Total
7313 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-10010 | 1 Phpjabbers | 1 Appointment Scheduler | 2025-04-12 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in PHPJabbers Appointment Scheduler 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter in a pjActionDownload action to the pjBackup controller. | |||||
| CVE-2015-4988 | 1 Ibm | 1 Tealeaf Customer Experience | 2025-04-12 | 7.8 HIGH | 8.6 HIGH |
| Directory traversal vulnerability in the replay server in IBM Tealeaf Customer Experience before 8.7.1.8818, 8.8 before 8.8.0.9026, 9.0.0, 9.0.0A, 9.0.1 before 9.0.1.1083, 9.0.1A before 9.0.1.5073, 9.0.2 before 9.0.2.1095, and 9.0.2A before 9.0.2.5144 allows remote attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2015-5531 | 1 Elasticsearch | 1 Elasticsearch | 2025-04-12 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Elasticsearch before 1.6.1 allows remote attackers to read arbitrary files via unspecified vectors related to snapshot API calls. | |||||
| CVE-2016-2205 | 1 Symantec | 2 Workspace Streaming, Workspace Virtualization | 2025-04-12 | 6.1 MEDIUM | 5.7 MEDIUM |
| Directory traversal vulnerability in the file-download configuration file in the management console in Symantec Workspace Streaming (SWS) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 and Symantec Workspace Virtualization (SWV) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 allows remote authenticated users to read unspecified application files via unknown vectors. | |||||
| CVE-2012-1669 | 1 Phpmoneybooks | 1 Phpmoneybooks | 2025-04-12 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in phpMoneyBooks before 1.0.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module parameter. | |||||
| CVE-2015-0016 | 1 Microsoft | 8 Windows 7, Windows 8, Windows 8.1 and 5 more | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
| Directory traversal vulnerability in the TS WebProxy (aka TSWbPrxy) component in Microsoft Windows Vista SP2, Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to gain privileges via a crafted pathname in an executable file, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Directory Traversal Elevation of Privilege Vulnerability." | |||||
| CVE-2015-7250 | 1 Zte | 2 Zxhn H108n R1a, Zxhn H108n R1a Firmware | 2025-04-12 | 7.8 HIGH | 7.5 HIGH |
| Absolute path traversal vulnerability in cgi-bin/webproc on ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allows remote attackers to read arbitrary files via a full pathname in the getpage parameter. | |||||
| CVE-2016-5332 | 1 Vmware | 1 Vrealize Log Insight | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| Directory traversal vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.6.0 allows remote attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2013-2619 | 1 Aspen | 1 Aspen | 2025-04-12 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Aspen before 0.22 allows remote attackers to read arbitrary files via a .. (dot dot) to the default URI. | |||||
| CVE-2015-0665 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2025-04-12 | 6.6 MEDIUM | N/A |
| The Hostscan module in Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local users to write to arbitrary files via crafted IPC messages, aka Bug ID CSCus79173. | |||||
| CVE-2016-9878 | 2 Pivotal Software, Vmware | 2 Spring Framework, Spring Framework | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks. | |||||
| CVE-2014-8799 | 1 Dukapress | 1 Dukapress | 2025-04-12 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the dp_img_resize function in php/dp-functions.php in the DukaPress plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter to lib/dp_image.php. | |||||
| CVE-2013-6221 | 1 Hp | 1 Service Virtualization | 2025-04-12 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in CommunicationServlet in HP Service Virtualization 3.x before 3.50.1, when the AutoPass license server is enabled, allows remote attackers to create arbitrary files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-2031. | |||||
| CVE-2014-2059 | 1 Jenkins | 1 Jenkins | 2025-04-12 | 6.5 MEDIUM | N/A |
| Directory traversal vulnerability in the CLI job creation (hudson/cli/CreateJobCommand.java) in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to overwrite arbitrary files via the job name. | |||||
| CVE-2013-2039 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-12 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in lib/files/view.php in ownCloud before 4.0.15, 4.5.x 4.5.11, and 5.x before 5.0.6 allows remote authenticated users to access arbitrary files via unspecified vectors. | |||||
| CVE-2015-3035 | 1 Tp-link | 26 Archer C5 \(1.2\), Archer C5 \(1.2\) Firmware, Archer C7 \(2.0\) and 23 more | 2025-04-12 | 7.8 HIGH | 7.5 HIGH |
| Directory traversal vulnerability in TP-LINK Archer C5 (1.2) with firmware before 150317, C7 (2.0) with firmware before 150304, and C8 (1.0) with firmware before 150316, Archer C9 (1.0), TL-WDR3500 (1.0), TL-WDR3600 (1.0), and TL-WDR4300 (1.0) with firmware before 150302, TL-WR740N (5.0) and TL-WR741ND (5.0) with firmware before 150312, and TL-WR841N (9.0), TL-WR841N (10.0), TL-WR841ND (9.0), and TL-WR841ND (10.0) with firmware before 150310 allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to login/. | |||||
| CVE-2014-2732 | 1 Siemens | 1 Sinema Server | 2025-04-12 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in the integrated web server in Siemens SINEMA Server before 12 SP1 allow remote attackers to access arbitrary files via HTTP traffic to port (1) 4999 or (2) 80. | |||||
| CVE-2015-3939 | 1 Ids | 3 Ids Rtu 850c, Nc854, Nc856 | 2025-04-12 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in the NC854 and NC856 modules for IDS RTU 850C devices allows remote authenticated users to read arbitrary files via unspecified vectors involving an internal web server, as demonstrated by reading a TELNET credentials file. | |||||
| CVE-2015-5174 | 3 Apache, Canonical, Debian | 3 Tomcat, Ubuntu Linux, Debian Linux | 2025-04-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory. | |||||
| CVE-2015-2966 | 1 Droidwareuk | 1 Explorer\+ File Manager | 2025-04-12 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in the Droidware UK Explorer+ File Manager application before 2.3.3 for Android allows remote attackers to write to arbitrary files via unspecified vectors. | |||||