Total
7006 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-1000006 | 1 Recent-backups Project | 1 Recent-backups | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| Remote file download vulnerability in recent-backups v0.7 wordpress plugin | |||||
| CVE-2014-10010 | 1 Phpjabbers | 1 Appointment Scheduler | 2025-04-12 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in PHPJabbers Appointment Scheduler 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter in a pjActionDownload action to the pjBackup controller. | |||||
| CVE-2013-2039 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-12 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in lib/files/view.php in ownCloud before 4.0.15, 4.5.x 4.5.11, and 5.x before 5.0.6 allows remote authenticated users to access arbitrary files via unspecified vectors. | |||||
| CVE-2011-4722 | 1 Ipswitch | 1 Tftp Server | 2025-04-12 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in the TFTP Server 1.0.0.24 in Ipswitch WhatsUp Gold allows remote attackers to read arbitrary files via a .. (dot dot) in the Filename field of an RRQ operation. | |||||
| CVE-2013-3993 | 1 Ibm | 1 Infosphere Biginsights | 2025-04-12 | 3.5 LOW | 6.5 MEDIUM |
| IBM InfoSphere BigInsights before 2.1.0.3 allows remote authenticated users to bypass intended file and directory restrictions, or access untrusted data or code, via crafted parameters in unspecified API calls. | |||||
| CVE-2014-6095 | 1 Ibm | 1 Security Identity Manager | 2025-04-12 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2015-7237 | 1 Mcafee | 1 Mcafee Agent | 2025-04-12 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the remote log viewing functionality in McAfee Agent (MA) 5.x before 5.0.2 allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2013-1641 | 1 Quixplorer | 1 Quixplorer | 2025-04-12 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in the zip download functionality in QuiXplorer before 2.5.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the selitems[] parameter in a download_selected action to index.php. | |||||
| CVE-2013-6975 | 1 Cisco | 1 Nx-os | 2025-04-12 | 4.6 MEDIUM | N/A |
| Directory traversal vulnerability in the command-line interface in Cisco NX-OS 6.2(2a) and earlier allows local users to read arbitrary files via unspecified input, aka Bug ID CSCul05217. | |||||
| CVE-2014-1507 | 2 Mozilla, Oracle | 2 Firefoxos, Solaris | 2025-04-12 | 9.3 HIGH | N/A |
| Directory traversal vulnerability in the DeviceStorage API in Mozilla FirefoxOS before 1.2.2 allows attackers to bypass the media sandbox protection mechanism, and read or modify arbitrary files, via a crafted application that uses a relative pathname for a DeviceStorageFile object. | |||||
| CVE-2010-5323 | 1 Novell | 1 Zenworks Configuration Management | 2025-04-12 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in UploadServlet in the Remote Management component in Novell ZENworks Configuration Management (ZCM) 10 before 10.3 allows remote attackers to execute arbitrary code via a crafted WAR pathname in the filename parameter in conjunction with WAR content in the POST data, a different vulnerability than CVE-2010-5324. | |||||
| CVE-2014-5181 | 1 Last.fm Rotation Plugin Project | 1 Lastfm-rotation Plugin | 2025-04-12 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in lastfm-proxy.php in the Last.fm Rotation (lastfm-rotation) plugin 1.0 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the snode parameter. | |||||
| CVE-2014-2536 | 2 Intel, Mcafee | 3 Expressway Cloud Access 360, Cloud Identity Manager, Cloud Single Sign On | 2025-04-12 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in McAfee Cloud Identity Manager 3.0, 3.1, and 3.5.1, McAfee Cloud Single Sign On (MCSSO) before 4.0.1, and Intel Expressway Cloud Access 360-SSO 2.1 and 2.5 allows remote authenticated users to read an unspecified file containing a hash of the administrator password via unknown vectors. | |||||
| CVE-2014-3127 | 1 Debian | 1 Dpkg | 2025-04-12 | 7.1 HIGH | N/A |
| dpkg 1.15.9 on Debian squeeze introduces support for the "C-style encoded filenames" feature without recognizing that the squeeze patch program lacks this feature, which triggers an interaction error that allows remote attackers to conduct directory traversal attacks and modify files outside of the intended directories via a crafted source package. NOTE: this can be considered a release engineering problem in the effort to fix CVE-2014-0471. | |||||
| CVE-2014-4929 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-12 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in the routing component in ownCloud Server before 5.0.17 and 6.0.x before 6.0.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in a filename, related to index.php. | |||||
| CVE-2014-7829 | 2 Opensuse, Rubyonrails | 3 Opensuse, Rails, Ruby On Rails | 2025-04-12 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.21, 4.0.x before 4.0.12, 4.1.x before 4.1.8, and 4.2.x before 4.2.0.beta4, when serve_static_assets is enabled, allows remote attackers to determine the existence of files outside the application root via vectors involving a \ (backslash) character, a similar issue to CVE-2014-7818. | |||||
| CVE-2015-1322 | 2 Canonical, Ubuntu | 2 Ubuntu Linux, Network-manager | 2025-04-12 | 4.6 MEDIUM | N/A |
| Directory traversal vulnerability in the Ubuntu network-manager package for Ubuntu (vivid) before 0.9.10.0-4ubuntu15.1, Ubuntu 14.10 before 0.9.8.8-0ubuntu28.1, and Ubuntu 14.04 LTS before 0.9.8.8-0ubuntu7.1 allows local users to change the modem device configuration or read arbitrary files via a .. (dot dot) in the file name in a request to read modem device contexts (com.canonical.NMOfono.ReadImsiContexts). | |||||
| CVE-2014-5445 | 1 Zohocorp | 2 Manageengine It360, Manageengine Netflow Analyzer | 2025-04-12 | 5.0 MEDIUM | N/A |
| Multiple absolute path traversal vulnerabilities in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 allow remote attackers or remote authenticated users to read arbitrary files via a full pathname in the schFilePath parameter to the (1) CSVServlet or (2) CReportPDFServlet servlet. | |||||
| CVE-2014-6394 | 3 Apple, Fedoraproject, Joyent | 3 Xcode, Fedora, Node.js | 2025-04-12 | 7.5 HIGH | N/A |
| visionmedia send before 0.8.4 for Node.js uses a partial comparison for verifying whether a directory is within the document root, which allows remote attackers to access restricted directories, as demonstrated using "public-restricted" under a "public" directory. | |||||
| CVE-2014-8737 | 3 Canonical, Fedoraproject, Gnu | 3 Ubuntu Linux, Fedora, Binutils | 2025-04-12 | 3.6 LOW | N/A |
| Multiple directory traversal vulnerabilities in GNU binutils 2.24 and earlier allow local users to delete arbitrary files via a .. (dot dot) or full path name in an archive to (1) strip or (2) objcopy or create arbitrary files via (3) a .. (dot dot) or full path name in an archive to ar. | |||||