Search Results (9563 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-4701 1 Tridium 1 Niagara Ax 2025-04-11 N/A
Directory traversal vulnerability in Tridium Niagara AX 3.5, 3.6, and 3.7 allows remote attackers to read sensitive files, and consequently execute arbitrary code, by leveraging (1) valid credentials or (2) the guest feature.
CVE-2009-4816 1 Andy Stedemos 1 The Uploader 2025-04-11 N/A
Directory traversal vulnerability in api/download_checker.php in MegaLab The Uploader 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.
CVE-2010-1659 2 Joomla, Webkul 2 Joomla\!, Com Ultimateportfolio 2025-04-11 N/A
Directory traversal vulnerability in the Ultimate Portfolio (com_ultimateportfolio) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
CVE-2009-4815 1 Solarwinds 1 Serv-u File Server 2025-04-11 N/A
Directory traversal vulnerability in Serv-U before 9.2.0.1 allows remote authenticated users to read arbitrary files via unspecified vectors.
CVE-2012-0987 1 Impresscms 1 Impresscms 2025-04-11 N/A
Directory traversal vulnerability in edituser.php in ImpressCMS 1.2.x before 1.2.7 Final and 1.3.x before 1.3.1 Final allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the icmsConfigPlugins[sanitizer_plugins][] parameter.
CVE-2011-3305 1 Cisco 2 Nac Appliance, Nac Manager 2025-04-11 N/A
Directory traversal vulnerability in Cisco Network Admission Control (NAC) Manager 4.8.x allows remote attackers to read arbitrary files via crafted traffic to TCP port 443, aka Bug ID CSCtq10755.
CVE-2010-1603 2 Joomla, Zimbllc 2 Joomla\!, Com Zimbcore 2025-04-11 N/A
Directory traversal vulnerability in the ZiMB Core (aka ZiMBCore or com_zimbcore) component 0.1 in the ZiMB Manager collection for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
CVE-2012-0998 1 Lepton-cms 1 Lepton 2025-04-11 N/A
Directory traversal vulnerability in account/preferences.php in LEPTON before 1.1.4 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the language parameter.
CVE-2010-1601 2 Joomla, Joomlamart 2 Joomla\!, Com Jacomment 2025-04-11 N/A
Directory traversal vulnerability in the JA Comment (com_jacomment) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.
CVE-2009-4700 1 Skadate 1 Skadate Online Dating Software 2025-04-11 N/A
Directory traversal vulnerability in index.php in SkaDate Dating allows remote attackers to read arbitrary files via a .. (dot dot) in the layout parameter.
CVE-2012-0898 2 Camaleo, Wordpress 2 Myeasybackup, Wordpress 2025-04-11 N/A
Directory traversal vulnerability in meb_download.php in the myEASYbackup plugin 1.0.8.1 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the dwn_file parameter.
CVE-2012-2744 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Rhel Eus 2025-04-11 N/A
net/ipv6/netfilter/nf_conntrack_reasm.c in the Linux kernel before 2.6.34, when the nf_conntrack_ipv6 module is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via certain types of fragmented IPv6 packets.
CVE-2008-7254 1 Ermenegildo Fiorito 1 Irmin Cms 2025-04-11 N/A
Directory traversal vulnerability in includes/template-loader.php in Irmin CMS (formerly Pepsi CMS) 0.5 and 0.6 BETA2, when register_globals is enabled, allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the _Root_Path parameter. NOTE: some of these details are obtained from third party information.
CVE-2013-2900 3 Debian, Google, Microsoft 3 Debian Linux, Chrome, Windows 2025-04-11 N/A
The FilePath::ReferencesParent function in files/file_path.cc in Google Chrome before 29.0.1547.57 on Windows does not properly handle pathname components composed entirely of . (dot) and whitespace characters, which allows remote attackers to conduct directory traversal attacks via a crafted directory name.
CVE-2010-3426 2 4you-studio, Joomla 2 Com Jphone, Joomla\! 2025-04-11 N/A
Directory traversal vulnerability in jphone.php in the JPhone (com_jphone) component 1.0 Alpha 3 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
CVE-2012-1196 1 Landesk 1 Lenovo Thinkmanagement Console 2025-04-11 N/A
Directory traversal vulnerability in the VulCore web service (WSVulnerabilityCore/VulCore.asmx) in Lenovo ThinkManagement Console 9.0.3 allows remote attackers to delete arbitrary files via a .. (dot dot) in the filename parameter in a SetTaskLogByFile SOAP request.
CVE-2009-4901 2 Muscle, Redhat 3 Pcsc-lite, Certificate System, Enterprise Linux 2025-04-11 N/A
The MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 might allow local users to cause a denial of service (daemon crash) via crafted SCARD_SET_ATTRIB message data, which is improperly demarshalled and triggers a buffer over-read, a related issue to CVE-2010-0407.
CVE-2010-0926 2 Redhat, Samba 2 Enterprise Linux, Samba 2025-04-11 N/A
The default configuration of smbd in Samba before 3.3.11, 3.4.x before 3.4.6, and 3.5.x before 3.5.0rc3, when a writable share exists, allows remote authenticated users to leverage a directory traversal vulnerability, and access arbitrary files, by using the symlink command in smbclient to create a symlink containing .. (dot dot) sequences, related to the combination of the unix extensions and wide links options.
CVE-2010-1848 3 Mysql, Oracle, Redhat 3 Mysql, Mysql, Enterprise Linux 2025-04-11 N/A
Directory traversal vulnerability in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to bypass intended table grants to read field definitions of arbitrary tables, and on 5.1 to read or delete content of arbitrary tables, via a .. (dot dot) in a table name.
CVE-2013-5011 1 Symantec 1 Endpoint Protection 2025-04-11 N/A
Unquoted Windows search path vulnerability in the client in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x before 12.1.2 RU2 allows local users to gain privileges via a crafted program in the %SYSTEMDRIVE% directory.