Total
5765 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2011-4831 | 1 David Azoulay | 1 Web File Browser | 2023-12-10 | 4.0 MEDIUM | N/A |
Directory traversal vulnerability in webFileBrowser.php in Web File Browser 0.4b14 allows remote authenticated users to read arbitrary files via a ..%2f (encoded dot dot) in the file parameter in a download action. | |||||
CVE-2010-4282 | 1 Artica | 1 Pandora Fms | 2023-12-10 | 7.5 HIGH | N/A |
Multiple directory traversal vulnerabilities in Pandora FMS before 3.1.1 allow remote attackers to include and execute arbitrary local files via (1) the page parameter to ajax.php or (2) the id parameter to general/pandora_help.php, and allow remote attackers to include and execute, create, modify, or delete arbitrary local files via (3) the layout parameter to operation/agentes/networkmap.php. | |||||
CVE-2010-1512 | 1 Tatsuhiro Tsujikawa | 1 Aria2 | 2023-12-10 | 4.3 MEDIUM | N/A |
Directory traversal vulnerability in aria2 before 1.9.3 allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file. | |||||
CVE-2009-4374 | 1 Alienvault | 1 Open Source Security Information Management | 2023-12-10 | 7.5 HIGH | N/A |
Directory traversal vulnerability in repository/repository_attachment.php in AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to upload files into arbitrary directories via a .. (dot dot) in the id_document parameter. | |||||
CVE-2010-1061 | 1 Phpkobo | 1 Short Url | 2023-12-10 | 6.8 MEDIUM | N/A |
Multiple directory traversal vulnerabilities in Phpkobo Short URL 1.01, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the LANG_CODE parameter to (1) url/app/common.inc.php and (2) codelib/cfg/common.inc.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2011-4835 | 1 Homeseer | 1 Homeseer Hs2 | 2023-12-10 | 7.5 HIGH | N/A |
Directory traversal vulnerability in the web interface in HomeSeer HS2 2.5.0.20 allows remote attackers to access arbitrary files via unspecified vectors. | |||||
CVE-2010-1302 | 2 Decryptweb, Joomla | 2 Com Dwgraphs, Joomla\! | 2023-12-10 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in dwgraphs.php in the DecryptWeb DW Graphs (com_dwgraphs) component 1.0 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php. | |||||
CVE-2011-3305 | 1 Cisco | 2 Nac Appliance, Nac Manager | 2023-12-10 | 7.8 HIGH | N/A |
Directory traversal vulnerability in Cisco Network Admission Control (NAC) Manager 4.8.x allows remote attackers to read arbitrary files via crafted traffic to TCP port 443, aka Bug ID CSCtq10755. | |||||
CVE-2011-1565 | 1 7t | 1 Igss | 2023-12-10 | 10.0 HIGH | N/A |
Directory traversal vulnerability in IGSSdataServer.exe 9.00.00.11063 and earlier in 7-Technologies Interactive Graphical SCADA System (IGSS) allows remote attackers to (1) read (opcode 0x3) or (2) create or write (opcode 0x2) arbitrary files via ..\ (dot dot backslash) sequences to TCP port 12401. | |||||
CVE-2011-4878 | 1 Siemens | 5 Simatic Hmi Panels, Wincc, Wincc Flexible and 2 more | 2023-12-10 | 7.8 HIGH | N/A |
Directory traversal vulnerability in miniweb.exe in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to read arbitrary files via a ..%5c (dot dot backslash) in a URI. | |||||
CVE-2010-1652 | 1 Helpcenterlive | 1 Hcl | 2023-12-10 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in the HelpCenter module in Help Center Live (HCL) 2.0.6 and 2.1.7 allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the file parameter to module.php. NOTE: some of these details are obtained from third party information. | |||||
CVE-2011-4714 | 1 Vvertex | 1 Muster | 2023-12-10 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in Virtual Vertex Muster before 6.20 allows remote attackers to read arbitrary files via a \.. (backslash dot dot) in the URL. | |||||
CVE-2010-0799 | 1 Perlunity | 1 Phpunity.newsmanager | 2023-12-10 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in misc/tell_a_friend/tell.php in phpunity.newsmanager allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter. | |||||
CVE-2010-3203 | 2 Joomla, Xmlswf | 2 Joomla\!, Com Picsell | 2023-12-10 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in the PicSell (com_picsell) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the dflink parameter in a prevsell dwnfree action to index.php. | |||||
CVE-2011-1589 | 1 Mojolicious | 1 Mojolicious | 2023-12-10 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in Path.pm in Mojolicious before 1.16 allows remote attackers to read arbitrary files via a %2f..%2f (encoded slash dot dot slash) in a URI. | |||||
CVE-2011-2643 | 1 Phpmyadmin | 1 Phpmyadmin | 2023-12-10 | 6.8 MEDIUM | N/A |
Directory traversal vulnerability in sql.php in phpMyAdmin 3.4.x before 3.4.3.2, when configuration storage is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a MIME-type transformation parameter. | |||||
CVE-2010-0396 | 1 Debian | 1 Dpkg | 2023-12-10 | 5.8 MEDIUM | N/A |
Directory traversal vulnerability in the dpkg-source component in dpkg before 1.14.29 allows remote attackers to modify arbitrary files via a crafted Debian source archive. | |||||
CVE-2011-2167 | 1 Dovecot | 1 Dovecot | 2023-12-10 | 6.5 MEDIUM | N/A |
script-login in Dovecot 2.0.x before 2.0.13 does not follow the chroot configuration setting, which might allow remote authenticated users to conduct directory traversal attacks by leveraging a script. | |||||
CVE-2010-0989 | 1 Pulsecms | 1 Pulse Cms | 2023-12-10 | 5.5 MEDIUM | N/A |
Directory traversal vulnerability in delete.php in Pulse CMS before 1.2.3 allows remote authenticated users to delete arbitrary files via directory traversal sequences in the f parameter. | |||||
CVE-2011-4876 | 1 Siemens | 5 Simatic Hmi Panels, Wincc, Wincc Flexible and 2 more | 2023-12-10 | 9.3 HIGH | N/A |
Directory traversal vulnerability in HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime, when Transfer Mode is enabled, allows remote attackers to execute, read, create, modify, or delete arbitrary files via a .. (dot dot) in a string. |