| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Directory traversal vulnerability in monarch.cgi in the MONARCH component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to overwrite arbitrary files by leveraging access to the nagios account. |
| Directory traversal vulnerability in Irmin CMS (formerly Pepsi CMS) 0.6 BETA2 allows remote attackers to read arbitrary files via a .. (dot dot) in the w parameter to index.php. |
| Directory traversal vulnerability in cgi-bin/admin/fileread in AirLive WL2600CAM and possibly other camera models allows remote attackers to read arbitrary files via a .. (dot dot) in the READ.filePath parameter. |
| Directory traversal vulnerability in substitute.bcl in the WebView CimWeb subsystem in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPLICITY, allows remote attackers to read arbitrary files via a crafted packet. |
| Directory traversal vulnerability in the Picasa (com_joomlapicasa2) component 2.0 and 2.0.5 for Joomla! allows remote attackers to read arbitrary local files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information. |
| Directory traversal vulnerability in the CGENE Security File Manager Pro application 1.0.6 and earlier, and Security File Manager Trial application 1.0.6 and earlier, for Android allows attackers to overwrite or create arbitrary files via unspecified vectors. |
| Directory traversal vulnerability in LSI 3ware Disk Manager (3DM) before 2 allows remote attackers to read arbitrary files via unspecified vectors. |
| Directory traversal vulnerability in jinventory.php in the JInventory (com_jinventory) component 1.23.02 and possibly other versions before 1.26.03, a module for Joomla!, allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. |
| Directory traversal vulnerability in the getEntry method in the PortalModuleInstallManager component in a servlet in nps.jar in the Administration Console (aka Access Management Console) in Novell Access Manager 3.1 before 3.1.2-281 on Windows allows remote attackers to create arbitrary files with any contents, and consequently execute arbitrary code, via a .. (dot dot) in a parameter, aka ZDI-CAN-678. |
| Absolute path traversal vulnerability in the extract_jar function in jartool.c in FastJar 0.98 allows remote attackers to create or overwrite arbitrary files via a full pathname for a file within a .jar archive, a related issue to CVE-2010-0831. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-3619. |
| Multiple directory traversal vulnerabilities in the web server for Motorola SURFBoard cable modem SBV6120E running firmware SBV6X2X-1.0.0.5-SCM-02-SHPC allow remote attackers to read arbitrary files via (1) "//" (multiple leading slash), (2) ../ (dot dot) sequences, and encoded dot dot sequences in a URL request. |
| Directory traversal vulnerability in admin/index.php in Article Friendly, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter. |
| Directory traversal vulnerability in logreader/uploadreader.jsp in CapaSystems Performance Guard before 6.2.102 allows remote attackers to read arbitrary files via unspecified vectors. |
| Directory traversal vulnerability in upgrade.php in Piwigo before 2.3.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter. |
| Directory traversal vulnerability in the Percha Image Attach (com_perchaimageattach) component 1.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. |
| Directory traversal vulnerability in admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the db_type parameter, related to an unsafe call by MantisBT to a function in the ADOdb Library for PHP. |
| Directory traversal vulnerability in WellinTech KingView 6.53 allows remote attackers to read arbitrary files via a crafted HTTP request to port 8001. |
| Directory traversal vulnerability in the server in IBM Rational Software Architect Design Manager and Rhapsody Design Manager 3.x and 4.x before 4.0.5 allows local users to read arbitrary files via vectors involving temporary files. |
| Directory traversal vulnerability in wgarcmin.cgi in WebGlimpse 2.18.7 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the DOC parameter. |
| Directory traversal vulnerability in SavySoda WiFi HD Free before 7.0 allows remote attackers to read arbitrary files via a ..%2f (encoded dot dot slash) in a GET request. |
