Total
7417 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-4511 | 1 Docsys Project | 1 Docsys | 2025-04-14 | 5.3 Medium |
| A vulnerability has been found in RainyGao DocSys and classified as critical. Affected by this vulnerability is an unknown functionality of the component com.DocSystem.controller.UserController#getUserImg. The manipulation leads to path traversal: '../filedir'. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-215851. | ||||
| CVE-2024-34315 | 1 Cmseasy | 1 Cmseasy | 2025-04-14 | 7.5 High |
| CmsEasy v7.7.7.9 was discovered to contain a local file inclusion vunerability via the file_get_contents function in the fckedit_action method of /admin/template_admin.php. This vulnerability allows attackers to read arbitrary files. | ||||
| CVE-2024-32163 | 1 Cmseasy | 1 Cmseasy | 2025-04-14 | 6.4 Medium |
| CMSeasy 7.7.7.9 is vulnerable to code execution. | ||||
| CVE-2023-40279 | 2 Openclinic, Openclinic Ga Project | 2 Ga, Openclinic Ga | 2025-04-14 | 7.5 High |
| An issue was discovered in OpenClinic GA 5.247.01. An attacker can perform a directory path traversal via the Page parameter in a GET request to main.do. | ||||
| CVE-2023-40280 | 1 Openclinic Ga Project | 1 Openclinic Ga | 2025-04-14 | 7.5 High |
| An issue was discovered in OpenClinic GA 5.247.01. An attacker can perform a directory path traversal via the Page parameter in a GET request to popup.jsp. | ||||
| CVE-2016-6370 | 1 Cisco | 1 Hosted Collaboration Mediation Fulfillment | 2025-04-12 | N/A |
| Directory traversal vulnerability in the web interface in Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) 10.6(3) and earlier allows remote authenticated users to read arbitrary files via a crafted pathname in an HTTP request, aka Bug ID CSCuz27255. | ||||
| CVE-2016-6371 | 1 Cisco | 1 Hosted Collaboration Mediation Fulfillment | 2025-04-12 | N/A |
| Directory traversal vulnerability in the web interface in Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) 10.6(3) and earlier allows remote attackers to write to arbitrary files via a crafted URL, aka Bug ID CSCuz64717. | ||||
| CVE-2016-6321 | 1 Gnu | 1 Tar | 2025-04-12 | N/A |
| Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER. | ||||
| CVE-2016-6614 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-12 | N/A |
| An issue was discovered in phpMyAdmin involving the %u username replacement functionality of the SaveDir and UploadDir features. When the username substitution is configured, a specially-crafted user name can be used to circumvent restrictions to traverse the file system. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. | ||||
| CVE-2016-6138 | 1 Sap | 1 Trex | 2025-04-12 | N/A |
| Directory traversal vulnerability in SAP TREX 7.10 Revision 63 allows remote attackers to read arbitrary files via unspecified vectors, aka SAP Security Note 2203591. | ||||
| CVE-2016-6232 | 2 Canonical, Kde | 2 Ubuntu Linux, Karchives | 2025-04-12 | N/A |
| Directory traversal vulnerability in KArchive before 5.24, as used in KDE Frameworks, allows remote attackers to write to arbitrary files via a ../ (dot dot slash) in a filename in an archive file, related to KNewsstuff downloads. | ||||
| CVE-2016-6023 | 1 Ibm | 1 Sterling Secure Proxy | 2025-04-12 | N/A |
| Directory traversal vulnerability in the Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows remote attackers to read arbitrary files via a crafted URL. | ||||
| CVE-2016-6038 | 1 Ibm | 1 Aix | 2025-04-12 | N/A |
| Directory traversal vulnerability in Eclipse Help in IBM Tivoli Lightweight Infrastructure (aka LWI), as used in AIX 5.3, 6.1, and 7.1, allows remote authenticated users to read arbitrary files via a crafted URL. | ||||
| CVE-2016-5765 | 1 Microfocus | 4 Host Access Management And Security Server, Reflection For The Web, Reflection Security Gateway and 1 more | 2025-04-12 | N/A |
| Administrative Server in Micro Focus Host Access Management and Security Server (MSS) and Reflection for the Web (RWeb) and Reflection Security Gateway (RSG) and Reflection ZFE (ZFE) allows remote unauthenticated attackers to read arbitrary files via a specially crafted URL that allows limited directory traversal. Applies to MSS 12.3 before 12.3.326 and MSS 12.2 before 12.2.342 and RSG 12.1 before 12.1.362 and RWeb 12.3 before 12.3.312 and RWeb 12.2 before 12.2.342 and RWeb 12.1 before 12.1.362 and ZFE 2.0.1 before 2.0.1.18 and ZFE 2.0.0 before 2.0.0.52 and ZFE 1.4.0 before 1.4.0.14. | ||||
| CVE-2016-5639 | 1 Crestron | 2 Airmedia Am-100, Airmedia Am-100 Firmware | 2025-04-12 | N/A |
| Directory traversal vulnerability in cgi-bin/login.cgi on Crestron AirMedia AM-100 devices with firmware before 1.4.0.13 allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter. | ||||
| CVE-2016-5664 | 1 Accellion | 1 Kiteworks Appliance | 2025-04-12 | N/A |
| Directory traversal vulnerability on Accellion Kiteworks appliances before kw2016.03.00 allows remote attackers to read files via a crafted URI. | ||||
| CVE-2016-5418 | 3 Libarchive, Oracle, Redhat | 11 Libarchive, Linux, Enterprise Linux and 8 more | 2025-04-12 | N/A |
| The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file. | ||||
| CVE-2016-5307 | 1 Symantec | 1 Endpoint Protection Manager | 2025-04-12 | N/A |
| Directory traversal vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to read arbitrary files in the web-root directory tree via unspecified vectors. | ||||
| CVE-2016-5098 | 2 Opensuse, Phpmyadmin | 2 Opensuse, Phpmyadmin | 2025-04-12 | N/A |
| Directory traversal vulnerability in libraries/error_report.lib.php in phpMyAdmin before 4.6.2-prerelease allows remote attackers to determine the existence of arbitrary files by triggering an error. | ||||
| CVE-2016-5332 | 1 Vmware | 1 Vrealize Log Insight | 2025-04-12 | N/A |
| Directory traversal vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.6.0 allows remote attackers to read arbitrary files via unspecified vectors. | ||||