Export limit exceeded: 35583 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (9563 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-3922 1 Gummybearstudios 1 Ftp Drive \+ Http Server 2025-04-11 N/A
Directory traversal vulnerability in Gummy Bear Studios FTP Drive + HTTP Server 1.0.4 and earlier allows remote attackers to read arbitrary files via a ..%2f (encoded dot dot slash) in a GET request.
CVE-2009-4665 1 Cutesoft Components 1 Cute Editor For Asp.net 2025-04-11 N/A
Directory traversal vulnerability in CuteSoft_Client/CuteEditor/Load.ashx in CuteSoft Components Cute Editor for ASP.NET allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
CVE-2011-4804 2 Foobla, Joomla 2 Com Obsuggest, Joomla\! 2025-04-11 N/A
Directory traversal vulnerability in the obSuggest (com_obsuggest) component before 1.8 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
CVE-2010-4282 1 Artica 1 Pandora Fms 2025-04-11 N/A
Multiple directory traversal vulnerabilities in Pandora FMS before 3.1.1 allow remote attackers to include and execute arbitrary local files via (1) the page parameter to ajax.php or (2) the id parameter to general/pandora_help.php, and allow remote attackers to include and execute, create, modify, or delete arbitrary local files via (3) the layout parameter to operation/agentes/networkmap.php.
CVE-2012-6324 1 Vmware 1 Vcenter Server Appliance 2025-04-11 N/A
Directory traversal vulnerability in VMware vCenter Server Appliance (vCSA) 5.0 before Update 2 and 5.1 before Patch 1 allows remote authenticated users to read arbitrary files via unspecified vectors.
CVE-2011-4800 1 Solarwinds 1 Serv-u File Server 2025-04-11 N/A
Directory traversal vulnerability in Serv-U FTP Server before 11.1.0.5 allows remote authenticated users to read and write arbitrary files, and list and create arbitrary directories, via a "..:/" (dot dot colon forward slash) in the (1) list, (2) put, or (3) get commands.
CVE-2013-2117 2 Jason A Donenfeld, Lars Hjemli 2 Cgit, Cgit 2025-04-11 N/A
Directory traversal vulnerability in the cgit_parse_readme function in ui-summary.c in cgit before 0.9.2, when a readme file is set to a filesystem path, allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter.
CVE-2013-3626 1 Attachmate 1 Verastream Host Integrator 2025-04-11 N/A
Directory traversal vulnerability in the Session Server in Attachmate Verastream Host Integrator (VHI) 6.0 through 7.5 SP 1 HF 1 allows remote attackers to upload and execute arbitrary files via a crafted message.
CVE-2010-2920 2 Foobla, Joomla 2 Com Foobla Suggestions, Joomla\! 2025-04-11 N/A
Directory traversal vulnerability in the Foobla Suggestions (com_foobla_suggestions) component 1.5.1.2 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.
CVE-2012-5380 1 Ruby-lang 1 Ruby 2025-04-11 6.7 Medium
Untrusted search path vulnerability in the installation functionality in Ruby 1.9.3-p194, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the C:\Ruby193\bin directory, which may be added to the PATH system environment variable by an administrator, as demonstrated by a Trojan horse wlbsctrl.dll file used by the "IKE and AuthIP IPsec Keying Modules" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview. NOTE: CVE disputes this issue because the unsafe PATH is established only by a separate administrative action that is not a default part of the Ruby installation
CVE-2012-6495 1 Moinmo 1 Moinmoin 2025-04-11 N/A
Multiple directory traversal vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to overwrite arbitrary files via unspecified vectors. NOTE: this can be leveraged with CVE-2012-6081 to execute arbitrary code.
CVE-2009-4986 1 In-portal 1 In-portal 2025-04-11 N/A
Directory traversal vulnerability in index.php in In-Portal 4.3.1, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the env parameter.
CVE-2009-5093 1 Php4scripte 1 Gastebuch 2025-04-11 N/A
Directory traversal vulnerability in gastbuch.php in Gästebuch (Gastebuch) 1.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the start parameter.
CVE-2013-5534 1 Cisco 1 Unity Connection 2025-04-11 N/A
Directory traversal vulnerability in the attachment service in the Voice Message Web Service (aka VMWS or Cisco Unity Web Service) in Cisco Unity Connection allows remote authenticated users to create files, and consequently execute arbitrary JSP code, via a crafted pathname for a file that is not a valid audio file, aka Bug ID CSCuj22948.
CVE-2012-0294 1 Symantec 1 Endpoint Protection 2025-04-11 N/A
Directory traversal vulnerability in the Manager service in the management console in Symantec Endpoint Protection (SEP) 12.1 before 12.1 RU1-MP1 allows remote attackers to delete files via unspecified vectors.
CVE-2013-3650 1 Lockon 1 Ec-cube 2025-04-11 N/A
Directory traversal vulnerability in the lfCheckFileName function in data/class/pages/LC_Page_ResizeImage.php in LOCKON EC-CUBE before 2.12.5 allows remote attackers to read arbitrary image files via vectors involving the image parameter to resize_image.php, a different vulnerability than CVE-2013-3654.
CVE-2010-0287 1 Dokuwiki 1 Dokuwiki 2025-04-11 N/A
Directory traversal vulnerability in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25b allows remote attackers to list the contents of arbitrary directories via a .. (dot dot) in the ns parameter.
CVE-2001-1586 1 Analogx 1 Simpleserver Www 2025-04-11 N/A
Directory traversal vulnerability in SimpleServer:WWW 1.13 and earlier allows remote attackers to execute arbitrary programs via encoded ../ ("%2E%2E%2F%") sequences in a request to the cgi-bin/ directory, a different vulnerability than CVE-2000-0664.
CVE-2010-4798 1 Orangehrm 1 Orangehrm 2025-04-11 N/A
Directory traversal vulnerability in index.php in OrangeHRM 2.6.0.1 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the uri parameter.
CVE-2010-4598 1 Ecava 1 Integraxor 2025-04-11 N/A
Directory traversal vulnerability in Ecava IntegraXor 3.6.4000.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file_name parameter in an open request.