Total
7417 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-6232 | 2 Canonical, Kde | 2 Ubuntu Linux, Karchives | 2025-04-12 | N/A |
| Directory traversal vulnerability in KArchive before 5.24, as used in KDE Frameworks, allows remote attackers to write to arbitrary files via a ../ (dot dot slash) in a filename in an archive file, related to KNewsstuff downloads. | ||||
| CVE-2016-5765 | 1 Microfocus | 4 Host Access Management And Security Server, Reflection For The Web, Reflection Security Gateway and 1 more | 2025-04-12 | N/A |
| Administrative Server in Micro Focus Host Access Management and Security Server (MSS) and Reflection for the Web (RWeb) and Reflection Security Gateway (RSG) and Reflection ZFE (ZFE) allows remote unauthenticated attackers to read arbitrary files via a specially crafted URL that allows limited directory traversal. Applies to MSS 12.3 before 12.3.326 and MSS 12.2 before 12.2.342 and RSG 12.1 before 12.1.362 and RWeb 12.3 before 12.3.312 and RWeb 12.2 before 12.2.342 and RWeb 12.1 before 12.1.362 and ZFE 2.0.1 before 2.0.1.18 and ZFE 2.0.0 before 2.0.0.52 and ZFE 1.4.0 before 1.4.0.14. | ||||
| CVE-2016-5664 | 1 Accellion | 1 Kiteworks Appliance | 2025-04-12 | N/A |
| Directory traversal vulnerability on Accellion Kiteworks appliances before kw2016.03.00 allows remote attackers to read files via a crafted URI. | ||||
| CVE-2016-5418 | 3 Libarchive, Oracle, Redhat | 11 Libarchive, Linux, Enterprise Linux and 8 more | 2025-04-12 | N/A |
| The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file. | ||||
| CVE-2016-5639 | 1 Crestron | 2 Airmedia Am-100, Airmedia Am-100 Firmware | 2025-04-12 | N/A |
| Directory traversal vulnerability in cgi-bin/login.cgi on Crestron AirMedia AM-100 devices with firmware before 1.4.0.13 allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter. | ||||
| CVE-2016-5098 | 2 Opensuse, Phpmyadmin | 2 Opensuse, Phpmyadmin | 2025-04-12 | N/A |
| Directory traversal vulnerability in libraries/error_report.lib.php in phpMyAdmin before 4.6.2-prerelease allows remote attackers to determine the existence of arbitrary files by triggering an error. | ||||
| CVE-2016-5307 | 1 Symantec | 1 Endpoint Protection Manager | 2025-04-12 | N/A |
| Directory traversal vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to read arbitrary files in the web-root directory tree via unspecified vectors. | ||||
| CVE-2016-5092 | 1 Fortinet | 1 Fortiweb | 2025-04-12 | N/A |
| Directory traversal vulnerability in Fortinet FortiWeb before 5.5.3 allows remote authenticated administrators with read and write privileges to read arbitrary files by leveraging the autolearn feature. | ||||
| CVE-2016-5049 | 1 Readydesk | 1 Readydesk | 2025-04-12 | N/A |
| Directory traversal vulnerability in chat/openattach.aspx in ReadyDesk 9.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the SESID parameter in conjunction with a filename in the FNAME parameter. | ||||
| CVE-2016-4532 | 1 Trihedral | 1 Vtscada | 2025-04-12 | N/A |
| Directory traversal vulnerability in the WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to read arbitrary files via a crafted pathname. | ||||
| CVE-2016-4814 | 1 Gsi | 1 Old Gsi Maps | 2025-04-12 | N/A |
| Directory traversal vulnerability in kml2jsonp.php in Geospatial Information Authority of Japan (aka GSI) Old_GSI_Maps before January 2015 on Windows allows remote attackers to read arbitrary files via unspecified vectors. | ||||
| CVE-2016-6321 | 1 Gnu | 1 Tar | 2025-04-12 | N/A |
| Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER. | ||||
| CVE-2008-3277 | 2 Openfabrics, Redhat | 2 Ibutils, Enterprise Linux | 2025-04-12 | N/A |
| Untrusted search path vulnerability in a certain Red Hat build script for the ibmssh executable in ibutils packages before ibutils-1.5.7-2.el6 in Red Hat Enterprise Linux (RHEL) 6 and ibutils-1.2-11.2.el5 in Red Hat Enterprise Linux (RHEL) 5 allows local users to gain privileges via a Trojan Horse program in refix/lib/, related to an incorrect RPATH setting in the ELF header. | ||||
| CVE-2016-4815 | 1 Buffalo | 12 Wzr-600dhp2, Wzr-600dhp2 Firmware, Wzr-600dhp3 and 9 more | 2025-04-12 | N/A |
| Directory traversal vulnerability on BUFFALO WZR-600DHP3 devices with firmware 2.16 and earlier and WZR-S600DHP devices with firmware 2.16 and earlier allows remote attackers to read arbitrary files via unspecified vectors. | ||||
| CVE-2016-5332 | 1 Vmware | 1 Vrealize Log Insight | 2025-04-12 | N/A |
| Directory traversal vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.6.0 allows remote attackers to read arbitrary files via unspecified vectors. | ||||
| CVE-2016-3972 | 1 Dotcms | 1 Dotcms | 2025-04-12 | N/A |
| Directory traversal vulnerability in the dotTailLogServlet in dotCMS before 3.5.1 allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the fileName parameter. | ||||
| CVE-2016-3088 | 2 Apache, Redhat | 3 Activemq, Jboss Amq, Jboss Fuse | 2025-04-12 | 9.8 Critical |
| The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request. | ||||
| CVE-2016-2872 | 1 Ibm | 2 Qradar Security Information And Event Manager, Security Qradar Incident Forensics | 2025-04-12 | N/A |
| Directory traversal vulnerability in IBM Security QRadar SIEM 7.2.x before 7.2.7 and QRadar Incident Forensics 7.2.x before 7.2.7 allows remote attackers to read arbitrary files via a crafted URL. | ||||
| CVE-2016-2933 | 1 Ibm | 1 Bigfix Remote Control | 2025-04-12 | N/A |
| Directory traversal vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote authenticated administrators to read arbitrary files via a crafted request. | ||||
| CVE-2016-2389 | 1 Sap | 1 Netweaver | 2025-04-12 | N/A |
| Directory traversal vulnerability in the GetFileList function in the SAP Manufacturing Integration and Intelligence (xMII) component 15.0 for SAP NetWeaver 7.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the Path parameter to /Catalog, aka SAP Security Note 2230978. | ||||