Total
7005 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-2996 | 1 Sysaid | 1 Sysaid | 2025-04-12 | 8.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in SysAid Help Desk before 15.2 allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the fileName parameter to getGfiUpgradeFile or (2) cause a denial of service (CPU and memory consumption) via a .. (dot dot) in the fileName parameter to calculateRdsFileChecksum. | |||||
| CVE-2014-2863 | 1 Paperthin | 1 Commonspot Content Server | 2025-04-12 | 10.0 HIGH | N/A |
| Multiple absolute path traversal vulnerabilities in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allow remote attackers to have an unspecified impact via a full pathname in a parameter. | |||||
| CVE-2013-3514 | 1 Openx | 1 Openx | 2025-04-12 | 4.3 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in OpenX before 2.8.10 revision 82710 allow remote administrators to read arbitrary files via a .. (dot dot) in the group parameter to (1) plugin-preferences.php or (2) plugin-settings.php in www/admin, a different vulnerability than CVE-2013-7376. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to read arbitrary files. | |||||
| CVE-2014-1442 | 1 Coreftp | 1 Core Ftp | 2025-04-12 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in Core FTP Server 1.2 before build 515 allows remote authenticated users to determine the existence of arbitrary files via a /../ sequence in an XCRC command. | |||||
| CVE-2011-5273 | 1 Gplhost | 1 Domain Technologie Control | 2025-04-12 | 6.5 MEDIUM | N/A |
| Directory traversal vulnerability in shared/package-installer in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary PHP code via a .. (dot dot) in the pkg parameter in a do_install action to dtc/. | |||||
| CVE-2015-3939 | 1 Ids | 3 Ids Rtu 850c, Nc854, Nc856 | 2025-04-12 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in the NC854 and NC856 modules for IDS RTU 850C devices allows remote authenticated users to read arbitrary files via unspecified vectors involving an internal web server, as demonstrated by reading a TELNET credentials file. | |||||
| CVE-2014-3777 | 1 Reportico | 1 Php Report Designer | 2025-04-12 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Reportico PHP Report Designer before 4.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the xmlin parameter. | |||||
| CVE-2016-0709 | 1 Apache | 1 Jetspeed | 2025-04-12 | 9.0 HIGH | 7.2 HIGH |
| Directory traversal vulnerability in the Import/Export function in the Portal Site Manager in Apache Jetspeed before 2.3.1 allows remote authenticated administrators to write to arbitrary files, and consequently execute arbitrary code, via a .. (dot dot) in a ZIP archive entry, as demonstrated by "../../webapps/x.jsp." | |||||
| CVE-2012-1669 | 1 Phpmoneybooks | 1 Phpmoneybooks | 2025-04-12 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in phpMoneyBooks before 1.0.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module parameter. | |||||
| CVE-2015-1195 | 1 Openstack | 1 Image Registry And Delivery Service \(glance\) | 2025-04-12 | 6.5 MEDIUM | N/A |
| The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.1.4 and 2014.2.x before 2014.2.2 allows remote authenticated users to read or delete arbitrary files via a full pathname in a filesystem: URL in the image location property. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-9493. | |||||
| CVE-2014-1842 | 1 Southrivertech | 1 Titan Ftp Server | 2025-04-12 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to list all usernames via a Go action with a .. (dot dot) in the search-bar value. | |||||
| CVE-2013-6304 | 1 Ibm | 2 Algo One, Algo Risk Application | 2025-04-12 | 4.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in Algo Risk Application (ARA) 2.4.0.1 through 4.9.1 in IBM Algo One allow remote authenticated users to bypass intended access restrictions via a crafted pathname for a (1) configuration or (2) JAR file. | |||||
| CVE-2011-4367 | 1 Apache | 1 Myfaces | 2025-04-12 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in MyFaces JavaServer Faces (JSF) in Apache MyFaces Core 2.0.x before 2.0.12 and 2.1.x before 2.1.6 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) ln parameter to faces/javax.faces.resource/web.xml or (2) the PATH_INFO to faces/javax.faces.resource/. | |||||
| CVE-2014-4689 | 1 Netgate | 1 Pfsense | 2025-04-12 | 5.0 MEDIUM | N/A |
| Absolute path traversal vulnerability in pkg_edit.php in pfSense before 2.1.4 allows remote attackers to read arbitrary XML files via a full pathname in the xml parameter. | |||||
| CVE-2014-9238 | 1 D-link | 2 Dcs-2103 Hd Cube Network Camera, Dcs-2103 Hd Cube Network Camera Firmware | 2025-04-12 | 5.0 MEDIUM | N/A |
| D-link IP camera DCS-2103 with firmware 1.0.0 allows remote attackers to obtain the installation path via the file parameter to cgi-bin/sddownload.cgi, as demonstrated by a / (forward slash) character. | |||||
| CVE-2015-8228 | 1 Huawei | 10 Ar120, Ar1200, Ar150 and 7 more | 2025-04-12 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in the SFTP server in Huawei AR 120, 150, 160, 200, 500, 1200, 2200, 3200, and 3600 routers with software before V200R006SPH003 allows remote authenticated users to access arbitrary directories via unspecified vectors. | |||||
| CVE-2014-2583 | 1 Linux-pam | 1 Linux-pam | 2025-04-12 | 5.8 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in pam_timestamp.c in the pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users to create arbitrary files or possibly bypass authentication via a .. (dot dot) in the (1) PAM_RUSER value to the get_ruser function or (2) PAM_TTY value to the check_tty function, which is used by the format_timestamp_name function. | |||||
| CVE-2016-5332 | 1 Vmware | 1 Vrealize Log Insight | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| Directory traversal vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.6.0 allows remote attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2014-5350 | 1 Bitdefender | 1 Gravityzone | 2025-04-12 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in Bitdefender GravityZone before 5.1.11.432 allow remote attackers to read arbitrary files via a (1) .. (dot dot) in the id parameter to webservice/CORE/downloadFullKitEpc/a/1 in the Web Console or (2) %2E%2E (encoded dot dot) in the default URI to port 7074 on the Update Server. | |||||
| CVE-2014-6149 | 1 Ibm | 1 Tivoli Application Dependency Discovery Manager | 2025-04-12 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in BIRT-viewer in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.0.0 through 7.2.0.10, 7.2.1.0 through 7.2.1.6, and 7.2.2.0 through 7.2.2.2 allows remote authenticated users to read arbitrary files via unspecified vectors. | |||||