | 1 Business Process Manager | 2017-09-08 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in an export function in the Process Center in IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3 and 8.5.x through 8.5.5 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URL. | |||||
| CVE-2014-6158 | 1 Ibm | 2 Pureapplication System, Workload Deployer | 2017-09-08 | 9.0 HIGH | N/A |
| Multiple directory traversal vulnerabilities in the file-upload feature in IBM PureApplication System 1.0 before 1.0.0.4 iFix 10, 1.1 before 1.1.0.5, and 2.0 before 2.0.0.1 and Workload Deployer 3.1.0.7 before IF5 allow remote authenticated users to execute arbitrary code via a (1) Script Package, (2) Add-On, or (3) Emergency Fixes component. | |||||
| CVE-2014-6095 | 1 Ibm | 1 Security Identity Manager | 2017-09-08 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2014-6149 | 1 Ibm | 1 Tivoli Application Dependency Discovery Manager | 2017-09-08 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in BIRT-viewer in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.0.0 through 7.2.0.10, 7.2.1.0 through 7.2.1.6, and 7.2.2.0 through 7.2.2.2 allows remote authenticated users to read arbitrary files via unspecified vectors. | |||||
| CVE-2014-6154 | 3 Ibm, Linux, Microsoft | 3 Optim Performance Manager, Linux Kernel, Windows | 2017-09-08 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in IBM Optim Performance Manager for DB2 4.1.0.1 through 4.1.1 on Linux, UNIX, and Windows and IBM InfoSphere Optim Performance Manager for DB2 5.1 through 5.3.1 on Linux, UNIX, and Windows allows remote attackers to access arbitrary files via a .. (dot dot) in a URL. | |||||
| CVE-2014-6155 | 1 Ibm | 1 Websphere Service Registry And Repository | 2017-09-08 | 4.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in the ServiceRegistry UI in IBM WebSphere Service Registry and Repository (WSRR) 7.5.x through 7.5.0.4, 8.0.x before 8.0.0.3, and 8.5.x before 8.5.0.1 allow remote authenticated users to read arbitrary files via unspecified vectors. | |||||
| CVE-2014-100015 | 1 Solidworks | 1 Product Data Management | 2017-09-08 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in pdmwService.exe in SolidWorks Workgroup PDM 2014 allows remote attackers to write to arbitrary files via a .. (dot dot) in the filename in a file upload. | |||||
| CVE-2014-6194 | 1 Ibm | 12 Change And Configuration Management Database, Maximo Asset Management, Maximo Asset Management Essentials and 9 more | 2017-09-08 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in an unspecified web form in IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX007, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to read arbitrary files via a .. (dot dot) in a pathname. | |||||
| CVE-2014-5368 | 1 Wp Content Source Control Project | 1 Wp Content Source Control | 2017-09-08 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the file_get_contents function in downloadfiles/download.php in the WP Content Source Control (wp-source-control) plugin 3.0.0 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter. | |||||
| CVE-2015-1198 | 1 Linux-ha | 1 Ha | 2017-09-06 | 5.0 MEDIUM | 7.5 HIGH |
| Multiple directory traversal vulnerabilities in ha 0.999p+dfsg-5. | |||||
| CVE-2015-1876 | 1 Estrongs | 1 Es File Explorer | 2017-09-06 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in ES File Explorer 3.2.4.1. | |||||
| CVE-2014-8163 | 1 Redhat | 1 Satellite | 2017-09-05 | 5.5 MEDIUM | 6.5 MEDIUM |
| Directory traversal vulnerability in the XMLRPC interface in Red Hat Satellite 5. | |||||
| CVE-2015-1199 | 1 Ppmd Project | 1 Ppmd | 2017-09-05 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in ppmd 10.1-5. | |||||
| CVE-2014-8676 | 1 Soplanning | 1 Soplanning | 2017-09-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| Directory traversal vulnerability in the file_get_contents function in SOPlanning 1.32 and earlier allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) in a URL path parameter. | |||||
| CVE-2016-1610 | 1 Novell | 1 Filr | 2017-09-03 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in the email-template feature in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allows remote attackers to bypass intended access restrictions and write to arbitrary files via a .. (dot dot) in a blob name. | |||||
| CVE-2016-6896 | 1 Wordpress | 1 Wordpress | 2017-09-03 | 5.5 MEDIUM | 7.1 HIGH |
| Directory traversal vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress 4.5.3 allows remote authenticated users to cause a denial of service or read certain text files via a .. (dot dot) in the plugin parameter to wp-admin/admin-ajax.php, as demonstrated by /dev/random read operations that deplete the entropy pool. | |||||
| CVE-2016-5639 | 1 Crestron | 2 Airmedia Am-100, Airmedia Am-100 Firmware | 2017-09-03 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in cgi-bin/login.cgi on Crestron AirMedia AM-100 devices with firmware before 1.4.0.13 allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter. | |||||
| CVE-2017-7693 | 1 Riverbed | 1 Opnet App Response Xpert | 2017-09-02 | 6.8 MEDIUM | 6.5 MEDIUM |
| Directory traversal vulnerability in viewer_script.jsp in Riverbed OPNET App Response Xpert (ARX) version 9.6.1 allows remote authenticated users to inject arbitrary commands to read OS files. | |||||
| CVE-2016-5307 | 1 Symantec | 1 Endpoint Protection Manager | 2017-09-01 | 4.0 MEDIUM | 4.3 MEDIUM |
| Directory traversal vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to read arbitrary files in the web-root directory tree via unspecified vectors. | |||||
| CVE-2016-2205 | 1 Symantec | 2 Workspace Streaming, Workspace Virtualization | 2017-09-01 | 6.1 MEDIUM | 5.7 MEDIUM |
| Directory traversal vulnerability in the file-download configuration file in the management console in Symantec Workspace Streaming (SWS) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 and Symantec Workspace Virtualization (SWV) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 allows remote authenticated users to read unspecified application files via unknown vectors. | |||||
| CVE-2015-1386 | 1 Unshield Project | 1 Unshield | 2017-08-31 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in unshield 1.0-1. | |||||
| CVE-2017-10834 | 1 Nippon-antenna | 2 Scr02hd, Scr02hd Firmware | 2017-08-31 | 4.0 MEDIUM | 6.5 MEDIUM |
| Directory traversal vulnerability in "Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier allows authenticated attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2017-10841 | 1 Webcalendar Project | 1 Webcalendar | 2017-08-30 | 4.0 MEDIUM | 4.9 MEDIUM |
| Directory traversal vulnerability in WebCalendar 1.2.7 and earlier allows authenticated attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2017-2258 | 1 Cybozu | 1 Garoon | 2017-08-30 | 4.0 MEDIUM | 4.3 MEDIUM |
| Directory traversal vulnerability in Cybozu Garoon 4.2.4 to 4.2.5 allows an attacker to read arbitrary files via Garoon SOAP API "WorkflowHandleApplications". | |||||
| CVE-2017-10665 | 1 Phpgrid | 1 Phpgrid | 2017-08-30 | 6.8 MEDIUM | 7.8 HIGH |
| Directory traversal vulnerability in ajaxfileupload.php in Kayson Group Ltd. phpGrid before 7.2.5 allows remote attackers to execute arbitrary code by uploading a crafted file with a .. (dot dot) in the file name. | |||||
| CVE-2015-4180 | 1 Phpmybackuppro | 1 Phpmybackuppro | 2017-08-30 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in get_file.php in phpMyBackupPro 2.1 through 2.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this vulnerability exists due to an incomplete fix to CVE-2009-4050. | |||||
| CVE-2015-4181 | 1 Phpmybackuppro | 1 Phpmybackuppro | 2017-08-30 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in get_file.php in phpMyBackupPro 2.1 through 2.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this vulnerability exists due to an incomplete fix to CVE-2015-4180. | |||||
| CVE-2015-1395 | 3 Canonical, Fedoraproject, Gnu | 3 Ubuntu Linux, Fedora, Patch | 2017-08-30 | 7.8 HIGH | 7.5 HIGH |
| Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. (dot dot) in a diff file name. | |||||
| CVE-2017-12791 | 1 Saltstack | 1 Salt | 2017-08-29 | 7.5 HIGH | 9.8 CRITICAL |
| Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.11.7 and 2017.7.x before 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. | |||||
| CVE-2017-12938 | 1 Rarlab | 1 Unrar | 2017-08-29 | 5.0 MEDIUM | 7.5 HIGH |
| UnRAR before 5.5.7 allows remote attackers to bypass a directory-traversal protection mechanism via vectors involving a symlink to the . directory, a symlink to the .. directory, and a regular file. | |||||
| CVE-2014-4910 | 1 X | 1 Xf86-video-intel | 2017-08-29 | 4.6 MEDIUM | N/A |
| Directory traversal vulnerability in tools/backlight_helper.c in X.Org xf86-video-intel 2.99.911 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the interface name. | |||||
| CVE-2014-3319 | 1 Cisco | 1 Unified Communications Manager | 2017-08-29 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in the Real-Time Monitoring Tool (RTMT) in Cisco Unified Communications Manager (CM) 10.0(1) allows remote authenticated users to read arbitrary files via a crafted URL, aka Bug ID CSCup57676. | |||||
| CVE-2014-0666 | 1 Cisco | 1 Jabber | 2017-08-29 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in the Send Screen Capture implementation in Cisco Jabber 9.2(.1) and earlier on Windows allows remote attackers to upload arbitrary types of files, and consequently execute arbitrary code, via modified packets, aka Bug ID CSCug48056. | |||||
| CVE-2013-7190 | 1 Iscripts | 1 Autohoster | 2017-08-29 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in iScripts AutoHoster, possibly 2.4, allow remote attackers to read arbitrary files via the (1) tmpid parameter to websitebuilder/showtemplateimage.php, (2) fname parameter to admin/downloadfile.php, or (3) id parameter to support/admin/csvdownload.php; or (4) have an unspecified impact via unspecified vectors in support/parser/main_smtp.php. | |||||
| CVE-2014-2059 | 1 Jenkins | 1 Jenkins | 2017-08-29 | 6.5 MEDIUM | N/A |
| Directory traversal vulnerability in the CLI job creation (hudson/cli/CreateJobCommand.java) in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to overwrite arbitrary files via the job name. | |||||
| CVE-2014-1698 | 1 Siemens | 1 Simatic Wincc Open Architecture | 2017-08-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to read arbitrary files via crafted packets to TCP port 4999. | |||||
| CVE-2014-3664 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2017-08-29 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Overall/READ permission to read arbitrary files via unspecified vectors. | |||||