Total
7410 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-1434 | 1 Cisco | 2 Ip Phone 8800, Ip Phone 8800 Series Firmware | 2025-04-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| The license-certificate upload functionality on Cisco 8800 phones with software 11.0(1) allows remote authenticated users to delete arbitrary files via an invalid file, aka Bug ID CSCuz03010. | |||||
| CVE-2015-4641 | 2 Samsung, Swiftkey | 5 Galaxy S4, Galaxy S4 Mini, Galaxy S5 and 2 more | 2025-04-12 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in the SwiftKey language-pack update implementation on Samsung Galaxy S4, S4 Mini, S5, and S6 devices allows remote web servers to write to arbitrary files, and consequently execute arbitrary code in a privileged context, by leveraging control of the skslm.swiftkey.net domain name and providing a .. (dot dot) in an entry in a ZIP archive, as demonstrated by a traversal to the /data/dalvik-cache directory. | |||||
| CVE-2016-6038 | 1 Ibm | 1 Aix | 2025-04-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| Directory traversal vulnerability in Eclipse Help in IBM Tivoli Lightweight Infrastructure (aka LWI), as used in AIX 5.3, 6.1, and 7.1, allows remote authenticated users to read arbitrary files via a crafted URL. | |||||
| CVE-2015-1884 | 1 Ibm | 2 Business Process Manager, Websphere | 2025-04-12 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 and WebSphere Lombardi Edition (WLE) 7.2 through 7.2.0.5 allows remote authenticated users to read arbitrary files via a crafted internationalization-file URL. | |||||
| CVE-2014-8659 | 1 Sap | 1 Environment Health And Safety | 2025-04-12 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in SAP Environment, Health, and Safety allows remote attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2014-3806 | 1 Vmturbo | 1 Operations Manager | 2025-04-12 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in cgi-bin/help/doIt.cgi in VMTurbo Operations Manager before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the xml_path parameter. | |||||
| CVE-2014-8961 | 2 Opensuse, Phpmyadmin | 2 Opensuse, Phpmyadmin | 2025-04-12 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in libraries/error_report.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users to obtain potentially sensitive information about a file's line count via a crafted parameter. | |||||
| CVE-2016-5307 | 1 Symantec | 1 Endpoint Protection Manager | 2025-04-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| Directory traversal vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to read arbitrary files in the web-root directory tree via unspecified vectors. | |||||
| CVE-2015-5766 | 1 Apple | 1 Iphone Os | 2025-04-12 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Air Traffic in Apple iOS before 8.4.1 allows attackers to access arbitrary filesystem locations via vectors related to asset handling. | |||||
| CVE-2015-2970 | 1 Lemon-s Php | 1 Simple Oekaki | 2025-04-12 | 6.4 MEDIUM | N/A |
| index.php in LEMON-S PHP Simple Oekaki BBS before 1.21 allows remote attackers to delete arbitrary files via the oekakis parameter. | |||||
| CVE-2013-6303 | 1 Ibm | 1 Algo One | 2025-04-12 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated users to read arbitrary files via unspecified vectors. | |||||
| CVE-2015-2971 | 1 Seeds | 1 Acmailer | 2025-04-12 | 5.5 MEDIUM | N/A |
| Directory traversal vulnerability in Seeds acmailer before 3.8.18 and 3.9.x before 3.9.12 Beta allows remote authenticated users to delete arbitrary files via a crafted string. | |||||
| CVE-2014-9389 | 1 Sonatype | 1 Nexus | 2025-04-12 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in Sonatype Nexus OSS and Pro before 2.11.1-01 allows remote attackers to read or write to arbitrary files via unspecified vectors. | |||||
| CVE-2013-5984 | 1 Microweber | 1 Microweber | 2025-04-12 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in userfiles/modules/admin/backup/delete.php in Microweber before 0.830 allows remote attackers to delete arbitrary files via a .. (dot dot) in the file parameter. | |||||
| CVE-2014-9734 | 1 Themepunch | 1 Slider Revolution | 2025-04-12 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the Slider Revolution (revslider) plugin before 4.2 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter in a revslider_show_image action to wp-admin/admin-ajax.php. | |||||
| CVE-2014-8727 | 1 F5 | 1 Big-ip Local Traffic Manager | 2025-04-12 | 6.2 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in F5 BIG-IP before 10.2.2 allow local users with the "Resource Administrator" or "Administrator" role to enumerate and delete arbitrary files via a .. (dot dot) in the name parameter to (1) tmui/Control/jspmap/tmui/system/archive/properties.jsp or (2) tmui/Control/form. | |||||
| CVE-2014-2846 | 1 Westerndigital | 1 Arkeia Virtual Appliance Firmware | 2025-04-12 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in opt/arkeia/wui/htdocs/index.php in the WD Arkeia virtual appliance (AVA) with firmware before 10.2.9 allows remote attackers to read arbitrary files and execute arbitrary PHP code via a ..././ (dot dot dot slash dot slash) in the lang Cookie parameter, as demonstrated by a request to login/doLogin. | |||||
| CVE-2014-4384 | 1 Apple | 1 Iphone Os | 2025-04-12 | 1.9 LOW | N/A |
| Directory traversal vulnerability in the App Installation feature in Apple iOS before 8 allows local users to install unverified apps by triggering code-signature validation of an unintended bundle. | |||||
| CVE-2014-1970 | 2 Estrongs, Google | 2 Es File Explorer, Android | 2025-04-12 | 5.8 MEDIUM | N/A |
| Directory traversal vulnerability in the ES File Explorer File Manager application before 3.0.4 for Android allows remote attackers to overwrite or create arbitrary files via unspecified vectors. | |||||
| CVE-2014-9375 | 1 Lexmark | 1 Markvision Enterprise | 2025-04-12 | 9.0 HIGH | N/A |
| Directory traversal vulnerability in the LibraryFileUploadServlet servlet in Lexmark Markvision Enterprise allows remote authenticated users to write to and execute arbitrary files via a .. (dot dot) in a file path in a ZIP archive. | |||||