Total
8674 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-2856 | 1 Accellion | 1 File Transfer Appliance | 2025-04-20 | N/A |
| Directory traversal vulnerability in the template function in function.inc in Accellion File Transfer Appliance devices before FTA_9_11_210 allows remote attackers to read arbitrary files via a .. (dot dot) in the statecode cookie. | ||||
| CVE-2016-6896 | 1 Wordpress | 1 Wordpress | 2025-04-20 | N/A |
| Directory traversal vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress 4.5.3 allows remote authenticated users to cause a denial of service or read certain text files via a .. (dot dot) in the plugin parameter to wp-admin/admin-ajax.php, as demonstrated by /dev/random read operations that deplete the entropy pool. | ||||
| CVE-2017-1000002 | 1 Atutor | 1 Atutor | 2025-04-20 | N/A |
| ATutor versions 2.2.1 and earlier are vulnerable to a directory traversal and file extension check bypass in the Course component resulting in code execution. ATutor versions 2.2.1 and earlier are vulnerable to a directory traversal vulnerability in the Course Icon component resulting in information disclosure. | ||||
| CVE-2015-7888 | 1 Samsung | 2 Galaxy S6 Edge, Galaxy S6 Edge Firmware | 2025-04-20 | N/A |
| Directory traversal vulnerability in the WifiHs20UtilityService on the Samsung S6 Edge LRX22G.G925VVRU1AOE2 allows remote attackers to overwrite or create arbitrary files as the system-level user via a .. (dot dot) in the name of a file, compressed into a zipped file named cred.zip, and downloaded to /sdcard/Download. | ||||
| CVE-2015-1386 | 1 Unshield Project | 1 Unshield | 2025-04-20 | N/A |
| Directory traversal vulnerability in unshield 1.0-1. | ||||
| CVE-2013-7462 | 1 Mcafee | 1 Saas Control Console Platform | 2025-04-20 | N/A |
| A directory traversal vulnerability in the web application in McAfee (now Intel Security) SaaS Control Console (SCC) Platform 6.14 before patch 1070, and 6.15 before patch 1076 allows unauthenticated users to view contents of arbitrary system files that did not have file system level read access restrictions via a null-byte injection exploit. | ||||
| CVE-2015-5468 | 1 Wpshopstyling | 1 Wp E-commerce Shop Styling | 2025-04-20 | N/A |
| Directory traversal vulnerability in the WP e-Commerce Shop Styling plugin before 2.6 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter to includes/download.php. | ||||
| CVE-2014-0115 | 1 Apache | 1 Storm | 2025-04-20 | N/A |
| Directory traversal vulnerability in the log viewer in Apache Storm 0.9.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to log. | ||||
| CVE-2015-4074 | 1 Helpdesk Pro Project | 1 Helpdesk Pro | 2025-04-20 | N/A |
| Directory traversal vulnerability in the Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter in a ticket.download_attachment task. | ||||
| CVE-2016-8211 | 1 Dell | 1 Emc Data Protection Advisor | 2025-04-20 | 7.5 High |
| EMC Data Protection Advisor 6.1.x, EMC Data Protection Advisor 6.2, EMC Data Protection Advisor 6.2.1, EMC Data Protection Advisor 6.2.2, EMC Data Protection Advisor 6.2.3 prior to patch 446 has a path traversal vulnerability that may potentially be exploited by malicious users to compromise the affected system. | ||||
| CVE-2016-6126 | 1 Ibm | 1 Kenexa Lms On Cloud | 2025-04-20 | N/A |
| IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. | ||||
| CVE-2016-8207 | 1 Brocade | 1 Network Advisor | 2025-04-20 | N/A |
| A Directory Traversal vulnerability in CliMonitorReportServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to read arbitrary files including files with sensitive user information. | ||||
| CVE-2016-8205 | 1 Brocade | 1 Network Advisor | 2025-04-20 | N/A |
| A Directory Traversal vulnerability in DashboardFileReceiveServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to upload a malicious file in a section of the file system where it can be executed. | ||||
| CVE-2016-5803 | 1 Ca Technologies | 1 Unified Infrastructure Management | 2025-04-20 | N/A |
| An issue was discovered in CA Unified Infrastructure Management Version 8.47 and earlier. The Unified Infrastructure Management software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory. | ||||
| CVE-2015-1847 | 1 Appserver | 1 Appserver | 2025-04-20 | N/A |
| Directory traversal vulnerability in the web request/response interface in Appserver before 1.0.3 allows remote attackers to read normally inaccessible files via a .. (dot dot) in a crafted URL. | ||||
| CVE-2014-8676 | 1 Soplanning | 1 Soplanning | 2025-04-20 | N/A |
| Directory traversal vulnerability in the file_get_contents function in SOPlanning 1.32 and earlier allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) in a URL path parameter. | ||||
| CVE-2017-9367 | 1 Blackberry | 2 Workspaces Appliance-x, Workspaces Vapp | 2025-04-20 | N/A |
| A directory traversal vulnerability in the BlackBerry Workspaces Server could potentially allow an attacker to execute or upload arbitrary files, or reveal the content of arbitrary files anywhere on the web server by crafting a URL with a manipulated POST request. | ||||
| CVE-2017-9097 | 1 Hoytech | 1 Antiweb | 2025-04-20 | N/A |
| In Anti-Web through 3.8.7, as used on NetBiter FGW200 devices through 3.21.2, WS100 devices through 3.30.5, EC150 devices through 1.40.0, WS200 devices through 3.30.4, EC250 devices through 1.40.0, and other products, an LFI vulnerability allows a remote attacker to read or modify files through a path traversal technique, as demonstrated by reading the password file, or using the template parameter to cgi-bin/write.cgi to write to an arbitrary file. | ||||
| CVE-2017-7433 | 1 Micro Focus | 1 Vibe | 2025-04-20 | N/A |
| An absolute path traversal vulnerability (CWE-36) in Micro Focus Vibe 4.0.2 and earlier allows a remote authenticated attacker to download arbitrary files from the server by submitting a specially crafted request to the viewFile endpoint. Note that the attack can be performed without authentication if Guest access is enabled (Guest access is disabled by default). | ||||
| CVE-2015-1429 | 1 Cybelesoft | 1 Thinfinity Remote Desktop Workstation | 2025-04-20 | 7.5 High |
| Directory traversal vulnerability in Cybele Software Thinfinity Remote Desktop Workstation 3.0.0.3 32-bit and 64-bit allows remote attackers to download arbitrary files via a .. (dot dot) in an unspecified parameter. | ||||