Total
7421 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2015-0906 | 1 Lhaplus | 1 Lhaplus | 2025-04-12 | N/A |
Directory traversal vulnerability in Lhaplus before 1.70 allows remote attackers to write to arbitrary files via a crafted archive. | ||||
CVE-2015-0911 | 1 Dounokouno | 1 Transmitmail | 2025-04-12 | N/A |
Directory traversal vulnerability in TAGAWA Takao TransmitMail 1.0.11 through 1.5.8 allows remote attackers to read arbitrary files via vectors related to attachment handling. | ||||
CVE-2015-0867 | 1 Synck Graphica | 1 Download Log Cgi | 2025-04-12 | N/A |
Directory traversal vulnerability in SYNCK GRAPHICA Download Log CGI 3.0 and earlier allows remote attackers to read arbitrary files via a crafted filename. | ||||
CVE-2015-1196 | 3 Gnu, Opensuse, Oracle | 3 Patch, Opensuse, Solaris | 2025-04-12 | N/A |
GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file. | ||||
CVE-2013-1604 | 1 Maygion | 1 Ip Camera Firmware | 2025-04-12 | N/A |
Directory traversal vulnerability in MayGion IP Cameras with firmware before 2013.04.22 (05.53) allows remote attackers to read arbitrary files via a .. (dot dot) in the default URI. | ||||
CVE-2015-0171 | 1 Ibm | 1 Security Siteprotector System | 2025-04-12 | N/A |
Directory traversal vulnerability in IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to write to arbitrary files via unspecified vectors. | ||||
CVE-2013-2619 | 1 Aspen | 1 Aspen | 2025-04-12 | N/A |
Directory traversal vulnerability in Aspen before 0.22 allows remote attackers to read arbitrary files via a .. (dot dot) to the default URI. | ||||
CVE-2014-9734 | 1 Themepunch | 1 Slider Revolution | 2025-04-12 | N/A |
Directory traversal vulnerability in the Slider Revolution (revslider) plugin before 4.2 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter in a revslider_show_image action to wp-admin/admin-ajax.php. | ||||
CVE-2014-9767 | 3 Hiphop Virtual Machine For Php Project, Php, Redhat | 3 Hiphop Virtual Machine For Php, Php, Rhel Software Collections | 2025-04-12 | N/A |
Directory traversal vulnerability in the ZipArchive::extractTo function in ext/zip/php_zip.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 and ext/zip/ext_zip.cpp in HHVM before 3.12.1 allows remote attackers to create arbitrary empty directories via a crafted ZIP archive. | ||||
CVE-2014-100002 | 1 Zohocorp | 1 Manageengine Supportcenter Plus | 2025-04-12 | N/A |
Directory traversal vulnerability in ManageEngine SupportCenter Plus 7.9 before 7917 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the attach parameter to WorkOrder.do in the file attachment for a new ticket. | ||||
CVE-2015-0480 | 2 Oracle, Redhat | 6 Jdk, Jre, Enterprise Linux and 3 more | 2025-04-12 | N/A |
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect integrity and availability via unknown vectors related to Tools. | ||||
CVE-2013-6221 | 1 Hp | 1 Service Virtualization | 2025-04-12 | N/A |
Directory traversal vulnerability in CommunicationServlet in HP Service Virtualization 3.x before 3.50.1, when the AutoPass license server is enabled, allows remote attackers to create arbitrary files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-2031. | ||||
CVE-2015-8799 | 1 Broadcom | 5 Symantec Critical System Protection, Symantec Data Center Security Server, Symantec Data Center Security Server And Agents and 2 more | 2025-04-12 | 7.6 High |
Directory traversal vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allows remote authenticated users to write update-package data to arbitrary agent locations via unspecified vectors. | ||||
CVE-2016-0709 | 1 Apache | 1 Jetspeed | 2025-04-12 | N/A |
Directory traversal vulnerability in the Import/Export function in the Portal Site Manager in Apache Jetspeed before 2.3.1 allows remote authenticated administrators to write to arbitrary files, and consequently execute arbitrary code, via a .. (dot dot) in a ZIP archive entry, as demonstrated by "../../webapps/x.jsp." | ||||
CVE-2015-0550 | 1 Emc | 1 Documentum Thumbnail Server | 2025-04-12 | N/A |
Directory traversal vulnerability in EMC Documentum Thumbnail Server 6.7SP1 before P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P01 allows remote attackers to bypass intended Content Server access restrictions via unspecified vectors. | ||||
CVE-2015-3648 | 1 Montala | 1 Resourcespace | 2025-04-12 | N/A |
Directory traversal vulnerability in pages/setup.php in Montala Limited ResourceSpace before 7.2.6727 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the defaultlanguage parameter. | ||||
CVE-2014-9436 | 1 Sysaid | 1 Sysaid | 2025-04-12 | N/A |
Absolute path traversal vulnerability in SysAid On-Premise before 14.4.2 allows remote attackers to read arbitrary files via a \\\\ (four backslashes) in the fileName parameter to getRdsLogFile. | ||||
CVE-2014-9447 | 2 Elfutils Project, Redhat | 2 Elfutils, Enterprise Linux | 2025-04-12 | N/A |
Directory traversal vulnerability in the read_long_names function in libelf/elf_begin.c in elfutils 0.152 and 0.161 allows remote attackers to write to arbitrary files to the root directory via a / (slash) in a crafted archive, as demonstrated using the ar program. | ||||
CVE-2014-9389 | 1 Sonatype | 1 Nexus | 2025-04-12 | N/A |
Directory traversal vulnerability in Sonatype Nexus OSS and Pro before 2.11.1-01 allows remote attackers to read or write to arbitrary files via unspecified vectors. | ||||
CVE-2014-9373 | 1 Manageengine | 1 Netflow Analyzer | 2025-04-12 | N/A |
Directory traversal vulnerability in the CollectorConfInfoServlet servlet in ManageEngine NetFlow Analyzer allows remote attackers to execute arbitrary code via a .. (dot dot) in the filename. |