Export limit exceeded: 364155 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (9601 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-5322 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | N/A |
| Directory traversal vulnerability in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to list directory contents and read arbitrary files in the Jenkins servlet resources via directory traversal sequences in a request to jnlpJars/. | ||||
| CVE-2013-3739 | 1 Network-weathermap | 1 .network Weathermap | 2025-04-12 | N/A |
| Directory traversal vulnerability in editor.php in Network Weathermap 0.97c and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the mapname parameter in a show_config action. | ||||
| CVE-2016-2572 | 2 Redhat, Squid-cache | 2 Enterprise Linux, Squid | 2025-04-12 | N/A |
| http.cc in Squid 4.x before 4.0.7 relies on the HTTP status code after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response. | ||||
| CVE-2013-3706 | 1 Novell | 1 Zenworks Configuration Management | 2025-04-12 | N/A |
| Directory traversal vulnerability in the PreBoot service in Novell ZENworks Configuration Management (ZCM) 11.2 allows remote attackers to read arbitrary files via a .. (dot dot) in a preboot update pathname, aka ZDI-CAN-1595. | ||||
| CVE-2015-4031 | 1 Visualmining | 1 Netcharts Server | 2025-04-12 | N/A |
| Directory traversal vulnerability in saveFile.jsp in the development installation in Visual Mining NetChart allows remote attackers to write to arbitrary files via unspecified vectors. | ||||
| CVE-2014-2611 | 1 Hp | 1 Executive Scorecard | 2025-04-12 | N/A |
| Directory traversal vulnerability in the fndwar web application in HP Executive Scorecard 9.40 and 9.41 allows remote authenticated users to execute arbitrary code, or obtain sensitive information or delete data, via unspecified vectors, aka ZDI-CAN-2120. | ||||
| CVE-2016-4814 | 1 Gsi | 1 Old Gsi Maps | 2025-04-12 | N/A |
| Directory traversal vulnerability in kml2jsonp.php in Geospatial Information Authority of Japan (aka GSI) Old_GSI_Maps before January 2015 on Windows allows remote attackers to read arbitrary files via unspecified vectors. | ||||
| CVE-2014-1973 | 1 Nextapp | 1 File Explorer | 2025-04-12 | N/A |
| Directory traversal vulnerability in the NextApp File Explorer application before 2.1.0.3 for Android allows remote attackers to overwrite or create arbitrary files via a crafted filename. | ||||
| CVE-2015-2862 | 1 Kaseya | 1 Virtual System Administrator | 2025-04-12 | N/A |
| Directory traversal vulnerability in Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 allows remote authenticated users to read arbitrary files via a crafted HTTP request. | ||||
| CVE-2015-2860 | 1 Avigilon | 1 Avigilon Control Center | 2025-04-12 | N/A |
| Directory traversal vulnerability in Avigilon Control Center (ACC) 4 before 4.12.0.54 and 5 before 5.4.2.22 allows remote attackers to read arbitrary files via a crafted help/ URL. | ||||
| CVE-2015-3627 | 2 Docker, Redhat | 3 Docker, Libcontainer, Rhel Extras Other | 2025-04-12 | N/A |
| Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an image. | ||||
| CVE-2015-7237 | 1 Mcafee | 1 Mcafee Agent | 2025-04-12 | N/A |
| Directory traversal vulnerability in the remote log viewing functionality in McAfee Agent (MA) 5.x before 5.0.2 allows remote attackers to obtain sensitive information via unspecified vectors. | ||||
| CVE-2015-4425 | 1 Pimcore | 1 Pimcore | 2025-04-12 | N/A |
| Directory traversal vulnerability in pimcore before build 3473 allows remote authenticated users with the "assets" permission to create or write to arbitrary files via a .. (dot dot) in the dir parameter to admin/asset/add-asset-compatibility. | ||||
| CVE-2015-3897 | 1 Bonitasoft | 1 Bonita Bpm Portal | 2025-04-12 | N/A |
| Directory traversal vulnerability in Bonita BPM Portal before 6.5.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the theme parameter and a file path in the location parameter to bonita/portal/themeResource. | ||||
| CVE-2014-6035 | 1 Zohocorp | 1 Manageengine Opmanager | 2025-04-12 | N/A |
| Directory traversal vulnerability in the FileCollector servlet in ZOHO ManageEngine OpManager 11.4, 11.3, and earlier allows remote attackers to write and execute arbitrary files via a .. (dot dot) in the FILENAME parameter. | ||||
| CVE-2015-4153 | 1 Zanematthew | 1 Zm Ajax Login \& Register | 2025-04-12 | N/A |
| Directory traversal vulnerability in the zM Ajax Login & Register plugin before 1.1.0 for WordPress allows remote attackers to include and execute arbitrary php files via a relative path in the template parameter in a load_template action to wp-admin/admin-ajax.php. | ||||
| CVE-2013-1806 | 1 Php-fusion | 1 Php-fusion | 2025-04-12 | N/A |
| Multiple directory traversal vulnerabilities in PHP-Fusion before 7.02.06 allow remote authenticated users to include and execute arbitrary files via a .. (dot dot) in the (1) user_theme parameter to maincore.php; or remote authenticated administrators to delete arbitrary files via the (2) enable parameter to administration/user_fields.php or (3) file parameter to administration/db_backup.php. | ||||
| CVE-2014-4689 | 1 Netgate | 1 Pfsense | 2025-04-12 | N/A |
| Absolute path traversal vulnerability in pkg_edit.php in pfSense before 2.1.4 allows remote attackers to read arbitrary XML files via a full pathname in the xml parameter. | ||||
| CVE-2014-6034 | 1 Zohocorp | 3 Manageengine It360, Manageengine Opmanager, Manageengine Social It Plus | 2025-04-12 | N/A |
| Directory traversal vulnerability in the com.me.opmanager.extranet.remote.communication.fw.fe.FileCollector servlet in ZOHO ManageEngine OpManager 8.8 through 11.3, Social IT Plus 11.0, and IT360 10.4 and earlier allows remote attackers or remote authenticated users to write to and execute arbitrary WAR files via a .. (dot dot) in the regionID parameter. | ||||
| CVE-2015-4152 | 1 Elastic | 1 Logstash | 2025-04-12 | N/A |
| Directory traversal vulnerability in the file output plugin in Elasticsearch Logstash before 1.4.3 allows remote attackers to write to arbitrary files via vectors related to dynamic field references in the path option. | ||||