Total
5817 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-0358 | 1 Xangati | 2 Xangati Software Release, Xangati Xnr | 2023-12-10 | 7.8 HIGH | N/A |
Multiple directory traversal vulnerabilities in Xangati XSR before 11 and XNR before 7 allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the file parameter in a getUpgradeStatus action to servlet/MGConfigData, (2) the download parameter in a download action to servlet/MGConfigData, (3) the download parameter in a port_svc action to servlet/MGConfigData, (4) the file parameter in a getfile action to servlet/Installer, or (5) the binfile parameter to servlet/MGConfigData. | |||||
CVE-2014-3865 | 1 Debian | 1 Dpkg-dev | 2023-12-10 | 6.4 MEDIUM | N/A |
Multiple directory traversal vulnerabilities in dpkg-source in dpkg-dev 1.3.0 allow remote attackers to modify files outside of the intended directories via a source package with a crafted Index: pseudo-header in conjunction with (1) missing --- and +++ header lines or (2) a +++ header line with a blank pathname. | |||||
CVE-2014-100029 | 1 Ganesha Digital Library Project | 1 Ganesha Digital Library | 2023-12-10 | 5.0 MEDIUM | N/A |
Multiple directory traversal vulnerabilities in class/session.php in Ganesha Digital Library (GDL) 4.2 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) newlang or (2) newtheme parameter. | |||||
CVE-2014-4937 | 1 Bookx Plugin Project | 1 Bookx | 2023-12-10 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in includes/bookx_export.php BookX plugin 1.7 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | |||||
CVE-2014-2588 | 1 Mcafee | 1 Asset Manager | 2023-12-10 | 4.0 MEDIUM | N/A |
Directory traversal vulnerability in servlet/downloadReport in McAfee Asset Manager 6.6 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the reportFileName parameter. | |||||
CVE-2014-4689 | 1 Netgate | 1 Pfsense | 2023-12-10 | 5.0 MEDIUM | N/A |
Absolute path traversal vulnerability in pkg_edit.php in pfSense before 2.1.4 allows remote attackers to read arbitrary XML files via a full pathname in the xml parameter. | |||||
CVE-2014-1969 | 1 Apps4u\@android | 1 Sd Card Manager | 2023-12-10 | 5.8 MEDIUM | N/A |
Directory traversal vulnerability in the apps4u@android SD Card Manager application before 20140224 for Android allows attackers to overwrite or create arbitrary files via a crafted filename. | |||||
CVE-2014-2536 | 2 Intel, Mcafee | 3 Expressway Cloud Access 360, Cloud Identity Manager, Cloud Single Sign On | 2023-12-10 | 4.3 MEDIUM | N/A |
Directory traversal vulnerability in McAfee Cloud Identity Manager 3.0, 3.1, and 3.5.1, McAfee Cloud Single Sign On (MCSSO) before 4.0.1, and Intel Expressway Cloud Access 360-SSO 2.1 and 2.5 allows remote authenticated users to read an unspecified file containing a hash of the administrator password via unknown vectors. | |||||
CVE-2013-6304 | 1 Ibm | 2 Algo One, Algo Risk Application | 2023-12-10 | 4.0 MEDIUM | N/A |
Multiple directory traversal vulnerabilities in Algo Risk Application (ARA) 2.4.0.1 through 4.9.1 in IBM Algo One allow remote authenticated users to bypass intended access restrictions via a crafted pathname for a (1) configuration or (2) JAR file. | |||||
CVE-2014-0666 | 1 Cisco | 1 Jabber | 2023-12-10 | 4.3 MEDIUM | N/A |
Directory traversal vulnerability in the Send Screen Capture implementation in Cisco Jabber 9.2(.1) and earlier on Windows allows remote attackers to upload arbitrary types of files, and consequently execute arbitrary code, via modified packets, aka Bug ID CSCug48056. | |||||
CVE-2015-0933 | 1 Sharelatex | 1 Sharelatex | 2023-12-10 | 3.5 LOW | N/A |
Absolute path traversal vulnerability in ShareLaTeX 0.1.3 and earlier, when the paranoid openin_any setting is omitted, allows remote authenticated users to read arbitrary files via a \include command. | |||||
CVE-2014-3578 | 1 Pivotal Software | 1 Spring Framework | 2023-12-10 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in Pivotal Spring Framework 3.x before 3.2.9 and 4.0 before 4.0.5 allows remote attackers to read arbitrary files via a crafted URL. | |||||
CVE-2013-3739 | 1 Network-weathermap | 1 .network Weathermap | 2023-12-10 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in editor.php in Network Weathermap 0.97c and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the mapname parameter in a show_config action. | |||||
CVE-2014-1715 | 4 Apple, Google, Linux and 1 more | 4 Mac Os X, Chrome, Linux Kernel and 1 more | 2023-12-10 | 7.5 HIGH | N/A |
Directory traversal vulnerability in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows has unspecified impact and attack vectors. | |||||
CVE-2015-2775 | 4 Canonical, Debian, Gnu and 1 more | 4 Ubuntu Linux, Debian Linux, Mailman and 1 more | 2023-12-10 | 7.6 HIGH | N/A |
Directory traversal vulnerability in GNU Mailman before 2.1.20, when not using a static alias, allows remote attackers to execute arbitrary files via a .. (dot dot) in a list name. | |||||
CVE-2014-6036 | 1 Zohocorp | 3 Manageengine It360, Manageengine Opmanager, Manageengine Social It Plus | 2023-12-10 | 6.4 MEDIUM | N/A |
Directory traversal vulnerability in the multipartRequest servlet in ZOHO ManageEngine OpManager 11.3 and earlier, Social IT Plus 11.0, and IT360 10.3, 10.4, and earlier allows remote attackers or remote authenticated users to delete arbitrary files via a .. (dot dot) in the fileName parameter. | |||||
CVE-2014-4929 | 1 Owncloud | 1 Owncloud | 2023-12-10 | 6.8 MEDIUM | N/A |
Directory traversal vulnerability in the routing component in ownCloud Server before 5.0.17 and 6.0.x before 6.0.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in a filename, related to index.php. | |||||
CVE-2014-9461 | 1 Reality66 | 1 Cart66 Lite | 2023-12-10 | 3.5 LOW | N/A |
Directory traversal vulnerability in models/Cart66.php in the Cart66 Lite plugin before 1.5.4 for WordPress allows remote authenticated users to read arbitrary files via a .. (dot dot) in the member_download action to wp-admin/admin-ajax.php. | |||||
CVE-2011-5273 | 1 Gplhost | 1 Domain Technologie Control | 2023-12-10 | 6.5 MEDIUM | N/A |
Directory traversal vulnerability in shared/package-installer in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary PHP code via a .. (dot dot) in the pkg parameter in a do_install action to dtc/. | |||||
CVE-2014-1833 | 1 Devscripts Devel Team | 1 Devscripts | 2023-12-10 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in uupdate in devscripts 2.14.1 allows remote attackers to modify arbitrary files via a crafted .orig.tar file, related to a symlink. |