Total
6658 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-2304 | 3 Canonical, Libarchive, Opensuse | 3 Ubuntu Linux, Libarchive, Opensuse | 2023-11-07 | 6.4 MEDIUM | N/A |
| Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arbitrary files via a full pathname in an archive. | |||||
| CVE-2015-1493 | 1 Moodle | 1 Moodle | 2023-11-07 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in the min_get_slash_argument function in lib/configonlylib.php in Moodle through 2.5.9, 2.6.x before 2.6.8, 2.7.x before 2.7.5, and 2.8.x before 2.8.3 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter, as demonstrated by reading PHP scripts. | |||||
| CVE-2015-0781 | 1 Novell | 1 Zenworks Configuration Management | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| Directory traversal vulnerability in the doPost method of the Rtrlet class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to upload and execute arbitrary files via unspecified vectors. | |||||
| CVE-2015-0779 | 1 Novell | 1 Zenworks Configuration Management | 2023-11-07 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in UploadServlet in Novell ZENworks Configuration Management (ZCM) 10 and 11 before 11.3.2 allows remote attackers to execute arbitrary code via a crafted directory name in the uid parameter, in conjunction with a WAR filename in the filename parameter and WAR content in the POST data, a different vulnerability than CVE-2010-5323 and CVE-2010-5324. | |||||
| CVE-2014-7951 | 1 Google | 1 Android | 2023-11-07 | 2.1 LOW | 4.6 MEDIUM |
| Directory traversal vulnerability in the Android debug bridge (aka adb) in Android 4.0.4 allows physically proximate attackers with a direct connection to the target Android device to write to arbitrary files owned by system via a .. (dot dot) in the tar archive headers. | |||||
| CVE-2014-8737 | 3 Canonical, Fedoraproject, Gnu | 3 Ubuntu Linux, Fedora, Binutils | 2023-11-07 | 3.6 LOW | N/A |
| Multiple directory traversal vulnerabilities in GNU binutils 2.24 and earlier allow local users to delete arbitrary files via a .. (dot dot) or full path name in an archive to (1) strip or (2) objcopy or create arbitrary files via (3) a .. (dot dot) or full path name in an archive to ar. | |||||
| CVE-2014-1707 | 1 Google | 1 Chrome Os | 2023-11-07 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in CrosDisks in Google Chrome OS before 33.0.1750.152 has unspecified impact and attack vectors. | |||||
| CVE-2014-1715 | 4 Apple, Google, Linux and 1 more | 4 Mac Os X, Chrome, Linux Kernel and 1 more | 2023-11-07 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows has unspecified impact and attack vectors. | |||||
| CVE-2014-10073 | 2 Debian, Wpitchoune | 2 Debian Linux, Psensor | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| The create_response function in server/server.c in Psensor before 1.1.4 allows Directory Traversal because it lacks a check for whether a file is under the webserver directory. | |||||
| CVE-2014-0115 | 1 Apache | 1 Storm | 2023-11-07 | 7.8 HIGH | 7.5 HIGH |
| Directory traversal vulnerability in the log viewer in Apache Storm 0.9.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to log. | |||||
| CVE-2013-6397 | 1 Apache | 1 Solr | 2023-11-07 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) or full pathname in the tr parameter to solr/select/, when the response writer (wt parameter) is set to XSLT. NOTE: this can be leveraged using a separate XXE (XML eXternal Entity) vulnerability to allow access to files across restricted network boundaries. | |||||
| CVE-2013-5979 | 1 Springsignage | 1 Xibo | 2023-11-07 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Spring Signage Xibo 1.2.x before 1.2.3 and 1.4.x before 1.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter to index.php. | |||||
| CVE-2013-5021 | 2 Abb, Ni | 5 Datamanager, Labview, Labwindows and 2 more | 2023-11-07 | 9.3 HIGH | N/A |
| Multiple absolute path traversal vulnerabilities in National Instruments cwui.ocx, as used in National Instruments LabWindows/CVI 2012 SP1 and earlier, National Instruments LabVIEW 2012 SP1 and earlier, the Data Analysis component in ABB DataManager 1 through 6.3.6, and other products allow remote attackers to create and execute arbitrary files via a full pathname in an argument to the ExportStyle method in the (1) CWNumEdit, (2) CWGraph, (3) CWBoolean, (4) CWSlide, or (5) CWKnob ActiveX control, in conjunction with file content in the (a) Caption or (b) FormatString property value. | |||||
| CVE-2013-2900 | 3 Debian, Google, Microsoft | 3 Debian Linux, Chrome, Windows | 2023-11-07 | 7.5 HIGH | N/A |
| The FilePath::ReferencesParent function in files/file_path.cc in Google Chrome before 29.0.1547.57 on Windows does not properly handle pathname components composed entirely of . (dot) and whitespace characters, which allows remote attackers to conduct directory traversal attacks via a crafted directory name. | |||||
| CVE-2013-0911 | 1 Google | 1 Chrome | 2023-11-07 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in Google Chrome before 25.0.1364.152 allows remote attackers to have an unspecified impact via vectors related to databases. | |||||
| CVE-2013-0895 | 4 Apple, Google, Linux and 1 more | 4 Mac Os X, Chrome, Linux Kernel and 1 more | 2023-11-07 | 7.5 HIGH | N/A |
| Google Chrome before 25.0.1364.97 on Linux, and before 25.0.1364.99 on Mac OS X, does not properly handle pathnames during copy operations, which might make it easier for remote attackers to execute arbitrary programs via unspecified vectors. | |||||
| CVE-2013-0831 | 2 Google, Opensuse | 2 Chrome, Opensuse | 2023-11-07 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to have an unspecified impact by leveraging access to an extension process. | |||||
| CVE-2012-4506 | 2 Gitolite, Sitaram Chamarty | 2 Gitolite, Gitolite | 2023-11-07 | 4.6 MEDIUM | N/A |
| Directory traversal vulnerability in gitolite 3.x before 3.1, when wild card repositories and a pattern matching "../" are enabled, allows remote authenticated users to create arbitrary repositories and possibly perform other actions via a .. (dot dot) in a repository name. | |||||
| CVE-2011-5273 | 1 Gplhost | 1 Domain Technologie Control | 2023-11-07 | 6.5 MEDIUM | N/A |
| Directory traversal vulnerability in shared/package-installer in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary PHP code via a .. (dot dot) in the pkg parameter in a do_install action to dtc/. | |||||
| CVE-2011-3602 | 1 Litech | 1 Router Advertisement Daemon | 2023-11-07 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in device-linux.c in the router advertisement daemon (radvd) before 1.8.2 allows local users to overwrite arbitrary files, and remote attackers to overwrite certain files, via a .. (dot dot) in an interface name. NOTE: this can be leveraged with a symlink to overwrite arbitrary files. | |||||