Total
7200 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-5305 | 1 Redhat | 1 Openshift | 2025-04-12 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in Kubernetes, as used in Red Hat OpenShift Enterprise 3.0, allows attackers to write to arbitrary files via a crafted object type name, which is not properly handled before passing it to etcd. | |||||
| CVE-2014-6035 | 1 Zohocorp | 1 Manageengine Opmanager | 2025-04-12 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in the FileCollector servlet in ZOHO ManageEngine OpManager 11.4, 11.3, and earlier allows remote attackers to write and execute arbitrary files via a .. (dot dot) in the FILENAME parameter. | |||||
| CVE-2014-1836 | 1 Impresscms | 1 Impresscms | 2025-04-12 | 6.4 MEDIUM | N/A |
| Absolute path traversal vulnerability in htdocs/libraries/image-editor/image-edit.php in ImpressCMS before 1.3.6 allows remote attackers to delete arbitrary files via a full pathname in the image_path parameter in a cancel action. | |||||
| CVE-2015-0666 | 1 Cisco | 1 Prime Data Center Network Manager | 2025-04-12 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in the fmserver servlet in Cisco Prime Data Center Network Manager (DCNM) before 7.1(1) allows remote attackers to read arbitrary files via a crafted pathname, aka Bug ID CSCus00241. | |||||
| CVE-2015-2166 | 1 Ericsson | 1 Drutt Mobile Service Delivery Platform | 2025-04-12 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the Instance Monitor in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, and 6 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the default URI. | |||||
| CVE-2014-0780 | 1 Indusoft | 1 Web Studio | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| Directory traversal vulnerability in NTWebServer in InduSoft Web Studio 7.1 before SP2 Patch 4 allows remote attackers to read administrative passwords in APP files, and consequently execute arbitrary code, via unspecified web requests. | |||||
| CVE-2015-4414 | 1 Se Html5 Album Audio Player Project | 1 Se Html5 Album Audio Player | 2025-04-12 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in download_audio.php in the SE HTML5 Album Audio Player (se-html5-album-audio-player) plugin 1.1.0 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | |||||
| CVE-2013-5757 | 1 Yealink | 1 Sip-t38g | 2025-04-12 | 4.0 MEDIUM | N/A |
| Absolute path traversal vulnerability in Yealink VoIP Phone SIP-T38G allows remote authenticated users to read arbitrary files via a full pathname in the dumpConfigFile function in the command parameter to cgi-bin/cgiServer.exx. | |||||
| CVE-2016-6232 | 2 Canonical, Kde | 2 Ubuntu Linux, Karchives | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in KArchive before 5.24, as used in KDE Frameworks, allows remote attackers to write to arbitrary files via a ../ (dot dot slash) in a filename in an archive file, related to KNewsstuff downloads. | |||||
| CVE-2014-2059 | 1 Jenkins | 1 Jenkins | 2025-04-12 | 6.5 MEDIUM | N/A |
| Directory traversal vulnerability in the CLI job creation (hudson/cli/CreateJobCommand.java) in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to overwrite arbitrary files via the job name. | |||||
| CVE-2014-0820 | 1 Cybozu | 1 Garoon | 2025-04-12 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in the download feature in Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 allows remote authenticated users to read arbitrary files via unspecified vectors. | |||||
| CVE-2014-1843 | 1 Southrivertech | 1 Titan Ftp Server | 2025-04-12 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to obtain the property information of an arbitrary home folder via a Properties action with a .. (dot dot) in the src parameter. | |||||
| CVE-2013-2619 | 1 Aspen | 1 Aspen | 2025-04-12 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Aspen before 0.22 allows remote attackers to read arbitrary files via a .. (dot dot) to the default URI. | |||||
| CVE-2013-5639 | 1 Raoul Proenca | 1 Gnew | 2025-04-12 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in users/login.php in Gnew 2013.1 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the gnew_language cookie. | |||||
| CVE-2016-5664 | 1 Accellion | 1 Kiteworks Appliance | 2025-04-12 | 5.0 MEDIUM | 4.3 MEDIUM |
| Directory traversal vulnerability on Accellion Kiteworks appliances before kw2016.03.00 allows remote attackers to read files via a crafted URI. | |||||
| CVE-2015-1398 | 1 Magento | 1 Magento | 2025-04-12 | 6.5 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 allow remote authenticated users to include and execute certain PHP files via (1) .. (dot dot) sequences in the PATH_INFO to index.php or (2) vectors involving a block value in the ___directive parameter to the Cms_Wysiwyg controller in the Adminhtml module, related to the blockDirective function and the auto loading mechanism. NOTE: vector 2 might not cross privilege boundaries, since administrators might already have the privileges to execute code and upload files. | |||||
| CVE-2014-5319 | 1 S-link | 1 Slfilemanager | 2025-04-12 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in the S-Link SLFileManager application 1.2.5 and earlier for Android allows remote attackers to write to files via unspecified vectors. | |||||
| CVE-2014-1222 | 1 Vtiger | 1 Vtiger Crm | 2025-04-12 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in kcfinder/browse.php in Vtiger CRM before 6.0.0 Security patch 1 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter in a download action. NOTE: it is likely that this issue is actually in the KCFinder third-party component, and it affects additional products besides Vtiger CRM. | |||||
| CVE-2015-1193 | 1 Pax Project | 1 Pax | 2025-04-12 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in pax 1:20140703 allow remote attackers to write to arbitrary files via a (1) full pathname or (2) .. (dot dot) in an archive. | |||||
| CVE-2014-4941 | 1 Cross-rss Plugin Project | 1 Wp-cross-rss | 2025-04-12 | 5.0 MEDIUM | N/A |
| Absolute path traversal vulnerability in Cross-RSS (wp-cross-rss) plugin 1.7 for WordPress allows remote attackers to read arbitrary files via a full pathname in the rss parameter to proxy.php. | |||||