Search Results (9532 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-7602 1 Bisonware 1 Bisonftp 2025-04-12 N/A
Directory traversal vulnerability in BisonWare BisonFTP 3.5 allows remote attackers to read arbitrary files via a ../ (dot dot slash) in a RETR command.
CVE-2015-7683 1 Font Project 1 Font 2025-04-12 N/A
Absolute path traversal vulnerability in Font.php in the Font plugin before 7.5.1 for WordPress allows remote administrators to read arbitrary files via a full pathname in the url parameter to AjaxProxy.php.
CVE-2016-10106 1 Netgear 8 Fvs318gv2, Fvs318gv2 Firmware, Fvs318n and 5 more 2025-04-12 N/A
Directory traversal vulnerability in scgi-bin/platform.cgi on NETGEAR FVS336Gv3, FVS318N, FVS318Gv2, and SRX5308 devices with firmware before 4.3.3-8 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the thispage parameter, as demonstrated by reading the /etc/shadow file.
CVE-2015-4031 1 Visualmining 1 Netcharts Server 2025-04-12 N/A
Directory traversal vulnerability in saveFile.jsp in the development installation in Visual Mining NetChart allows remote attackers to write to arbitrary files via unspecified vectors.
CVE-2015-8358 1 Bitrix 1 Mpbuilder 2025-04-12 N/A
Directory traversal vulnerability in the bitrix.mpbuilder module before 1.0.12 for Bitrix allows remote administrators to include and execute arbitrary local files via a .. (dot dot) in the element name of the "work" array parameter to admin/bitrix.mpbuilder_step2.php.
CVE-2014-6182 1 Ibm 1 Business Process Manager 2025-04-12 N/A
Directory traversal vulnerability in an export function in the Process Center in IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3 and 8.5.x through 8.5.5 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URL.
CVE-2015-8564 1 Joomla 1 Joomla\! 2025-04-12 N/A
Directory traversal vulnerability in Joomla! 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via directory traversal sequences in the XML install file in an extension package archive.
CVE-2015-8565 1 Joomla 1 Joomla\! 2025-04-12 N/A
Directory traversal vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via unknown vectors.
CVE-2015-8794 1 Roundcube 1 Roundcube Webmail 2025-04-12 N/A
Absolute path traversal vulnerability in program/steps/addressbook/photo.inc in Roundcube before 1.0.6 and 1.1.x before 1.1.2 allows remote authenticated users to read arbitrary files via a full pathname in the _alt parameter, related to contact photo handling.
CVE-2014-2933 1 Caldera 1 Caldera 2025-04-12 N/A
Directory traversal vulnerability in dirmng/index.php in Caldera 9.20 allows remote attackers to access arbitrary directories via a crafted pathname.
CVE-2016-1000112 1 Contussupport 1 Contus-video-comments 2025-04-12 9.1 Critical
Unauthenticated remote .jpg file upload in contus-video-comments v1.0 wordpress plugin
CVE-2014-3865 1 Debian 1 Dpkg-dev 2025-04-12 N/A
Multiple directory traversal vulnerabilities in dpkg-source in dpkg-dev 1.3.0 allow remote attackers to modify files outside of the intended directories via a source package with a crafted Index: pseudo-header in conjunction with (1) missing --- and +++ header lines or (2) a +++ header line with a blank pathname.
CVE-2016-1145 1 Nec 1 Expresscluster X 2025-04-12 N/A
Directory traversal vulnerability in WebManager in NEC EXPRESSCLUSTER X through 3.3 11.31 on Windows and through 3.3 3.3.1-1 on Linux and Solaris allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2016-1231 3 Debian, Fedoraproject, Prosody 3 Debian Linux, Fedora, Prosody 2025-04-12 N/A
Directory traversal vulnerability in the HTTP file-serving module (mod_http_files) in Prosody 0.9.x before 0.9.9 allows remote attackers to read arbitrary files via a .. (dot dot) in an unspecified path.
CVE-2016-2572 2 Redhat, Squid-cache 2 Enterprise Linux, Squid 2025-04-12 N/A
http.cc in Squid 4.x before 4.0.7 relies on the HTTP status code after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response.
CVE-2016-2872 1 Ibm 2 Qradar Security Information And Event Manager, Security Qradar Incident Forensics 2025-04-12 N/A
Directory traversal vulnerability in IBM Security QRadar SIEM 7.2.x before 7.2.7 and QRadar Incident Forensics 7.2.x before 7.2.7 allows remote attackers to read arbitrary files via a crafted URL.
CVE-2016-3972 1 Dotcms 1 Dotcms 2025-04-12 N/A
Directory traversal vulnerability in the dotTailLogServlet in dotCMS before 3.5.1 allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the fileName parameter.
CVE-2016-4532 1 Trihedral 1 Vtscada 2025-04-12 N/A
Directory traversal vulnerability in the WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to read arbitrary files via a crafted pathname.
CVE-2016-5307 1 Symantec 1 Endpoint Protection Manager 2025-04-12 N/A
Directory traversal vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to read arbitrary files in the web-root directory tree via unspecified vectors.
CVE-2014-1715 4 Apple, Google, Linux and 1 more 4 Mac Os X, Chrome, Linux Kernel and 1 more 2025-04-12 N/A
Directory traversal vulnerability in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows has unspecified impact and attack vectors.