Search
Total
4706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-2279 | 1 Seeddms | 1 Seeddms | 2017-08-29 | 6.4 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in SeedDMS (formerly LetoDMS and MyDMS) before 4.3.4 allow (1) remote authenticated users with access to the LogManagement functionality to read arbitrary files via a .. (dot dot) in the logname parameter to out/out.LogManagement.php or (2) remote attackers to write to arbitrary files via a .. (dot dot) in the fileId parameter to op/op.AddFile2.php. NOTE: vector 2 can be leveraged to execute arbitrary code by using CVE-2014-2278. | |||||
| CVE-2014-3340 | 1 Cisco | 1 Webex Meetmenow | 2017-08-29 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in an unspecified PHP script in the server in Cisco WebEx MeetMeNow allows remote authenticated users to read arbitrary files via a crafted request, aka Bug ID CSCuo16166. | |||||
| CVE-2014-0809 | 1 Gapless Player | 1 Simzip | 2017-08-29 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in the Gapless Player SimZip (aka Simple Zip Viewer) application before 1.2.1 for Android allows remote attackers to overwrite or create arbitrary files via a crafted filename. | |||||
| CVE-2014-0830 | 1 Ibm | 1 Financial Transaction Manager | 2017-08-29 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in the table-export implementation in the OAC component in IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 and 2.1 before 2.1.0.1 allows remote authenticated users to read arbitrary files via a modified pathname. | |||||
| CVE-2013-6987 | 1 Synology | 1 Diskstation Manager | 2017-08-29 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in the FileBrowser components in Synology DiskStation Manager (DSM) before 4.3-3810 Update 3 allow remote attackers to read, write, and delete arbitrary files via a .. (dot dot) in the (1) path parameter to file_delete.cgi or (2) folder_path parameter to file_share.cgi in webapi/FileStation/; (3) dlink parameter to fbdownload/; or unspecified parameters to (4) html5_upload.cgi, (5) file_download.cgi, (6) file_sharing.cgi, (7) file_MVCP.cgi, or (8) file_rename.cgi in webapi/FileStation/. | |||||
| CVE-2014-3317 | 1 Cisco | 1 Unified Communications Manager | 2017-08-29 | 5.5 MEDIUM | N/A |
| Directory traversal vulnerability in the Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager 10.0(1) allows remote authenticated users to delete arbitrary files via a crafted URL, aka Bug ID CSCup76314. | |||||
| CVE-2014-4384 | 1 Apple | 1 Iphone Os | 2017-08-29 | 1.9 LOW | N/A |
| Directory traversal vulnerability in the App Installation feature in Apple iOS before 8 allows local users to install unverified apps by triggering code-signature validation of an unintended bundle. | |||||
| CVE-2014-2588 | 1 Mcafee | 1 Asset Manager | 2017-08-29 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in servlet/downloadReport in McAfee Asset Manager 6.6 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the reportFileName parameter. | |||||
| CVE-2013-7300 | 1 Craig Drummond | 1 Cantata | 2017-08-29 | 5.0 MEDIUM | N/A |
| Absolute path traversal vulnerability in cantata before 1.2.2 allows local users to read arbitrary files via a full pathname in a request to the internal httpd server. NOTE: this vulnerability can be leveraged by remote attackers using CVE-2013-7301. | |||||
| CVE-2014-0918 | 1 Ibm | 1 Websphere Portal | 2017-08-29 | 7.1 HIGH | N/A |
| Directory traversal vulnerability in IBM Eclipse Help System (IEHS) in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF27, and 8.0 before 8.0.0.1 CF06 allows remote attackers to read arbitrary files via a crafted URL. | |||||
| CVE-2014-1907 | 2 Videowhisper, Wordpress | 2 Live Streaming Integration Plugin, Wordpress | 2017-08-29 | 6.4 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the s parameter to ls/rtmp_login.php or (2) delete arbitrary files via a .. (dot dot) in the s parameter to ls/rtmp_logout.php. | |||||
| CVE-2013-6720 | 1 Ibm | 1 Tealeaf Cx | 2017-08-29 | 5.5 MEDIUM | N/A |
| Directory traversal vulnerability in download.php in the Passive Capture Application (PCA) web console in IBM Tealeaf CX 7.x, 8.x through 8.6, 8.7 before FP2, and 8.8 before FP2 allows remote authenticated users to bypass intended access restrictions via a .. (dot dot) in the log parameter, as demonstrated using a crafted request for a customer-support file, as demonstrated by a log file. | |||||
| CVE-2013-1604 | 1 Maygion | 1 Ip Camera Firmware | 2017-08-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in MayGion IP Cameras with firmware before 2013.04.22 (05.53) allows remote attackers to read arbitrary files via a .. (dot dot) in the default URI. | |||||
| CVE-2013-1641 | 1 Quixplorer | 1 Quixplorer | 2017-08-29 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in the zip download functionality in QuiXplorer before 2.5.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the selitems[] parameter in a download_selected action to index.php. | |||||
| CVE-2013-2619 | 1 Aspen | 1 Aspen | 2017-08-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Aspen before 0.22 allows remote attackers to read arbitrary files via a .. (dot dot) to the default URI. | |||||
| CVE-2013-3042 | 1 Ibm | 2 Rational Software Architect Design Manager, Rhapsody Design Manager | 2017-08-29 | 2.1 LOW | N/A |
| Directory traversal vulnerability in the server in IBM Rational Software Architect Design Manager and Rhapsody Design Manager 3.x and 4.x before 4.0.5 allows local users to read arbitrary files via vectors involving temporary files. | |||||
| CVE-2013-2978 | 1 Ibm | 1 Cognos Business Intelligence | 2017-08-29 | 2.1 LOW | N/A |
| Absolute path traversal vulnerability in the server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1, 10.1.1, 10.2, and 10.2.1 allows remote authenticated users to read files by leveraging the Report Author privilege, a different vulnerability than CVE-2013-2988. | |||||
| CVE-2013-2979 | 1 Ibm | 2 Infosphere Optim Performance Manager, Optim Performance Manager | 2017-08-29 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in IBM Optim Performance Manager 4.1.1 and IBM InfoSphere Optim Performance Manager 5.x before 5.2 allows remote authenticated users to read arbitrary files via a crafted URL. | |||||
| CVE-2013-2981 | 1 Ibm | 1 Data Studio | 2017-08-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the Web Console in IBM Data Studio 3.1.0 and 3.1.1 allows remote attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2013-3043 | 1 Ibm | 2 Rational Software Architect Design Manager, Rhapsody Design Manager | 2017-08-29 | 2.1 LOW | N/A |
| Directory traversal vulnerability in the client in IBM Rational Software Architect Design Manager and Rhapsody Design Manager 3.x and 4.x before 4.0.5 allows local users to read arbitrary files via vectors involving temporary files. | |||||
| CVE-2013-2984 | 1 Ibm | 2 Sterling B2b Integrator, Sterling File Gateway | 2017-08-29 | 6.5 MEDIUM | N/A |
| Directory traversal vulnerability in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allows remote authenticated users to read or modify files via unspecified vectors. | |||||
| CVE-2013-2988 | 1 Ibm | 1 Cognos Business Intelligence | 2017-08-29 | 2.6 LOW | N/A |
| Absolute path traversal vulnerability in the server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1, 10.1.1, 10.2, and 10.2.1 allows remote authenticated users to read files by leveraging the Report Author privilege, a different vulnerability than CVE-2013-2978. | |||||
| CVE-2013-3004 | 1 Ibm | 1 Tivoli Application Dependency Discovery Manager | 2017-08-29 | 3.5 LOW | N/A |
| Directory traversal vulnerability in BIRT-Report Viewer in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.x and 7.2.x before 7.2.1.5 allows remote authenticated users to read arbitrary files via unspecified vectors. | |||||
| CVE-2013-3429 | 1 Cisco | 1 Video Surveillance Manager | 2017-08-29 | 7.8 HIGH | N/A |
| Multiple directory traversal vulnerabilities in Cisco Video Surveillance Manager (VSM) before 7.0.0 allow remote attackers to read system files via a crafted URL, related to the Cisco_VSBWT (aka Broadware sample code) package, aka Bug ID CSCsv37163. | |||||
| CVE-2013-3457 | 1 Cisco | 1 Finesse | 2017-08-29 | 5.0 MEDIUM | N/A |
| Absolute path traversal vulnerability in the web interface in Cisco Finesse allows remote attackers to read directory contents via a direct request to a directory URL, aka Bug ID CSCug16772. | |||||
| CVE-2013-0544 | 2 Ibm, Linux | 2 Websphere Application Server, Linux Kernel | 2017-08-29 | 5.5 MEDIUM | N/A |
| Directory traversal vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 on Linux and UNIX allows remote authenticated users to modify data via unspecified vectors. | |||||
| CVE-2013-3921 | 1 Easytimestudio | 1 Easy File Manager | 2017-08-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Easytime Studio Easy File Manager 1.1 for iOS allows remote attackers to read arbitrary files via a ..%2f (encoded dot dot slash) to the default URI. | |||||
| CVE-2013-3922 | 1 Gummybearstudios | 1 Ftp Drive \+ Http Server | 2017-08-29 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in Gummy Bear Studios FTP Drive + HTTP Server 1.0.4 and earlier allows remote attackers to read arbitrary files via a ..%2f (encoded dot dot slash) in a GET request. | |||||
| CVE-2013-3923 | 1 Savysoda | 1 Wifi Free Hd | 2017-08-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in SavySoda WiFi HD Free before 7.0 allows remote attackers to read arbitrary files via a ..%2f (encoded dot dot slash) in a GET request. | |||||
| CVE-2013-4054 | 1 Ibm | 1 Websphere Mq | 2017-08-29 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in WMQ Telemetry in IBM WebSphere MQ 7.5 before 7.5.0.3 allows remote attackers to read arbitrary files via a crafted URI. | |||||
| CVE-2013-4413 | 2 Ruby-lang, Schneems | 2 Ruby, Wicked | 2017-08-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in controller/concerns/render_redirect.rb in the Wicked gem before 1.0.1 for Ruby allows remote attackers to read arbitrary files via a %2E%2E%2F (encoded dot dot slash) in the step. | |||||
| CVE-2013-5011 | 1 Symantec | 1 Endpoint Protection | 2017-08-29 | 7.2 HIGH | N/A |
| Unquoted Windows search path vulnerability in the client in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x before 12.1.2 RU2 allows local users to gain privileges via a crafted program in the %SYSTEMDRIVE% directory. | |||||
| CVE-2013-5301 | 1 Trustport | 1 Webfilter | 2017-08-29 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in help.php in Trustport Webfilter 5.5.0.2232 allows remote attackers to read arbitrary files via a .. (dot dot) in the hf parameter. | |||||
| CVE-2013-5751 | 1 Sap | 1 Netweaver | 2017-08-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in SAP NetWeaver 7.x allows remote attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2013-6226 | 1 Ajaxplorer | 1 Ajaxplorer | 2017-08-29 | 8.5 HIGH | N/A |
| Directory traversal vulnerability in plugins/editor.zoho/agent/save_zoho.php in the Zoho plugin in Pydio (formerly AjaXplorer) before 5.0.4 allows remote attackers to read or delete arbitrary files via unspecified vectors. | |||||
| CVE-2013-6303 | 1 Ibm | 1 Algo One | 2017-08-29 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated users to read arbitrary files via unspecified vectors. | |||||
| CVE-2013-6304 | 1 Ibm | 2 Algo One, Algo Risk Application | 2017-08-29 | 4.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in Algo Risk Application (ARA) 2.4.0.1 through 4.9.1 in IBM Algo One allow remote authenticated users to bypass intended access restrictions via a crafted pathname for a (1) configuration or (2) JAR file. | |||||
| CVE-2012-5335 | 1 Saurabh Gupta | 1 Tiny Server | 2017-08-29 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in Tiny Server 1.1.5 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the URI of an HTTP request. | |||||
| CVE-2012-5687 | 1 Tp-link | 2 Tl-wr841n, Tl-wr841n Firmware | 2017-08-29 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in the web-based management feature on the TP-LINK TL-WR841N router with firmware 3.13.9 build 120201 Rel.54965n and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to the help/ URI. | |||||
| CVE-2012-5641 | 2 Apache, Mochiweb Project | 2 Couchdb, Mochiweb | 2017-08-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the partition2 function in mochiweb_util.erl in MochiWeb before 2.4.0, as used in Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1, allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the default URI. | |||||
| CVE-2012-5907 | 1 Tomatocart | 1 Tomatocart | 2017-08-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in json.php in TomatoCart 1.2.0 Alpha 2 and possibly earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the module parameter in a "3" action. | |||||
| CVE-2012-5331 | 1 Nasir Khan | 1 Asaancart | 2017-08-29 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in asaanCart 0.9 allows remote attackers to include arbitrary local files via a .. (dot dot) in the page parameter to index.php. | |||||
| CVE-2012-6522 | 1 W-cms | 1 W-cms | 2017-08-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the getContent function in codes/wcms.php in w-CMS 2.01 allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2012-5171 | 1 Be-graph | 1 Bezip | 2017-08-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Be Graph BeZIP before 3.10 allows remote attackers to create or overwrite arbitrary files via a crafted archive file. | |||||
| CVE-2012-5100 | 1 Luizpicanco | 1 Hserver | 2017-08-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in HServer 0.1.1 allows remote attackers to read arbitrary files via a (1) ..%5c (dot dot encoded backslash) or (2) %2e%2e%5c (encoded dot dot backslash) in the PATH_INFO. | |||||
| CVE-2012-4997 | 1 Anecms | 1 Anecms | 2017-08-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in acp/index.php in AneCMS allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the p parameter. | |||||
| CVE-2012-6038 | 1 Razorcms | 1 Razorcms | 2017-08-29 | 6.5 MEDIUM | N/A |
| admin/core/admin_func.php in razorCMS before 1.2.1 does not properly restrict access to certain administrator directories and files, which allows remote authenticated users to read, edit, rename, move, copy and delete files via the (1) dir parameter in a fileman or (2) filemanview action. NOTE: this issue has been referred to as a "path traversal." | |||||
| CVE-2012-4920 | 2 Wordpress, Zingiri | 2 Wordpress, Forums | 2017-08-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the zing_forum_output function in forum.php in the Zingiri Forum (aka Forums) plugin before 1.4.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter to index.php. | |||||
| CVE-2012-4915 | 2 Davistribe, Wordpress | 2 Google Doc Embedder, Wordpress | 2017-08-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the Google Doc Embedder plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to libs/pdf.php. | |||||
| CVE-2012-4878 | 1 Flatnux | 1 Flatnux | 2017-08-29 | 5.0 MEDIUM | N/A |
| Absolute path traversal vulnerability in controlcenter.php in FlatnuX CMS 2011 08.09.2 allows remote administrators to read arbitrary files via a full pathname in the dir parameter in a contents/Files action. | |||||