Search Results (9553 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-8211 1 Dell 1 Emc Data Protection Advisor 2025-04-20 7.5 High
EMC Data Protection Advisor 6.1.x, EMC Data Protection Advisor 6.2, EMC Data Protection Advisor 6.2.1, EMC Data Protection Advisor 6.2.2, EMC Data Protection Advisor 6.2.3 prior to patch 446 has a path traversal vulnerability that may potentially be exploited by malicious users to compromise the affected system.
CVE-2015-8235 1 Call-cc 1 Spiffy 2025-04-20 N/A
Directory traversal vulnerability in Spiffy before 5.4.
CVE-2016-8205 1 Brocade 1 Network Advisor 2025-04-20 N/A
A Directory Traversal vulnerability in DashboardFileReceiveServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to upload a malicious file in a section of the file system where it can be executed.
CVE-2016-8204 1 Broadcom 1 Brocade Network Advisor 2025-04-20 9.8 Critical
A Directory Traversal vulnerability in FileReceiveServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to upload a malicious file in a section of the file system where it can be executed.
CVE-2016-7842 1 Hibara 1 Attachecase 2025-04-20 N/A
Directory traversal vulnerability in AttacheCase 2.8.2.8 and earlier and 3.2.0.4 and earlier allows remote attackers to read arbitrary files via specially crafted ATC file.
CVE-2016-7826 1 Buffalotech 2 Wnc01wh, Wnc01wh Firmware 2025-04-20 N/A
Directory traversal vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to read arbitrary files via specially crafted POST requests.
CVE-2016-7825 1 Buffalotech 2 Wnc01wh, Wnc01wh Firmware 2025-04-20 N/A
Directory traversal vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to read arbitrary files via specially crafted commands.
CVE-2016-10397 1 Php 1 Php 2025-04-20 N/A
In PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling of various URI components in the URL parser could be used by attackers to bypass hostname-specific URL checks, as demonstrated by evil.example.com:80#@good.example.com/ and evil.example.com:80?@good.example.com/ inputs to the parse_url function (implemented in the php_url_parse_ex function in ext/standard/url.c).
CVE-2017-15079 1 Wpmudev 1 Smush Image Compression And Optimization 2025-04-20 N/A
The Smush Image Compression and Optimization plugin before 2.7.6 for WordPress allows directory traversal.
CVE-2015-2856 1 Accellion 1 File Transfer Appliance 2025-04-20 N/A
Directory traversal vulnerability in the template function in function.inc in Accellion File Transfer Appliance devices before FTA_9_11_210 allows remote attackers to read arbitrary files via a .. (dot dot) in the statecode cookie.
CVE-2016-6601 1 Zohocorp 1 Webnms Framework 2025-04-20 N/A
Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to read arbitrary files via a .. (dot dot) in the fileName parameter to servlets/FetchFile.
CVE-2015-1386 1 Unshield Project 1 Unshield 2025-04-20 N/A
Directory traversal vulnerability in unshield 1.0-1.
CVE-2016-10400 1 Atutor 1 Atutor 2025-04-20 N/A
Directory Traversal exists in ATutor before 2.2.2 via the icon parameter to /mods/_core/courses/users/create_course.php. The attacker can read an arbitrary file by visiting get_course_icon.php?id= after the traversal attack.
CVE-2016-6517 1 Liferay 1 Liferay 2025-04-20 N/A
Directory traversal vulnerability in Liferay 5.1.0 allows remote attackers to have unspecified impact via a %2E%2E (encoded dot dot) in the minifierBundleDir parameter to barebone.jsp.
CVE-2014-0115 1 Apache 1 Storm 2025-04-20 N/A
Directory traversal vulnerability in the log viewer in Apache Storm 0.9.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to log.
CVE-2017-11440 1 Sitecore 1 Cms 2025-04-20 N/A
In Sitecore 8.2, there is absolute path traversal via the shell/Applications/Layouts/IDE.aspx fi parameter and the admin/LinqScratchPad.aspx Reference parameter.
CVE-2017-11723 1 Xinha 1 Xinha 2025-04-20 N/A
Directory traversal vulnerability in plugins/ImageManager/backend.php in Xinha 0.96, as used in Jojo 4.4.0, allows remote attackers to delete any folder via directory traversal sequences in the deld parameter.
CVE-2017-12943 1 Dlink 2 Dir-600 B1, Dir-600 B1 Firmware 2025-04-20 9.8 Critical
D-Link DIR-600 Rev Bx devices with v2.x firmware allow remote attackers to read passwords via a model/__show_info.php?REQUIRE_FILE= absolute path traversal attack, as demonstrated by discovering the admin password.
CVE-2015-1199 1 Ppmd Project 1 Ppmd 2025-04-20 N/A
Directory traversal vulnerability in ppmd 10.1-5.
CVE-2016-5803 1 Ca Technologies 1 Unified Infrastructure Management 2025-04-20 N/A
An issue was discovered in CA Unified Infrastructure Management Version 8.47 and earlier. The Unified Infrastructure Management software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.