Total
7432 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-2313 | 1 Anodyne-productions | 1 Simm Management System | 2025-04-11 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in Anodyne Productions SIMM Management System (SMS) 2.6.10, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter to index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2011-4880 | 1 Atvise | 1 Webmi2ads | 2025-04-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the web server in Certec atvise webMI2ADS (aka webMI) before 2.0.2 allows remote attackers to read arbitrary files via a crafted HTTP request. | |||||
| CVE-2010-4835 | 1 Oneorzero | 1 Aims | 2025-04-11 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in OneOrZero AIMS 2.6.0 Members Edition allows remote authenticated users to read arbitrary files via directory traversal sequences in the controller parameter in a show_report action. | |||||
| CVE-2012-2421 | 2 Intuit, Microsoft | 2 Quickbooks, Internet Explorer | 2025-04-11 | 1.8 LOW | N/A |
| Absolute path traversal vulnerability in the intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, might allow remote attackers to read arbitrary files in ZIP archives via a full pathname in the URI. | |||||
| CVE-2010-1474 | 2 Joomla, Supachai Teasakul | 2 Joomla\!, Com Sweetykeeper | 2025-04-11 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in the Sweety Keeper (com_sweetykeeper) component 1.5.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. | |||||
| CVE-2011-3848 | 2 Puppet, Puppetlabs | 2 Puppet, Puppet | 2025-04-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Puppet 2.6.x before 2.6.10 and 2.7.x before 2.7.4 allows remote attackers to write X.509 Certificate Signing Request (CSR) to arbitrary locations via (1) a double-encoded key parameter in the URI in 2.7.x, (2) the CN in the Subject of a CSR in 2.6 and 0.25. | |||||
| CVE-2011-4122 | 1 Freebsd | 1 Freebsd | 2025-04-11 | 6.9 MEDIUM | N/A |
| Directory traversal vulnerability in openpam_configure.c in OpenPAM before r478 on FreeBSD 8.1 allows local users to load arbitrary DSOs and gain privileges via a .. (dot dot) in the service_name argument to the pam_start function, as demonstrated by a .. in the -c option to kcheckpass. | |||||
| CVE-2012-0697 | 1 Hp | 1 Storageworks P2000 G3 Msa | 2025-04-11 | 10.0 HIGH | N/A |
| HP StorageWorks P2000 G3 MSA array systems have a default account, which makes it easier for remote attackers to perform administrative tasks via unspecified vectors, a different vulnerability than CVE-2011-4788. | |||||
| CVE-2010-1219 | 2 Com Janews, Joomla | 2 Com Janews, Joomla | 2025-04-11 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in the JA News (com_janews) component 1.0 for Joomla! allows remote attackers to read arbitrary local files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-0982 | 2 Joomla, Joomlamo | 2 Joomla\!, Com Cartweberp | 2025-04-11 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in the CARTwebERP (com_cartweberp) component 1.56.75 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. | |||||
| CVE-2011-3229 | 1 Apple | 1 Safari | 2025-04-11 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in Apple Safari before 5.1.1 allows remote attackers to execute arbitrary JavaScript code, in a Safari Extensions context, via a crafted safari-extension: URL. | |||||
| CVE-2007-6736 | 1 G.rodola | 1 Pyftpdlib | 2025-04-11 | 6.5 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in FTPServer.py in pyftpdlib before 0.2.0 allow remote authenticated users to access arbitrary files and directories via a .. (dot dot) in a (1) LIST, (2) STOR, or (3) RETR command. | |||||
| CVE-2010-5281 | 1 Net4visions | 1 Ibrowser | 2025-04-11 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in ibrowser.php in the CMScout 2.09 IBrowser TinyMCE Plugin 1.4.1, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2012-3588 | 1 Wordpress | 2 Plugin Newsletter Plugin, Wordpress | 2025-04-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in preview.php in the Plugin Newsletter plugin 1.5 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the data parameter. | |||||
| CVE-2010-1491 | 2 Joomla, Mms.pipp | 2 Joomla\!, Com Mmsblog | 2025-04-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the MMS Blog (com_mmsblog) component 2.3.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. | |||||
| CVE-2009-4645 | 1 Accellion | 1 Secure File Transfer Appliance | 2025-04-11 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in web_client_user_guide.html in Accellion Secure File Transfer Appliance before 8_0_105 allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter. | |||||
| CVE-2011-4788 | 1 Hp | 3 Storageworks P2000 G3 Msa Fc\/iscsi Dual Combo Controller Lff Array System, Storageworks P2000 G3 Msa Fibre Channel Dual Controller Lff Array System, Storageworks P2000 G3 Msa Fibre Channel Dual Controller Sff Array System | 2025-04-11 | 7.8 HIGH | N/A |
| Absolute path traversal vulnerability in the web interface on HP StorageWorks P2000 G3 MSA array systems allows remote attackers to read arbitrary files via a pathname in the URI. | |||||
| CVE-2013-4315 | 1 Djangoproject | 1 Django | 2025-04-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Django 1.4.x before 1.4.7, 1.5.x before 1.5.3, and 1.6.x before 1.6 beta 3 allows remote attackers to read arbitrary files via a file path in the ALLOWED_INCLUDE_ROOTS setting followed by a .. (dot dot) in a ssi template tag. | |||||
| CVE-2014-0830 | 1 Ibm | 1 Financial Transaction Manager | 2025-04-11 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in the table-export implementation in the OAC component in IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 and 2.1 before 2.1.0.1 allows remote authenticated users to read arbitrary files via a modified pathname. | |||||
| CVE-2010-0926 | 1 Samba | 1 Samba | 2025-04-11 | 3.5 LOW | N/A |
| The default configuration of smbd in Samba before 3.3.11, 3.4.x before 3.4.6, and 3.5.x before 3.5.0rc3, when a writable share exists, allows remote authenticated users to leverage a directory traversal vulnerability, and access arbitrary files, by using the symlink command in smbclient to create a symlink containing .. (dot dot) sequences, related to the combination of the unix extensions and wide links options. | |||||