Search Results (9581 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2011-5273 1 Gplhost 1 Domain Technologie Control 2025-04-12 N/A
Directory traversal vulnerability in shared/package-installer in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary PHP code via a .. (dot dot) in the pkg parameter in a do_install action to dtc/.
CVE-2014-6149 1 Ibm 1 Tivoli Application Dependency Discovery Manager 2025-04-12 N/A
Directory traversal vulnerability in BIRT-viewer in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.0.0 through 7.2.0.10, 7.2.1.0 through 7.2.1.6, and 7.2.2.0 through 7.2.2.2 allows remote authenticated users to read arbitrary files via unspecified vectors.
CVE-2016-1145 1 Nec 1 Expresscluster X 2025-04-12 N/A
Directory traversal vulnerability in WebManager in NEC EXPRESSCLUSTER X through 3.3 11.31 on Windows and through 3.3 3.3.1-1 on Linux and Solaris allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2014-1973 1 Nextapp 1 File Explorer 2025-04-12 N/A
Directory traversal vulnerability in the NextApp File Explorer application before 2.1.0.3 for Android allows remote attackers to overwrite or create arbitrary files via a crafted filename.
CVE-2014-2536 2 Intel, Mcafee 3 Expressway Cloud Access 360, Cloud Identity Manager, Cloud Single Sign On 2025-04-12 N/A
Directory traversal vulnerability in McAfee Cloud Identity Manager 3.0, 3.1, and 3.5.1, McAfee Cloud Single Sign On (MCSSO) before 4.0.1, and Intel Expressway Cloud Access 360-SSO 2.1 and 2.5 allows remote authenticated users to read an unspecified file containing a hash of the administrator password via unknown vectors.
CVE-2015-8926 4 Canonical, Libarchive, Redhat and 1 more 6 Ubuntu Linux, Libarchive, Enterprise Linux and 3 more 2025-04-12 N/A
The archive_read_format_rar_read_data function in archive_read_support_format_rar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted rar archive.
CVE-2011-4367 1 Apache 1 Myfaces 2025-04-12 7.5 High
Multiple directory traversal vulnerabilities in MyFaces JavaServer Faces (JSF) in Apache MyFaces Core 2.0.x before 2.0.12 and 2.1.x before 2.1.6 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) ln parameter to faces/javax.faces.resource/web.xml or (2) the PATH_INFO to faces/javax.faces.resource/.
CVE-2014-4384 1 Apple 1 Iphone Os 2025-04-12 N/A
Directory traversal vulnerability in the App Installation feature in Apple iOS before 8 allows local users to install unverified apps by triggering code-signature validation of an unintended bundle.
CVE-2014-5006 1 Zohocorp 1 Manageengine Desktop Central 2025-04-12 N/A
Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) before 9 build 90055 allows remote attackers to execute arbitrary code via a .. (dot dot) in the fileName parameter to mdm/mdmLogUploader.
CVE-2015-8925 4 Canonical, Libarchive, Redhat and 1 more 6 Ubuntu Linux, Libarchive, Enterprise Linux and 3 more 2025-04-12 N/A
The readline function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read) via a crafted mtree file, related to newline parsing.
CVE-2015-4988 1 Ibm 1 Tealeaf Customer Experience 2025-04-12 N/A
Directory traversal vulnerability in the replay server in IBM Tealeaf Customer Experience before 8.7.1.8818, 8.8 before 8.8.0.9026, 9.0.0, 9.0.0A, 9.0.1 before 9.0.1.1083, 9.0.1A before 9.0.1.5073, 9.0.2 before 9.0.2.1095, and 9.0.2A before 9.0.2.5144 allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2012-6665 1 Phpmoneybooks 1 Phpmoneybooks 2025-04-12 N/A
Directory traversal vulnerability in index.php in phpMoneyBooks 1.0.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, a different vulnerability than CVE-2012-1669. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this issue might have been fixed in 1.0.3.
CVE-2015-4546 1 Emc 2 Rsa Certificate Manager, Rsa Onestep 2025-04-12 N/A
Directory traversal vulnerability in EMC RSA OneStep 6.9 before build 559, as used in RSA Certificate Manager and RSA Registration Manager through 6.9 build 558 and other products, allows remote attackers to read arbitrary files via a crafted KCSOSC_ERROR_PAGE parameter.
CVE-2019-25073 1 Goa.design 1 Goa 2025-04-11 7.5 High
Improper path sanitization in github.com/goadesign/goa before v3.0.9, v2.0.10, or v1.4.3 allow remote attackers to read files outside of the intended directory.
CVE-2018-25046 1 Cloudfoundry 1 Archiver 2025-04-11 9.1 Critical
Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory.
CVE-2024-57549 1 Cmsimple 1 Cmsimple 2025-04-11 7.5 High
CMSimple 5.16 allows the user to read cms source code through manipulation of the file name in the file parameter of a GET request.
CVE-2022-44564 1 Huawei 2 Aslan-al10, Aslan-al10 Firmware 2025-04-11 7.8 High
Huawei Aslan Children's Watch has a path traversal vulnerability. Successful exploitation may allow attackers to access or modify protected system resources.
CVE-2020-36566 1 Tar-utils Project 1 Tar-utils 2025-04-11 9.1 Critical
Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory.
CVE-2020-36561 1 Unzip Project 1 Unzip 2025-04-11 9.1 Critical
Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory.
CVE-2020-36560 1 Go-unzip Project 1 Go-unzip 2025-04-11 9.1 Critical
Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory.