Total
7284 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-1807 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | 3.5 LOW | N/A |
| Directory traversal vulnerability in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with certain permissions to read arbitrary files via a symlink, related to building artifacts. | |||||
| CVE-2014-7866 | 1 Zohocorp | 3 Manageengine It360, Manageengine Opmanager, Manageengine Social It Plus | 2025-04-12 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in ZOHO ManageEngine OpManager 8 (build 88xx) through 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allow remote attackers or remote authenticated users to write and execute arbitrary files via a .. (dot dot) in the (1) fileName parameter to the MigrateLEEData servlet or (2) zipFileName parameter in a downloadFileFromProbe operation to the MigrateCentralData servlet. | |||||
| CVE-2014-5319 | 1 S-link | 1 Slfilemanager | 2025-04-12 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in the S-Link SLFileManager application 1.2.5 and earlier for Android allows remote attackers to write to files via unspecified vectors. | |||||
| CVE-2015-7603 | 1 Konicaminolta | 1 Ftp Utility | 2025-04-12 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in Konica Minolta FTP Utility 1.0 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in a RETR command. | |||||
| CVE-2016-8343 | 1 Indasengineering | 1 Web Scada | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in INDAS Web SCADA before 3 allows remote attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2012-4920 | 2 Wordpress, Zingiri | 2 Wordpress, Forums | 2025-04-12 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the zing_forum_output function in forum.php in the Zingiri Forum (aka Forums) plugin before 1.4.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter to index.php. | |||||
| CVE-2016-10039 | 1 Modx | 1 Modx Revolution | 2025-04-12 | 7.5 HIGH | 7.3 HIGH |
| Directory traversal in /connectors/index.php in MODX Revolution before 2.5.2-pl allows remote attackers to perform local file inclusion/traversal/manipulation via a crafted dir parameter, related to browser/directory/getfiles. | |||||
| CVE-2013-3004 | 1 Ibm | 1 Tivoli Application Dependency Discovery Manager | 2025-04-12 | 3.5 LOW | N/A |
| Directory traversal vulnerability in BIRT-Report Viewer in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.x and 7.2.x before 7.2.1.5 allows remote authenticated users to read arbitrary files via unspecified vectors. | |||||
| CVE-2014-8659 | 1 Sap | 1 Environment Health And Safety | 2025-04-12 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in SAP Environment, Health, and Safety allows remote attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2015-4425 | 1 Pimcore | 1 Pimcore | 2025-04-12 | 4.9 MEDIUM | N/A |
| Directory traversal vulnerability in pimcore before build 3473 allows remote authenticated users with the "assets" permission to create or write to arbitrary files via a .. (dot dot) in the dir parameter to admin/asset/add-asset-compatibility. | |||||
| CVE-2014-4690 | 1 Netgate | 1 Pfsense | 2025-04-12 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in pfSense before 2.1.4 allow (1) remote attackers to read arbitrary .info files via a crafted path in the pkg parameter to pkg_mgr_install.php and allow (2) remote authenticated users to read arbitrary files via the downloadbackup parameter to system_firmware_restorefullbackup.php. | |||||
| CVE-2014-6155 | 1 Ibm | 1 Websphere Service Registry And Repository | 2025-04-12 | 4.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in the ServiceRegistry UI in IBM WebSphere Service Registry and Repository (WSRR) 7.5.x through 7.5.0.4, 8.0.x before 8.0.0.3, and 8.5.x before 8.5.0.1 allow remote authenticated users to read arbitrary files via unspecified vectors. | |||||
| CVE-2014-6037 | 1 Zohocorp | 1 Manageengine Eventlog Analyzer | 2025-04-12 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in the agentUpload servlet in ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020 allows remote attackers to execute arbitrary code by uploading a ZIP file which contains an executable file with .. (dot dot) sequences in its name, then accessing the executable via a direct request to the file under the web root. Fixed in Build 11072. | |||||
| CVE-2014-5393 | 1 Sos | 1 Jobscheduler | 2025-04-12 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in the JobScheduler Operations Center (JOC) in SOS JobScheduler before 1.6.4246 and 1.7.x before 1.7.4241 allows remote authenticated users with the info permission to read arbitrary files in the webroot via unspecified vectors. | |||||
| CVE-2015-1589 | 1 Archmage Project | 1 Archmage | 2025-04-12 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in arCHMage 0.2.4 allows remote attackers to write to arbitrary files via a .. (dot dot) in a CHM file. | |||||
| CVE-2014-1842 | 1 Southrivertech | 1 Titan Ftp Server | 2025-04-12 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to list all usernames via a Go action with a .. (dot dot) in the search-bar value. | |||||
| CVE-2014-2864 | 1 Paperthin | 1 Commonspot Content Server | 2025-04-12 | 10.0 HIGH | N/A |
| Multiple directory traversal vulnerabilities in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allow remote attackers to have an unspecified impact via a filename parameter containing directory traversal sequences. | |||||
| CVE-2016-1593 | 1 Novell | 1 Service Desk | 2025-04-12 | 6.5 MEDIUM | 7.2 HIGH |
| Directory traversal vulnerability in the import users feature in Micro Focus Novell Service Desk before 7.2 allows remote authenticated administrators to upload and execute arbitrary JSP files via a .. (dot dot) in a filename within a multipart/form-data POST request to a LiveTime.woa URL. | |||||
| CVE-2014-4306 | 1 Webtitan | 1 Webtitan | 2025-04-12 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in logs-x.php in WebTitan before 4.04 allows remote attackers to read arbitrary files via a .. (dot dot) in the logfile parameter in a download action. | |||||
| CVE-2015-0779 | 1 Novell | 1 Zenworks Configuration Management | 2025-04-12 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in UploadServlet in Novell ZENworks Configuration Management (ZCM) 10 and 11 before 11.3.2 allows remote attackers to execute arbitrary code via a crafted directory name in the uid parameter, in conjunction with a WAR filename in the filename parameter and WAR content in the POST data, a different vulnerability than CVE-2010-5323 and CVE-2010-5324. | |||||