Total
8098 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-6003 | 1 Qnap | 1 Qts | 2025-04-12 | 9.3 HIGH | N/A |
| Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account. | |||||
| CVE-2015-8565 | 1 Joomla | 1 Joomla\! | 2025-04-12 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via unknown vectors. | |||||
| CVE-2015-5305 | 1 Redhat | 1 Openshift | 2025-04-12 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in Kubernetes, as used in Red Hat OpenShift Enterprise 3.0, allows attackers to write to arbitrary files via a crafted object type name, which is not properly handled before passing it to etcd. | |||||
| CVE-2014-3227 | 1 Debian | 1 Dpkg | 2025-04-12 | 6.4 MEDIUM | N/A |
| dpkg 1.15.9, 1.16.x before 1.16.14, and 1.17.x before 1.17.9 expect the patch program to be compliant with a need for the "C-style encoded filenames" feature, but is supported in environments with noncompliant patch programs, which triggers an interaction error that allows remote attackers to conduct directory traversal attacks and modify files outside of the intended directories via a crafted source package. NOTE: this vulnerability exists because of reliance on unrealistic constraints on the behavior of an external program. | |||||
| CVE-2016-9950 | 2 Apport Project, Canonical | 2 Apport, Ubuntu Linux | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
| An issue was discovered in Apport before 2.20.4. There is a path traversal issue in the Apport crash file "Package" and "SourcePackage" fields. These fields are used to build a path to the package specific hook files in the /usr/share/apport/package-hooks/ directory. An attacker can exploit this path traversal to execute arbitrary Python files from the local system. | |||||
| CVE-2014-6149 | 1 Ibm | 1 Tivoli Application Dependency Discovery Manager | 2025-04-12 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in BIRT-viewer in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.0.0 through 7.2.0.10, 7.2.1.0 through 7.2.1.6, and 7.2.2.0 through 7.2.2.2 allows remote authenticated users to read arbitrary files via unspecified vectors. | |||||
| CVE-2014-1442 | 1 Coreftp | 1 Core Ftp | 2025-04-12 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in Core FTP Server 1.2 before build 515 allows remote authenticated users to determine the existence of arbitrary files via a /../ sequence in an XCRC command. | |||||
| CVE-2014-0358 | 1 Xangati | 2 Xangati Software Release, Xangati Xnr | 2025-04-12 | 7.8 HIGH | N/A |
| Multiple directory traversal vulnerabilities in Xangati XSR before 11 and XNR before 7 allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the file parameter in a getUpgradeStatus action to servlet/MGConfigData, (2) the download parameter in a download action to servlet/MGConfigData, (3) the download parameter in a port_svc action to servlet/MGConfigData, (4) the file parameter in a getfile action to servlet/Installer, or (5) the binfile parameter to servlet/MGConfigData. | |||||
| CVE-2014-5368 | 1 Wp Content Source Control Project | 1 Wp Content Source Control | 2025-04-12 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the file_get_contents function in downloadfiles/download.php in the WP Content Source Control (wp-source-control) plugin 3.0.0 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter. | |||||
| CVE-2016-1231 | 3 Debian, Fedoraproject, Prosody | 3 Debian Linux, Fedora, Prosody | 2025-04-12 | 4.3 MEDIUM | 5.9 MEDIUM |
| Directory traversal vulnerability in the HTTP file-serving module (mod_http_files) in Prosody 0.9.x before 0.9.9 allows remote attackers to read arbitrary files via a .. (dot dot) in an unspecified path. | |||||
| CVE-2014-4941 | 1 Cross-rss Plugin Project | 1 Wp-cross-rss | 2025-04-12 | 5.0 MEDIUM | N/A |
| Absolute path traversal vulnerability in Cross-RSS (wp-cross-rss) plugin 1.7 for WordPress allows remote attackers to read arbitrary files via a full pathname in the rss parameter to proxy.php. | |||||
| CVE-2016-1192 | 1 Cybozu | 1 Garoon | 2025-04-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| Directory traversal vulnerability in the logging implementation in Cybozu Garoon 3.7 through 4.2 allows remote authenticated users to read a log file via unspecified vectors. | |||||
| CVE-2014-5115 | 1 Dirphp Project | 1 Dirphp | 2025-04-12 | 5.0 MEDIUM | N/A |
| Absolute path traversal vulnerability in DirPHP 1.0 allows remote attackers to read arbitrary files via a full pathname in the phpfile parameter to index.php. | |||||
| CVE-2015-0516 | 1 Emc | 2 Vipr Srm, Watch4net | 2025-04-12 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 allows remote authenticated users to read arbitrary files via a crafted URL. | |||||
| CVE-2014-9181 | 1 Plex | 1 Media Server | 2025-04-12 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in Plex Media Server before 0.9.9.3 allow remote attackers to read arbitrary files via a .. (dot dot) in the URI to (1) manage/ or (2) web/ or remote authenticated users to read arbitrary files via a .. (dot dot) in the URI to resources/. | |||||
| CVE-2014-100029 | 1 Ganesha Digital Library Project | 1 Ganesha Digital Library | 2025-04-12 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in class/session.php in Ganesha Digital Library (GDL) 4.2 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) newlang or (2) newtheme parameter. | |||||
| CVE-2014-8737 | 3 Canonical, Fedoraproject, Gnu | 3 Ubuntu Linux, Fedora, Binutils | 2025-04-12 | 3.6 LOW | N/A |
| Multiple directory traversal vulnerabilities in GNU binutils 2.24 and earlier allow local users to delete arbitrary files via a .. (dot dot) or full path name in an archive to (1) strip or (2) objcopy or create arbitrary files via (3) a .. (dot dot) or full path name in an archive to ar. | |||||
| CVE-2016-9199 | 1 Cisco | 1 Iox | 2025-04-12 | 6.8 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the Cisco application-hosting framework (CAF) of Cisco IOx could allow an authenticated, remote attacker to read arbitrary files on a targeted system. Affected Products: This vulnerability affects specific releases of the Cisco IOx subsystem of Cisco IOS and IOS XE Software. More Information: CSCvb23331. Known Affected Releases: 15.2(6.0.57i)E CAF-1.1.0.0. | |||||
| CVE-2015-2950 | 1 Open Explorer Beta Project | 1 Open Explorer Beta | 2025-04-12 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in the Brandon Bowles Open Explorer application before 0.254 Beta for Android allows remote attackers to write to arbitrary files via a crafted filename. | |||||
| CVE-2014-9238 | 1 D-link | 2 Dcs-2103 Hd Cube Network Camera, Dcs-2103 Hd Cube Network Camera Firmware | 2025-04-12 | 5.0 MEDIUM | N/A |
| D-link IP camera DCS-2103 with firmware 1.0.0 allows remote attackers to obtain the installation path via the file parameter to cgi-bin/sddownload.cgi, as demonstrated by a / (forward slash) character. | |||||