Total
8497 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-4867 | 1 Vtiger | 1 Vtiger Crm | 2025-04-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in modules/com_vtiger_workflow/sortfieldsjson.php in vtiger CRM 5.1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the module_name parameter. | |||||
| CVE-2010-1110 | 1 Djayp | 1 Phpmysport | 2025-04-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in phpMySport 1.4 allows remote attackers to list arbitrary directories via a .. (dot dot) in the current_folder parameter. | |||||
| CVE-2010-2037 | 2 Joomla, Percha | 2 Joomla\!, Com Perchadownloadsattach | 2025-04-11 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in the Percha Downloads Attach (com_perchadownloadsattach) component 1.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. | |||||
| CVE-2010-2269 | 1 Accoria | 1 Rock Web Server | 2025-04-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in loadstatic.cgi in Accoria Web Server (aka Rock Web Server) 1.4.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the name parameter. | |||||
| CVE-2009-4626 | 1 Phpnagios | 1 Phpnagios | 2025-04-11 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in menu.php in phpNagios 1.2.0 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the conf[lang] parameter. | |||||
| CVE-2010-1466 | 1 Francois Raynaud | 1 Openurgence Vaccin | 2025-04-11 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in scr/soustab.php in openUrgence Vaccin 1.03 allows remote attackers to read arbitrary files via the dsn[phptype] parameter. | |||||
| CVE-2010-1313 | 2 Joomla, Seber | 2 Joomla\!, Com Sebercart | 2025-04-11 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in the Seber Cart (com_sebercart) component 1.0.0.12 and 1.0.0.13 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2012-0232 | 1 Ge | 1 Intelligent Platforms Proficy Real-time Information Portal | 2025-04-11 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6, 3.0, 3.0 SP1, and 3.5 allows remote attackers to modify the configuration via crafted strings. | |||||
| CVE-2012-1196 | 1 Landesk | 1 Lenovo Thinkmanagement Console | 2025-04-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the VulCore web service (WSVulnerabilityCore/VulCore.asmx) in Lenovo ThinkManagement Console 9.0.3 allows remote attackers to delete arbitrary files via a .. (dot dot) in the filename parameter in a SetTaskLogByFile SOAP request. | |||||
| CVE-2012-6080 | 1 Moinmo | 1 Moinmoin | 2025-04-11 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in the _do_attachment_move function in the AttachFile action (action/AttachFile.py) in MoinMoin 1.9.3 through 1.9.5 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a file name. | |||||
| CVE-2010-1531 | 2 Joomla, Redcomponent | 2 Joomla\!, Com Redshop | 2025-04-11 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in the redSHOP (com_redshop) component 1.0.x for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php. | |||||
| CVE-2012-4834 | 1 Ibm | 1 Websphere Portal | 2025-04-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in LayerLoader.jsp in the theme component in IBM WebSphere Portal 7.0.0.1 and 7.0.0.2 before CF19 and 8.0 before CF03 allows remote attackers to read arbitrary files via a crafted URI. | |||||
| CVE-2013-6023 | 1 Tvt | 2 Dvr, Dvr Firmware | 2025-04-11 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in the TVT TD-2308SS-B DVR with firmware 3.2.0.P-3520A-00 and earlier allows remote attackers to read arbitrary files via .. (dot dot) in the URI. | |||||
| CVE-2010-0942 | 2 Joomla, Jvideodirect | 2 Joomla\!, Com Jvideodirect | 2025-04-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the jVideoDirect (com_jvideodirect) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. | |||||
| CVE-2013-3922 | 1 Gummybearstudios | 1 Ftp Drive \+ Http Server | 2025-04-11 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in Gummy Bear Studios FTP Drive + HTTP Server 1.0.4 and earlier allows remote attackers to read arbitrary files via a ..%2f (encoded dot dot slash) in a GET request. | |||||
| CVE-2010-0760 | 2 Greatjoomla, Joomla | 2 Scriptegrator Plugin, Joomla\! | 2025-04-11 | 6.8 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in the Core Design Scriptegrator plugin 1.4.1 for Joomla! allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) file parameter to libraries/jquery/js/ui/jsloader.php and the (2) files[] parameter to libraries/jquery/js/jsloader.php, a different vector than CVE-2010-0759. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2012-1839 | 1 Ajaxplorer | 1 Ajaxplorer | 2025-04-11 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in the Get Template feature in plugins/gui.ajax/class.AJXP_ClientDriver.php in AjaXplorer 3.2.x before 3.2.5 and 4.0.x before 4.0.4 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) pluginName or (2) pluginPath parameter in a get_template action. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2022-4779 | 1 Elvexys | 1 Streamx | 2025-04-10 | N/A | 7.5 HIGH |
| StreamX applications from versions 6.02.01 to 6.04.34 are affected by a logic bug that allows to bypass the implemented authentication scheme. StreamX applications using StreamView HTML component with the public web server feature activated are affected. | |||||
| CVE-2023-5505 | 1 Inpsyde | 1 Backwpup | 2025-04-10 | N/A | 6.8 MEDIUM |
| The BackWPup plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.0.1 via the job-specific backup folder. This allows authenticated attackers to store backups in arbitrary folders on the server provided they can be written to by the server. Additionally, default settings will place an index.php and a .htaccess file into the chosen directory (unless already present) when the first backup job is run that are intended to prevent directory listing and file access. This means that an attacker could set the backup directory to the root of another site in a shared environment and thus disable that site. | |||||
| CVE-2024-3195 | 1 Mailcleaner | 1 Mailcleaner | 2025-04-10 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability was found in MailCleaner up to 2023.03.14. It has been classified as critical. This affects an unknown part of the component Admin Endpoints. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-262311. | |||||