Total
7268 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-5970 | 1 Ibm | 1 Security Privileged Identity Manager Virtual Appliance | 2025-04-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| Directory traversal vulnerability in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URL. | |||||
| CVE-2015-4031 | 1 Visualmining | 1 Netcharts Server | 2025-04-12 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in saveFile.jsp in the development installation in Visual Mining NetChart allows remote attackers to write to arbitrary files via unspecified vectors. | |||||
| CVE-2014-8360 | 1 Glpi-project | 1 Glpi | 2025-04-12 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in inc/autoload.function.php in GLPI before 0.84.8 allows remote attackers to include and execute arbitrary local files via a .._ (dot dot underscore) in an item type to the getItemForItemtype, as demonstrated by the itemtype parameter in ajax/common.tabs.php. | |||||
| CVE-2014-9461 | 1 Reality66 | 1 Cart66 Lite | 2025-04-12 | 3.5 LOW | N/A |
| Directory traversal vulnerability in models/Cart66.php in the Cart66 Lite plugin before 1.5.4 for WordPress allows remote authenticated users to read arbitrary files via a .. (dot dot) in the member_download action to wp-admin/admin-ajax.php. | |||||
| CVE-2016-0784 | 1 Apache | 1 Openmeetings | 2025-04-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| Directory traversal vulnerability in the Import/Export System Backups functionality in Apache OpenMeetings before 3.1.1 allows remote authenticated administrators to write to arbitrary files via a .. (dot dot) in a ZIP archive entry. | |||||
| CVE-2014-100002 | 1 Zohocorp | 1 Manageengine Supportcenter Plus | 2025-04-12 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in ManageEngine SupportCenter Plus 7.9 before 7917 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the attach parameter to WorkOrder.do in the file attachment for a new ticket. | |||||
| CVE-2015-5149 | 1 Zohocorp | 1 Manageengine Supportcenter Plus | 2025-04-12 | 5.5 MEDIUM | N/A |
| Directory traversal vulnerability in Zoho ManageEngine SupportCenter Plus 7.90 allows remote authenticated users to write to arbitrary files via a .. (dot dot) in the component parameter in the Request component to workorder/Attachment.jsp. | |||||
| CVE-2014-4910 | 1 X | 1 Xf86-video-intel | 2025-04-12 | 4.6 MEDIUM | N/A |
| Directory traversal vulnerability in tools/backlight_helper.c in X.Org xf86-video-intel 2.99.911 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the interface name. | |||||
| CVE-2015-7907 | 1 Honeywell | 2 Midas Black Firmware, Midas Firmware | 2025-04-12 | 6.4 MEDIUM | 8.6 HIGH |
| Directory traversal vulnerability in the web server on Honeywell Midas gas detectors before 1.13b3 and Midas Black gas detectors before 2.13b3 allows remote attackers to bypass authentication, and write to a configuration file or trigger a calibration or test, via unspecified vectors. | |||||
| CVE-2014-3127 | 1 Debian | 1 Dpkg | 2025-04-12 | 7.1 HIGH | N/A |
| dpkg 1.15.9 on Debian squeeze introduces support for the "C-style encoded filenames" feature without recognizing that the squeeze patch program lacks this feature, which triggers an interaction error that allows remote attackers to conduct directory traversal attacks and modify files outside of the intended directories via a crafted source package. NOTE: this can be considered a release engineering problem in the effort to fix CVE-2014-0471. | |||||
| CVE-2015-5766 | 1 Apple | 1 Iphone Os | 2025-04-12 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Air Traffic in Apple iOS before 8.4.1 allows attackers to access arbitrary filesystem locations via vectors related to asset handling. | |||||
| CVE-2014-2611 | 1 Hp | 1 Executive Scorecard | 2025-04-12 | 9.0 HIGH | N/A |
| Directory traversal vulnerability in the fndwar web application in HP Executive Scorecard 9.40 and 9.41 allows remote authenticated users to execute arbitrary code, or obtain sensitive information or delete data, via unspecified vectors, aka ZDI-CAN-2120. | |||||
| CVE-2014-8019 | 1 Cisco | 1 Enterprise Content Delivery System | 2025-04-12 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Cisco Enterprise Content Delivery System (ECDS) allows remote attackers to read arbitrary files via a crafted URL, aka Bug ID CSCuo90148. | |||||
| CVE-2014-2279 | 1 Seeddms | 1 Seeddms | 2025-04-12 | 6.4 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in SeedDMS (formerly LetoDMS and MyDMS) before 4.3.4 allow (1) remote authenticated users with access to the LogManagement functionality to read arbitrary files via a .. (dot dot) in the logname parameter to out/out.LogManagement.php or (2) remote attackers to write to arbitrary files via a .. (dot dot) in the fileId parameter to op/op.AddFile2.php. NOTE: vector 2 can be leveraged to execute arbitrary code by using CVE-2014-2278. | |||||
| CVE-2014-2846 | 1 Westerndigital | 1 Arkeia Virtual Appliance Firmware | 2025-04-12 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in opt/arkeia/wui/htdocs/index.php in the WD Arkeia virtual appliance (AVA) with firmware before 10.2.9 allows remote attackers to read arbitrary files and execute arbitrary PHP code via a ..././ (dot dot dot slash dot slash) in the lang Cookie parameter, as demonstrated by a request to login/doLogin. | |||||
| CVE-2014-2626 | 1 Hp | 1 Network Virtualization | 2025-04-12 | 9.4 HIGH | N/A |
| Directory traversal vulnerability in the toServerObject function in HP Network Virtualization 8.6 (aka Shunra Network Virtualization) allows remote attackers to create files, and consequently execute arbitrary code, via crafted input, aka ZDI-CAN-2024. | |||||
| CVE-2014-1442 | 1 Coreftp | 1 Core Ftp | 2025-04-12 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in Core FTP Server 1.2 before build 515 allows remote authenticated users to determine the existence of arbitrary files via a /../ sequence in an XCRC command. | |||||
| CVE-2015-1550 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-04-12 | 9.0 HIGH | N/A |
| Directory traversal vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allows remote administrators to execute arbitrary files via unspecified vectors. | |||||
| CVE-2013-6303 | 1 Ibm | 1 Algo One | 2025-04-12 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated users to read arbitrary files via unspecified vectors. | |||||
| CVE-2014-9767 | 2 Hiphop Virtual Machine For Php Project, Php | 2 Hiphop Virtual Machine For Php, Php | 2025-04-12 | 4.3 MEDIUM | 4.3 MEDIUM |
| Directory traversal vulnerability in the ZipArchive::extractTo function in ext/zip/php_zip.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 and ext/zip/ext_zip.cpp in HHVM before 3.12.1 allows remote attackers to create arbitrary empty directories via a crafted ZIP archive. | |||||