Total
7850 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-1490 | 1 Symantec | 1 Endpoint Protection Manager | 2025-04-12 | N/A |
| Directory traversal vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to read arbitrary files via a relative pathname in a client installation package. | ||||
| CVE-2015-1550 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-04-12 | N/A |
| Directory traversal vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allows remote administrators to execute arbitrary files via unspecified vectors. | ||||
| CVE-2013-2619 | 1 Aspen | 1 Aspen | 2025-04-12 | N/A |
| Directory traversal vulnerability in Aspen before 0.22 allows remote attackers to read arbitrary files via a .. (dot dot) to the default URI. | ||||
| CVE-2015-1000005 | 1 Candidate-application-form Project | 1 Candidate-application-form | 2025-04-12 | N/A |
| Remote file download vulnerability in candidate-application-form v1.0 wordpress plugin | ||||
| CVE-2015-0665 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2025-04-12 | N/A |
| The Hostscan module in Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local users to write to arbitrary files via crafted IPC messages, aka Bug ID CSCus79173. | ||||
| CVE-2015-1322 | 2 Canonical, Ubuntu | 2 Ubuntu Linux, Network-manager | 2025-04-12 | N/A |
| Directory traversal vulnerability in the Ubuntu network-manager package for Ubuntu (vivid) before 0.9.10.0-4ubuntu15.1, Ubuntu 14.10 before 0.9.8.8-0ubuntu28.1, and Ubuntu 14.04 LTS before 0.9.8.8-0ubuntu7.1 allows local users to change the modem device configuration or read arbitrary files via a .. (dot dot) in the file name in a request to read modem device contexts (com.canonical.NMOfono.ReadImsiContexts). | ||||
| CVE-2015-2166 | 1 Ericsson | 1 Drutt Mobile Service Delivery Platform | 2025-04-12 | N/A |
| Directory traversal vulnerability in the Instance Monitor in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, and 6 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the default URI. | ||||
| CVE-2016-6232 | 2 Canonical, Kde | 2 Ubuntu Linux, Karchives | 2025-04-12 | N/A |
| Directory traversal vulnerability in KArchive before 5.24, as used in KDE Frameworks, allows remote attackers to write to arbitrary files via a ../ (dot dot slash) in a filename in an archive file, related to KNewsstuff downloads. | ||||
| CVE-2014-2059 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | N/A |
| Directory traversal vulnerability in the CLI job creation (hudson/cli/CreateJobCommand.java) in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to overwrite arbitrary files via the job name. | ||||
| CVE-2015-0516 | 1 Emc | 2 Vipr Srm, Watch4net | 2025-04-12 | N/A |
| Directory traversal vulnerability in EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 allows remote authenticated users to read arbitrary files via a crafted URL. | ||||
| CVE-2016-9950 | 2 Apport Project, Canonical | 2 Apport, Ubuntu Linux | 2025-04-12 | N/A |
| An issue was discovered in Apport before 2.20.4. There is a path traversal issue in the Apport crash file "Package" and "SourcePackage" fields. These fields are used to build a path to the package specific hook files in the /usr/share/apport/package-hooks/ directory. An attacker can exploit this path traversal to execute arbitrary Python files from the local system. | ||||
| CVE-2014-9282 | 1 Speed Software | 2 Explorer, Root Explorer | 2025-04-12 | N/A |
| Directory traversal vulnerability in the Speed Root Explorer application before 3.2 for Android and the Speed Explorer application before 2.2 for Android allows remote attackers to write to arbitrary files via a crafted filename. | ||||
| CVE-2010-5323 | 1 Novell | 1 Zenworks Configuration Management | 2025-04-12 | N/A |
| Directory traversal vulnerability in UploadServlet in the Remote Management component in Novell ZENworks Configuration Management (ZCM) 10 before 10.3 allows remote attackers to execute arbitrary code via a crafted WAR pathname in the filename parameter in conjunction with WAR content in the POST data, a different vulnerability than CVE-2010-5324. | ||||
| CVE-2014-9512 | 3 Opensuse, Oracle, Samba | 3 Opensuse, Solaris, Rsync | 2025-04-12 | N/A |
| rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path. | ||||
| CVE-2015-0557 | 2 Arj Software, Fedoraproject | 2 Arj Archiver, Fedora | 2025-04-12 | N/A |
| Open-source ARJ archiver 3.10.22 does not properly remove leading slashes from paths, which allows remote attackers to conduct absolute path traversal attacks and write to arbitrary files via multiple leading slashes in a path in an ARJ archive. | ||||
| CVE-2015-2243 | 1 Webshophun | 1 Webshop Hun | 2025-04-12 | N/A |
| Directory traversal vulnerability in Webshop hun 1.062S allows remote attackers to have unspecified impact via directory traversal sequences in the mappa parameter to index.php. | ||||
| CVE-2014-6194 | 1 Ibm | 12 Change And Configuration Management Database, Maximo Asset Management, Maximo Asset Management Essentials and 9 more | 2025-04-12 | N/A |
| Directory traversal vulnerability in an unspecified web form in IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX007, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to read arbitrary files via a .. (dot dot) in a pathname. | ||||
| CVE-2014-6182 | 1 Ibm | 1 Business Process Manager | 2025-04-12 | N/A |
| Directory traversal vulnerability in an export function in the Process Center in IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3 and 8.5.x through 8.5.5 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URL. | ||||
| CVE-2014-6394 | 3 Apple, Fedoraproject, Joyent | 3 Xcode, Fedora, Node.js | 2025-04-12 | N/A |
| visionmedia send before 0.8.4 for Node.js uses a partial comparison for verifying whether a directory is within the document root, which allows remote attackers to access restricted directories, as demonstrated using "public-restricted" under a "public" directory. | ||||
| CVE-2014-5393 | 1 Sos | 1 Jobscheduler | 2025-04-12 | N/A |
| Directory traversal vulnerability in the JobScheduler Operations Center (JOC) in SOS JobScheduler before 1.6.4246 and 1.7.x before 1.7.4241 allows remote authenticated users with the info permission to read arbitrary files in the webroot via unspecified vectors. | ||||