Export limit exceeded: 35583 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 362833 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (9539 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-7169 1 Wordpress 1 Wordpress 2025-04-12 N/A
Directory traversal vulnerability in the File_Upload_Upgrader class in wp-admin/includes/class-file-upload-upgrader.php in the upgrade package uploader in WordPress before 4.6.1 allows remote authenticated users to access arbitrary files via a crafted urlholder parameter.
CVE-2014-3227 1 Debian 1 Dpkg 2025-04-12 N/A
dpkg 1.15.9, 1.16.x before 1.16.14, and 1.17.x before 1.17.9 expect the patch program to be compliant with a need for the "C-style encoded filenames" feature, but is supported in environments with noncompliant patch programs, which triggers an interaction error that allows remote attackers to conduct directory traversal attacks and modify files outside of the intended directories via a crafted source package. NOTE: this vulnerability exists because of reliance on unrealistic constraints on the behavior of an external program.
CVE-2015-1000005 1 Candidate-application-form Project 1 Candidate-application-form 2025-04-12 N/A
Remote file download vulnerability in candidate-application-form v1.0 wordpress plugin
CVE-2014-3609 2 Redhat, Squid-cache 2 Enterprise Linux, Squid 2025-04-12 N/A
HttpHdrRange.cc in Squid 3.x before 3.3.12 and 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via a request with crafted "Range headers with unidentifiable byte-range values."
CVE-2015-4616 1 Easy2map Project 1 Easy2map 2025-04-12 N/A
Directory traversal vulnerability in includes/MapPinImageSave.php in the Easy2Map plugin before 1.2.5 for WordPress allows remote attackers to create arbitrary files via a .. (dot dot) in the map_id parameter.
CVE-2014-3340 1 Cisco 1 Webex Meetmenow 2025-04-12 N/A
Directory traversal vulnerability in an unspecified PHP script in the server in Cisco WebEx MeetMeNow allows remote authenticated users to read arbitrary files via a crafted request, aka Bug ID CSCuo16166.
CVE-2014-6222 1 Ibm 1 Marketing Operations 2025-04-12 N/A
Directory traversal vulnerability in IBM Marketing Operations 7.x and 8.x before 8.5.0.7.2, 8.6.x before 8.6.0.8, 9.0.x before 9.0.0.4.1, 9.1.0.x before 9.1.0.5, and 9.1.1.x before 9.1.1.2 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URL.
CVE-2014-2314 2 Atlassian, Microsoft 2 Jira, Windows 2025-04-12 N/A
Directory traversal vulnerability in the Issue Collector plugin in Atlassian JIRA before 6.0.4 allows remote attackers to create arbitrary files via unspecified vectors.
CVE-2015-0906 1 Lhaplus 1 Lhaplus 2025-04-12 N/A
Directory traversal vulnerability in Lhaplus before 1.70 allows remote attackers to write to arbitrary files via a crafted archive.
CVE-2014-3604 2 Not Yet Commons Ssl Project, Redhat 2 Not Yet Commons Ssl, Jboss Enterprise Soa Platform 2025-04-12 N/A
Certificates.java in Not Yet Commons SSL before 0.3.15 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
CVE-2014-3806 1 Vmturbo 1 Operations Manager 2025-04-12 N/A
Directory traversal vulnerability in cgi-bin/help/doIt.cgi in VMTurbo Operations Manager before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the xml_path parameter.
CVE-2015-3897 1 Bonitasoft 1 Bonita Bpm Portal 2025-04-12 N/A
Directory traversal vulnerability in Bonita BPM Portal before 6.5.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the theme parameter and a file path in the location parameter to bonita/portal/themeResource.
CVE-2015-5662 1 Avast 1 Avast Antivirus 2025-04-12 N/A
Directory traversal vulnerability in Avast before 150918-0 allows remote attackers to delete or write to arbitrary files via a crafted entry in a ZIP archive.
CVE-2015-0878 1 Almail 1 Al-mail32 2025-04-12 N/A
Directory traversal vulnerability in CREAR AL-Mail32 before 1.13d allows remote attackers to write to arbitrary files via a crafted filename of an attachment.
CVE-2015-2166 1 Ericsson 1 Drutt Mobile Service Delivery Platform 2025-04-12 N/A
Directory traversal vulnerability in the Instance Monitor in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, and 6 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the default URI.
CVE-2014-3460 1 Microfocus 2 Sentinel, Sentinel Agent Manager 2025-04-12 N/A
Directory traversal vulnerability in the DumpToFile method in the NQMcsVarSet ActiveX control in Agent Manager in NetIQ Sentinel allows remote attackers to create arbitrary files, and consequently execute arbitrary code, via a crafted pathname.
CVE-2015-8919 4 Canonical, Libarchive, Novell and 1 more 6 Ubuntu Linux, Libarchive, Suse Linux Enterprise Desktop and 3 more 2025-04-12 N/A
The lha_read_file_extended_header function in archive_read_support_format_lha.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds heap) via a crafted (1) lzh or (2) lha file.
CVE-2015-8920 4 Canonical, Libarchive, Novell and 1 more 6 Ubuntu Linux, Libarchive, Suse Linux Enterprise Desktop and 3 more 2025-04-12 N/A
The _ar_read_header function in archive_read_support_format_ar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds stack read) via a crafted ar file.
CVE-2015-8921 4 Canonical, Libarchive, Novell and 1 more 6 Ubuntu Linux, Libarchive, Suse Linux Enterprise Desktop and 3 more 2025-04-12 N/A
The ae_strtofflags function in archive_entry.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file.
CVE-2015-8925 4 Canonical, Libarchive, Redhat and 1 more 6 Ubuntu Linux, Libarchive, Enterprise Linux and 3 more 2025-04-12 N/A
The readline function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read) via a crafted mtree file, related to newline parsing.