Total
7198 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-4532 | 1 Trihedral | 1 Vtscada | 2025-04-12 | 6.4 MEDIUM | 9.1 CRITICAL |
| Directory traversal vulnerability in the WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to read arbitrary files via a crafted pathname. | |||||
| CVE-2013-5655 | 1 Xiaowen Huang | 1 Yingzhi Python Programming Language | 2025-04-12 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in the FTP server in YingZhi Python Programming Language for iOS 1.9 allows remote attackers to read and possibly write arbitrary files via a .. (dot dot) in the default URI. | |||||
| CVE-2014-1973 | 1 Nextapp | 1 File Explorer | 2025-04-12 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the NextApp File Explorer application before 2.1.0.3 for Android allows remote attackers to overwrite or create arbitrary files via a crafted filename. | |||||
| CVE-2014-5005 | 1 Zohocorp | 1 Manageengine Desktop Central | 2025-04-12 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) before 9 build 90055 allows remote attackers to execute arbitrary code via a .. (dot dot) in the fileName parameter in an LFU action to statusUpdate. | |||||
| CVE-2015-5662 | 1 Avast | 1 Avast Antivirus | 2025-04-12 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in Avast before 150918-0 allows remote attackers to delete or write to arbitrary files via a crafted entry in a ZIP archive. | |||||
| CVE-2014-4577 | 1 Websupporter | 1 Wp Amasin - The Amazon Affiliate Shop | 2025-04-12 | 5.0 MEDIUM | N/A |
| Absolute path traversal vulnerability in reviews.php in the WP AmASIN - The Amazon Affiliate Shop plugin 0.9.6 and earlier for WordPress allows remote attackers to read arbitrary files via a full pathname in the url parameter. | |||||
| CVE-2014-6158 | 1 Ibm | 2 Pureapplication System, Workload Deployer | 2025-04-12 | 9.0 HIGH | N/A |
| Multiple directory traversal vulnerabilities in the file-upload feature in IBM PureApplication System 1.0 before 1.0.0.4 iFix 10, 1.1 before 1.1.0.5, and 2.0 before 2.0.0.1 and Workload Deployer 3.1.0.7 before IF5 allow remote authenticated users to execute arbitrary code via a (1) Script Package, (2) Add-On, or (3) Emergency Fixes component. | |||||
| CVE-2015-2995 | 1 Sysaid | 1 Sysaid | 2025-04-12 | 6.8 MEDIUM | N/A |
| The RdsLogsEntry servlet in SysAid Help Desk before 15.2 does not properly check file extensions, which allows remote attackers to upload and execute arbitrary files via a NULL byte after the extension, as demonstrated by a .war%00 file. | |||||
| CVE-2015-8358 | 1 Bitrix | 1 Mpbuilder | 2025-04-12 | 9.0 HIGH | N/A |
| Directory traversal vulnerability in the bitrix.mpbuilder module before 1.0.12 for Bitrix allows remote administrators to include and execute arbitrary local files via a .. (dot dot) in the element name of the "work" array parameter to admin/bitrix.mpbuilder_step2.php. | |||||
| CVE-2015-0867 | 1 Synck Graphica | 1 Download Log Cgi | 2025-04-12 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in SYNCK GRAPHICA Download Log CGI 3.0 and earlier allows remote attackers to read arbitrary files via a crafted filename. | |||||
| CVE-2015-1000005 | 1 Candidate-application-form Project | 1 Candidate-application-form | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| Remote file download vulnerability in candidate-application-form v1.0 wordpress plugin | |||||
| CVE-2016-1605 | 1 Netiq | 1 Sentinel | 2025-04-12 | 6.8 MEDIUM | 6.5 MEDIUM |
| Directory traversal vulnerability in the ReportViewServlet servlet in the server in NetIQ Sentinel 7.4.x before 7.4.2 allows remote attackers to read arbitrary files via a PREVIEW value for the fileType field. | |||||
| CVE-2015-7037 | 1 Apple | 1 Iphone Os | 2025-04-12 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Mobile Backup in Photos in Apple iOS before 9.2 allows attackers to read arbitrary files via a crafted pathname. | |||||
| CVE-2015-4546 | 1 Emc | 2 Rsa Certificate Manager, Rsa Onestep | 2025-04-12 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in EMC RSA OneStep 6.9 before build 559, as used in RSA Certificate Manager and RSA Registration Manager through 6.9 build 558 and other products, allows remote attackers to read arbitrary files via a crafted KCSOSC_ERROR_PAGE parameter. | |||||
| CVE-2016-9878 | 2 Pivotal Software, Vmware | 2 Spring Framework, Spring Framework | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks. | |||||
| CVE-2016-10106 | 1 Netgear | 8 Fvs318gv2, Fvs318gv2 Firmware, Fvs318n and 5 more | 2025-04-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| Directory traversal vulnerability in scgi-bin/platform.cgi on NETGEAR FVS336Gv3, FVS318N, FVS318Gv2, and SRX5308 devices with firmware before 4.3.3-8 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the thispage parameter, as demonstrated by reading the /etc/shadow file. | |||||
| CVE-2016-5049 | 1 Readydesk | 1 Readydesk | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in chat/openattach.aspx in ReadyDesk 9.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the SESID parameter in conjunction with a filename in the FNAME parameter. | |||||
| CVE-2014-2279 | 1 Seeddms | 1 Seeddms | 2025-04-12 | 6.4 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in SeedDMS (formerly LetoDMS and MyDMS) before 4.3.4 allow (1) remote authenticated users with access to the LogManagement functionality to read arbitrary files via a .. (dot dot) in the logname parameter to out/out.LogManagement.php or (2) remote attackers to write to arbitrary files via a .. (dot dot) in the fileId parameter to op/op.AddFile2.php. NOTE: vector 2 can be leveraged to execute arbitrary code by using CVE-2014-2278. | |||||
| CVE-2016-3972 | 1 Dotcms | 1 Dotcms | 2025-04-12 | 4.0 MEDIUM | 2.7 LOW |
| Directory traversal vulnerability in the dotTailLogServlet in dotCMS before 3.5.1 allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the fileName parameter. | |||||
| CVE-2015-7254 | 1 Huawei | 3 Hg532e, Hg532n, Hg532s | 2025-04-12 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability on Huawei HG532e, HG532n, and HG532s devices allows remote attackers to read arbitrary files via a .. (dot dot) in an icon/ URI. | |||||