Search Results (9586 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-4031 1 Visualmining 1 Netcharts Server 2025-04-12 N/A
Directory traversal vulnerability in saveFile.jsp in the development installation in Visual Mining NetChart allows remote attackers to write to arbitrary files via unspecified vectors.
CVE-2014-6036 1 Zohocorp 3 Manageengine It360, Manageengine Opmanager, Manageengine Social It Plus 2025-04-12 N/A
Directory traversal vulnerability in the multipartRequest servlet in ZOHO ManageEngine OpManager 11.3 and earlier, Social IT Plus 11.0, and IT360 10.3, 10.4, and earlier allows remote attackers or remote authenticated users to delete arbitrary files via a .. (dot dot) in the fileName parameter.
CVE-2014-5465 1 Werdswords 1 Download Shortcode 2025-04-12 N/A
Directory traversal vulnerability in force-download.php in the Download Shortcode plugin 0.2.3 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
CVE-2013-5757 1 Yealink 1 Sip-t38g 2025-04-12 N/A
Absolute path traversal vulnerability in Yealink VoIP Phone SIP-T38G allows remote authenticated users to read arbitrary files via a full pathname in the dumpConfigFile function in the command parameter to cgi-bin/cgiServer.exx.
CVE-2014-4941 1 Cross-rss Plugin Project 1 Wp-cross-rss 2025-04-12 N/A
Absolute path traversal vulnerability in Cross-RSS (wp-cross-rss) plugin 1.7 for WordPress allows remote attackers to read arbitrary files via a full pathname in the rss parameter to proxy.php.
CVE-2014-3127 1 Debian 1 Dpkg 2025-04-12 N/A
dpkg 1.15.9 on Debian squeeze introduces support for the "C-style encoded filenames" feature without recognizing that the squeeze patch program lacks this feature, which triggers an interaction error that allows remote attackers to conduct directory traversal attacks and modify files outside of the intended directories via a crafted source package. NOTE: this can be considered a release engineering problem in the effort to fix CVE-2014-0471.
CVE-2014-6095 1 Ibm 1 Security Identity Manager 2025-04-12 N/A
Directory traversal vulnerability in IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2016-2289 1 Iconics 1 Webhmi 2025-04-12 N/A
Directory traversal vulnerability in ICONICS WebHMI 9 and earlier allows remote attackers to read configuration files, and consequently discover password hashes, via unspecified vectors.
CVE-2016-5970 1 Ibm 1 Security Privileged Identity Manager Virtual Appliance 2025-04-12 N/A
Directory traversal vulnerability in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URL.
CVE-2015-0984 1 Honeywell 8 Excel Web Xl 1000c1000 600 I\/o, Excel Web Xl 1000c1000 600 I\/o Uukl, Excel Web Xl 1000c100 104 I\/o and 5 more 2025-04-12 N/A
Directory traversal vulnerability in the FTP server on Honeywell Excel Web XL1000C50 52 I/O, XL1000C100 104 I/O, XL1000C500 300 I/O, XL1000C1000 600 I/O, XL1000C50U 52 I/O UUKL, XL1000C100U 104 I/O UUKL, XL1000C500U 300 I/O UUKL, and XL1000C1000U 600 I/O UUKL controllers before 2.04.01 allows remote attackers to read files under the web root, and consequently obtain administrative login access, via a crafted pathname.
CVE-2015-0550 1 Emc 1 Documentum Thumbnail Server 2025-04-12 N/A
Directory traversal vulnerability in EMC Documentum Thumbnail Server 6.7SP1 before P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P01 allows remote attackers to bypass intended Content Server access restrictions via unspecified vectors.
CVE-2014-8360 1 Glpi-project 1 Glpi 2025-04-12 N/A
Directory traversal vulnerability in inc/autoload.function.php in GLPI before 0.84.8 allows remote attackers to include and execute arbitrary local files via a .._ (dot dot underscore) in an item type to the getItemForItemtype, as demonstrated by the itemtype parameter in ajax/common.tabs.php.
CVE-2014-6308 1 Osclass 1 Osclass 2025-04-12 N/A
Directory traversal vulnerability in OSClass before 3.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter in a render action to oc-admin/index.php.
CVE-2014-7816 2 Microsoft, Redhat 2 Windows, Undertow 2025-04-12 N/A
Directory traversal vulnerability in JBoss Undertow 1.0.x before 1.0.17, 1.1.x before 1.1.0.CR5, and 1.2.x before 1.2.0.Beta3, when running on Windows, allows remote attackers to read arbitrary files via a .. (dot dot) in a resource URI.
CVE-2015-5345 4 Apache, Canonical, Debian and 1 more 5 Tomcat, Ubuntu Linux, Debian Linux and 2 more 2025-04-12 N/A
The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character.
CVE-2016-5765 1 Microfocus 4 Host Access Management And Security Server, Reflection For The Web, Reflection Security Gateway and 1 more 2025-04-12 N/A
Administrative Server in Micro Focus Host Access Management and Security Server (MSS) and Reflection for the Web (RWeb) and Reflection Security Gateway (RSG) and Reflection ZFE (ZFE) allows remote unauthenticated attackers to read arbitrary files via a specially crafted URL that allows limited directory traversal. Applies to MSS 12.3 before 12.3.326 and MSS 12.2 before 12.2.342 and RSG 12.1 before 12.1.362 and RWeb 12.3 before 12.3.312 and RWeb 12.2 before 12.2.342 and RWeb 12.1 before 12.1.362 and ZFE 2.0.1 before 2.0.1.18 and ZFE 2.0.0 before 2.0.0.52 and ZFE 1.4.0 before 1.4.0.14.
CVE-2015-5471 1 Swim Team Project 1 Swim Team 2025-04-12 N/A
Absolute path traversal vulnerability in include/user/download.php in the Swim Team plugin 1.44.10777 for WordPress allows remote attackers to read arbitrary files via a full pathname in the file parameter.
CVE-2014-8019 1 Cisco 1 Enterprise Content Delivery System 2025-04-12 N/A
Directory traversal vulnerability in Cisco Enterprise Content Delivery System (ECDS) allows remote attackers to read arbitrary files via a crafted URL, aka Bug ID CSCuo90148.
CVE-2014-0471 2 Canonical, Debian 2 Ubuntu Linux, Dpkg 2025-04-12 N/A
Directory traversal vulnerability in the unpacking functionality in dpkg before 1.15.9, 1.16.x before 1.16.13, and 1.17.x before 1.17.8 allows remote attackers to write arbitrary files via a crafted source package, related to "C-style filename quoting."
CVE-2014-8555 1 Progress 1 Openedge 2025-04-12 N/A
Directory traversal vulnerability in report/reportViewAction.jsp in Progress Software OpenEdge 11.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the selection parameter.