Vulnerabilities (CVE)

Filtered by CWE-22
Total 5713 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2012-3324 2 Ibm, Microsoft 8 Db2, Db2 Connect, Windows 2000 and 5 more 2023-12-10 9.0 HIGH N/A
Directory traversal vulnerability in the UTL_FILE module in IBM DB2 and DB2 Connect 10.1 before FP1 on Windows allows remote authenticated users to modify, delete, or read arbitrary files via a pathname in the file field.
CVE-2012-5931 1 Microfocus 1 Privileged User Manager 2023-12-10 5.5 MEDIUM N/A
Directory traversal vulnerability in the set_log_config function in regclnt.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 allows remote authenticated users to create or overwrite arbitrary files via directory traversal sequences in a log pathname.
CVE-2011-5208 2 Backwpup, Wordpress 2 Backwpup, Wordpress 2023-12-10 5.0 MEDIUM N/A
Multiple directory traversal vulnerabilities in the BackWPup plugin before 1.4.1 for WordPress allow remote attackers to read arbitrary files via a .. (dot dot) in the wpabs parameter to (1) app/options-view_log-iframe.php or (2) app/options-runnow-iframe.php.
CVE-2013-2979 1 Ibm 2 Infosphere Optim Performance Manager, Optim Performance Manager 2023-12-10 4.0 MEDIUM N/A
Directory traversal vulnerability in IBM Optim Performance Manager 4.1.1 and IBM InfoSphere Optim Performance Manager 5.x before 5.2 allows remote authenticated users to read arbitrary files via a crafted URL.
CVE-2012-1671 1 Nicolas Tormo 1 Phppaleo 2023-12-10 6.8 MEDIUM N/A
Directory traversal vulnerability in index.php in phpPaleo 4.8b155 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
CVE-2013-4173 1 Xymon 1 Xymon 2023-12-10 5.0 MEDIUM N/A
Directory traversal vulnerability in the trend-data daemon (xymond_rrd) in Xymon 4.x before 4.3.12 allows remote attackers to delete arbitrary files via a .. (dot dot) in the host name in a "drophost" command.
CVE-2013-5021 2 Abb, Ni 5 Datamanager, Labview, Labwindows and 2 more 2023-12-10 9.3 HIGH N/A
Multiple absolute path traversal vulnerabilities in National Instruments cwui.ocx, as used in National Instruments LabWindows/CVI 2012 SP1 and earlier, National Instruments LabVIEW 2012 SP1 and earlier, the Data Analysis component in ABB DataManager 1 through 6.3.6, and other products allow remote attackers to create and execute arbitrary files via a full pathname in an argument to the ExportStyle method in the (1) CWNumEdit, (2) CWGraph, (3) CWBoolean, (4) CWSlide, or (5) CWKnob ActiveX control, in conjunction with file content in the (a) Caption or (b) FormatString property value.
CVE-2012-5344 1 Kepler Lam 1 Iptools 2023-12-10 5.0 MEDIUM N/A
Directory traversal vulnerability in the WebServer (Thttpd.bat) in IpTools (aka Tiny TCP/IP server) 0.1.4 allows remote attackers to read arbitrary files via a .. (dot dot) in a HTTP request.
CVE-2013-0136 1 Mutiny 3 Mutiny, Mutiny Appliance, Mutiny Virtual Appliance 2023-12-10 8.5 HIGH N/A
Multiple directory traversal vulnerabilities in the EditDocument servlet in the Frontend in Mutiny before 5.0-1.11 allow remote authenticated users to upload and execute arbitrary programs, read arbitrary files, or cause a denial of service (file deletion or renaming) via (1) the uploadPath parameter in an UPLOAD operation; the paths[] parameter in a (2) DELETE, (3) CUT, or (4) COPY operation; or the newPath parameter in a (5) CUT or (6) COPY operation.
CVE-2012-2968 1 Caucho 1 Resin 2023-12-10 5.0 MEDIUM N/A
Directory traversal vulnerability in Caucho Quercus, as distributed in Resin before 4.0.29, allows remote attackers to create files in arbitrary directories via a .. (dot dot) in a pathname within an HTTP request.
CVE-2013-5216 1 Capasystems 1 Performance Guard 2023-12-10 5.0 MEDIUM N/A
Directory traversal vulnerability in logreader/uploadreader.jsp in CapaSystems Performance Guard before 6.2.102 allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2013-2981 1 Ibm 1 Data Studio 2023-12-10 5.0 MEDIUM N/A
Directory traversal vulnerability in the Web Console in IBM Data Studio 3.1.0 and 3.1.1 allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2013-3658 1 Vmware 2 Esx, Esxi 2023-12-10 9.4 HIGH N/A
Directory traversal vulnerability in VMware ESXi 4.0 through 5.0, and ESX 4.0 and 4.1, allows remote attackers to delete arbitrary host OS files via unspecified vectors.
CVE-2013-5011 1 Symantec 1 Endpoint Protection 2023-12-10 7.2 HIGH N/A
Unquoted Windows search path vulnerability in the client in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x before 12.1.2 RU2 allows local users to gain privileges via a crafted program in the %SYSTEMDRIVE% directory.
CVE-2013-7240 2 Westerndeal, Wordpress 2 Advanced Dewplayer, Wordpress 2023-12-10 5.0 MEDIUM N/A
Directory traversal vulnerability in download-file.php in the Advanced Dewplayer plugin 1.2 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the dew_file parameter.
CVE-2012-1089 1 Apache 1 Wicket 2023-12-10 5.0 MEDIUM N/A
Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package.
CVE-2013-3240 1 Phpmyadmin 1 Phpmyadmin 2023-12-10 6.5 MEDIUM N/A
Directory traversal vulnerability in the Export feature in phpMyAdmin 4.x before 4.0.0-rc3 allows remote authenticated users to read arbitrary files or possibly have unspecified other impact via a parameter that specifies a crafted export type.
CVE-2012-4834 1 Ibm 1 Websphere Portal 2023-12-10 5.0 MEDIUM N/A
Directory traversal vulnerability in LayerLoader.jsp in the theme component in IBM WebSphere Portal 7.0.0.1 and 7.0.0.2 before CF19 and 8.0 before CF03 allows remote attackers to read arbitrary files via a crafted URI.
CVE-2013-6827 1 Pineapp 1 Mail-secure 2023-12-10 5.0 MEDIUM N/A
Absolute path traversal vulnerability in admin/viewmsg.php in PineApp Mail-SeCure allows remote attackers to read arbitrary files via a full pathname in the msg parameter.
CVE-2011-5217 1 Hitachi 2 Jp1\/serverconductor\/deploymentmanager, Serverconductor\/deploymentmanager 2023-12-10 5.0 MEDIUM N/A
Directory traversal vulnerability in the PXE Mtftp service in Hitachi JP1/ServerConductor/DeploymentManager before 08-55 Japanese and before 08-51 English allows remote attackers to read arbitrary files via unknown vectors.