Search Results (9607 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-6304 1 Ibm 2 Algo One, Algo Risk Application 2025-04-12 N/A
Multiple directory traversal vulnerabilities in Algo Risk Application (ARA) 2.4.0.1 through 4.9.1 in IBM Algo One allow remote authenticated users to bypass intended access restrictions via a crafted pathname for a (1) configuration or (2) JAR file.
CVE-2015-4289 1 Cisco 1 Anyconnect Secure Mobility Client 2025-04-12 N/A
Directory traversal vulnerability in Cisco AnyConnect Secure Mobility Client 4.0(2049) allows remote head-end systems to write to arbitrary files via a crafted configuration attribute, aka Bug ID CSCut93920.
CVE-2013-6303 1 Ibm 1 Algo One 2025-04-12 N/A
Directory traversal vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated users to read arbitrary files via unspecified vectors.
CVE-2014-2846 1 Westerndigital 1 Arkeia Virtual Appliance Firmware 2025-04-12 N/A
Directory traversal vulnerability in opt/arkeia/wui/htdocs/index.php in the WD Arkeia virtual appliance (AVA) with firmware before 10.2.9 allows remote attackers to read arbitrary files and execute arbitrary PHP code via a ..././ (dot dot dot slash dot slash) in the lang Cookie parameter, as demonstrated by a request to login/doLogin.
CVE-2014-3225 1 Cobblerd 1 Cobbler 2025-04-12 N/A
Absolute path traversal vulnerability in the web interface in Cobbler 2.4.x through 2.6.x allows remote authenticated users to read arbitrary files via the Kickstart field in a profile.
CVE-2015-4425 1 Pimcore 1 Pimcore 2025-04-12 N/A
Directory traversal vulnerability in pimcore before build 3473 allows remote authenticated users with the "assets" permission to create or write to arbitrary files via a .. (dot dot) in the dir parameter to admin/asset/add-asset-compatibility.
CVE-2015-4641 2 Samsung, Swiftkey 5 Galaxy S4, Galaxy S4 Mini, Galaxy S5 and 2 more 2025-04-12 N/A
Directory traversal vulnerability in the SwiftKey language-pack update implementation on Samsung Galaxy S4, S4 Mini, S5, and S6 devices allows remote web servers to write to arbitrary files, and consequently execute arbitrary code in a privileged context, by leveraging control of the skslm.swiftkey.net domain name and providing a .. (dot dot) in an entry in a ZIP archive, as demonstrated by a traversal to the /data/dalvik-cache directory.
CVE-2012-5242 1 Bananadance 1 Banana Dance 2025-04-12 N/A
Directory traversal vulnerability in functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter in a get_template action.
CVE-2013-5655 1 Xiaowen Huang 1 Yingzhi Python Programming Language 2025-04-12 N/A
Directory traversal vulnerability in the FTP server in YingZhi Python Programming Language for iOS 1.9 allows remote attackers to read and possibly write arbitrary files via a .. (dot dot) in the default URI.
CVE-2014-3535 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2025-04-12 N/A
include/linux/netdevice.h in the Linux kernel before 2.6.36 incorrectly uses macros for netdev_printk and its related logging implementation, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) by sending invalid packets to a VxLAN interface.
CVE-2016-9950 2 Apport Project, Canonical 2 Apport, Ubuntu Linux 2025-04-12 N/A
An issue was discovered in Apport before 2.20.4. There is a path traversal issue in the Apport crash file "Package" and "SourcePackage" fields. These fields are used to build a path to the package specific hook files in the /usr/share/apport/package-hooks/ directory. An attacker can exploit this path traversal to execute arbitrary Python files from the local system.
CVE-2014-3618 3 Canonical, Procmail, Redhat 3 Ubuntu Linux, Procmail, Enterprise Linux 2025-04-12 N/A
Heap-based buffer overflow in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted email header, related to "unbalanced quotes."
CVE-2014-3777 1 Reportico 1 Php Report Designer 2025-04-12 N/A
Directory traversal vulnerability in Reportico PHP Report Designer before 4.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the xmlin parameter.
CVE-2014-3806 1 Vmturbo 1 Operations Manager 2025-04-12 N/A
Directory traversal vulnerability in cgi-bin/help/doIt.cgi in VMTurbo Operations Manager before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the xml_path parameter.
CVE-2016-4004 1 Dell 1 Openmanage Server Administrator 2025-04-12 N/A
Directory traversal vulnerability in Dell OpenManage Server Administrator (OMSA) 8.2 allows remote authenticated administrators to read arbitrary files via a ..\ (dot dot backslash) in the file parameter to ViewFile.
CVE-2014-6182 1 Ibm 1 Business Process Manager 2025-04-12 N/A
Directory traversal vulnerability in an export function in the Process Center in IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3 and 8.5.x through 8.5.5 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URL.
CVE-2014-3864 1 Debian 1 Dpkg-dev 2025-04-12 N/A
Directory traversal vulnerability in dpkg-source in dpkg-dev 1.3.0 allows remote attackers to modify files outside of the intended directories via a crafted source package that lacks a --- header line.
CVE-2014-2314 2 Atlassian, Microsoft 2 Jira, Windows 2025-04-12 N/A
Directory traversal vulnerability in the Issue Collector plugin in Atlassian JIRA before 6.0.4 allows remote attackers to create arbitrary files via unspecified vectors.
CVE-2015-4703 1 Rename Project 1 Rename 2025-04-12 N/A
Absolute path traversal vulnerability in mysqldump_download.php in the WordPress Rename plugin 1.0 for WordPress allows remote attackers to read arbitrary files via a full pathname in the dumpfname parameter.
CVE-2014-2313 2 Atlassian, Microsoft 2 Jira, Windows 2025-04-12 N/A
Directory traversal vulnerability in the Importers plugin in Atlassian JIRA before 6.0.5 allows remote attackers to create arbitrary files via unspecified vectors.