Total
7391 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-32163 | 1 Cmseasy | 1 Cmseasy | 2025-04-14 | N/A | 6.4 MEDIUM |
| CMSeasy 7.7.7.9 is vulnerable to code execution. | |||||
| CVE-2023-40279 | 1 Openclinic Ga Project | 1 Openclinic Ga | 2025-04-14 | N/A | 7.5 HIGH |
| An issue was discovered in OpenClinic GA 5.247.01. An attacker can perform a directory path traversal via the Page parameter in a GET request to main.do. | |||||
| CVE-2023-40280 | 1 Openclinic Ga Project | 1 Openclinic Ga | 2025-04-14 | N/A | 7.5 HIGH |
| An issue was discovered in OpenClinic GA 5.247.01. An attacker can perform a directory path traversal via the Page parameter in a GET request to popup.jsp. | |||||
| CVE-2016-5092 | 1 Fortinet | 1 Fortiweb | 2025-04-12 | 4.0 MEDIUM | 4.9 MEDIUM |
| Directory traversal vulnerability in Fortinet FortiWeb before 5.5.3 allows remote authenticated administrators with read and write privileges to read arbitrary files by leveraging the autolearn feature. | |||||
| CVE-2015-5638 | 1 Dena | 1 H20 | 2025-04-12 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in H2O before 1.4.5 and 1.5.x before 1.5.0-beta2, when the file.dir directive is enabled, allows remote attackers to read arbitrary files via a crafted URL. | |||||
| CVE-2015-7815 | 1 Matomo | 1 Matomo | 2025-04-12 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in core/ViewDataTable/Factory.php in Piwik before 2.15.0 allows remote attackers to include and execute arbitrary local files via the viewDataTable parameter. | |||||
| CVE-2014-2314 | 2 Atlassian, Microsoft | 2 Jira, Windows | 2025-04-12 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in the Issue Collector plugin in Atlassian JIRA before 6.0.4 allows remote attackers to create arbitrary files via unspecified vectors. | |||||
| CVE-2015-1365 | 1 Pixabay Images Project | 1 Pixabay Images | 2025-04-12 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress allows remote attackers to write to arbitrary files via a .. (dot dot) in the q parameter. | |||||
| CVE-2014-5370 | 1 New Atlanta | 1 Bluedragon | 2025-04-12 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in the CFChart servlet (com.naryx.tagfusion.cfm.cfchartServlet) in New Atlanta BlueDragon before 7.1.1.18527 allows remote attackers to read or possibly delete arbitrary files via a .. (dot dot) in the QUERY_STRING to cfchart.cfchart. | |||||
| CVE-2014-3865 | 1 Debian | 1 Dpkg-dev | 2025-04-12 | 6.4 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in dpkg-source in dpkg-dev 1.3.0 allow remote attackers to modify files outside of the intended directories via a source package with a crafted Index: pseudo-header in conjunction with (1) missing --- and +++ header lines or (2) a +++ header line with a blank pathname. | |||||
| CVE-2015-1192 | 1 Kgb Project | 1 Kgb | 2025-04-12 | 5.0 MEDIUM | N/A |
| Absolute path traversal vulnerability in kgb 1.0b4 allows remote attackers to write to arbitrary files via a full pathname in a crafted archive. | |||||
| CVE-2014-9372 | 1 Manageengine | 1 Password Manager Pro | 2025-04-12 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in the UploadAccountActivities servlet in ManageEngine Password Manager Pro (PMP) before 7103 allows remote attackers to delete arbitrary files via a .. (dot dot) in a filename. | |||||
| CVE-2014-9767 | 2 Hiphop Virtual Machine For Php Project, Php | 2 Hiphop Virtual Machine For Php, Php | 2025-04-12 | 4.3 MEDIUM | 4.3 MEDIUM |
| Directory traversal vulnerability in the ZipArchive::extractTo function in ext/zip/php_zip.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 and ext/zip/ext_zip.cpp in HHVM before 3.12.1 allows remote attackers to create arbitrary empty directories via a crafted ZIP archive. | |||||
| CVE-2015-2067 | 1 Magmi Project | 1 Magmi | 2025-04-12 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in web/ajax_pluginconf.php in the MAGMI (aka Magento Mass Importer) plugin for Magento Server allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | |||||
| CVE-2016-0784 | 1 Apache | 1 Openmeetings | 2025-04-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| Directory traversal vulnerability in the Import/Export System Backups functionality in Apache OpenMeetings before 3.1.1 allows remote authenticated administrators to write to arbitrary files via a .. (dot dot) in a ZIP archive entry. | |||||
| CVE-2016-2205 | 1 Symantec | 2 Workspace Streaming, Workspace Virtualization | 2025-04-12 | 6.1 MEDIUM | 5.7 MEDIUM |
| Directory traversal vulnerability in the file-download configuration file in the management console in Symantec Workspace Streaming (SWS) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 and Symantec Workspace Virtualization (SWV) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 allows remote authenticated users to read unspecified application files via unknown vectors. | |||||
| CVE-2014-3914 | 1 Rocketsoftware | 1 Rocket Servergraph | 2025-04-12 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in the Admin Center for Tivoli Storage Manager (TSM) in Rocket ServerGraph 1.2 allows remote attackers to (1) create arbitrary files via a .. (dot dot) in the query parameter in a writeDataFile action to the fileRequestor servlet, execute arbitrary files via a .. (dot dot) in the query parameter in a (2) run or (3) runClear action to the fileRequestor servlet, (4) read arbitrary files via a readDataFile action to the fileRequestor servlet, (5) execute arbitrary code via a save_server_groups action to the userRequest servlet, or (6) delete arbitrary files via a del action in the fileRequestServlet servlet. | |||||
| CVE-2016-7087 | 2 Microsoft, Vmware | 2 Windows, Horizon View | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| Directory traversal vulnerability in the Connection Server in VMware Horizon View 5.x before 5.3.7, 6.x before 6.2.3, and 7.x before 7.0.1 allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2015-4703 | 1 Rename Project | 1 Rename | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| Absolute path traversal vulnerability in mysqldump_download.php in the WordPress Rename plugin 1.0 for WordPress allows remote attackers to read arbitrary files via a full pathname in the dumpfname parameter. | |||||
| CVE-2010-5324 | 1 Novell | 1 Zenworks Configuration Management | 2025-04-12 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in UploadServlet in the Remote Management component in Novell ZENworks Configuration Management (ZCM) 10 before 10.3 allows remote attackers to execute arbitrary code via a zenworks-fileupload request with a crafted directory name in the type parameter, in conjunction with a WAR filename in the filename parameter and WAR content in the POST data, a different vulnerability than CVE-2010-5323. | |||||