Total
6658 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-0880 | 2 Ibm, Microsoft | 2 Director, Windows | 2018-10-10 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in the CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to load and execute arbitrary local DLL code via a .. (dot dot) in a /CIMListener/ URI in an M-POST request. | |||||
| CVE-2009-0640 | 1 Swannsecurity | 1 Dvr4-securanet | 2018-10-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the administrative web server in Swann DVR4-SecuraNet allows remote attackers to read arbitrary files via a .. (dot dot) in the URI, as demonstrated by reading the vy_netman.cfg file that contains passwords. | |||||
| CVE-2018-15140 | 1 Open-emr | 1 Openemr | 2018-10-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| Directory traversal in portal/import_template.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker authenticated in the patient portal to read arbitrary files via the "docid" parameter when the mode is set to get. | |||||
| CVE-2018-15142 | 1 Open-emr | 1 Openemr | 2018-10-10 | 6.5 MEDIUM | 8.8 HIGH |
| Directory traversal in portal/import_template.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker authenticated in the patient portal to execute arbitrary PHP code by writing a file with a PHP extension via the "docid" and "content" parameters and accessing it in the traversed directory. | |||||
| CVE-2018-15141 | 1 Open-emr | 1 Openemr | 2018-10-10 | 5.5 MEDIUM | 6.5 MEDIUM |
| Directory traversal in portal/import_template.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker authenticated in the patient portal to delete arbitrary files via the "docid" parameter when the mode is set to delete. | |||||
| CVE-2018-7098 | 1 Hp | 1 3par Service Provider | 2018-10-10 | 3.6 LOW | 8.4 HIGH |
| A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be locally exploited to allow directory traversal. | |||||
| CVE-2017-12815 | 1 Bomgar | 1 Remote Support | 2018-10-09 | 10.0 HIGH | 10.0 CRITICAL |
| Analysis of the Bomgar Remote Support Portal JavaStart.jar Applet 52790 and earlier revealed that it is vulnerable to a path traversal vulnerability. The archive can be downloaded from a given Bomgar Remote Support Portal deployment at https://domain/api/content/JavaStart.jar and is callable from an arbitrary website using <object> and/or <appletHTML> tags. Successful exploitation results in file creation/modification/deletion in the operating system and with privileges of the user that ran the Java applet. | |||||
| CVE-2016-4313 | 1 Extplorer | 1 Extplorer | 2018-10-09 | 6.8 MEDIUM | 7.8 HIGH |
| Directory traversal vulnerability in unzip/extract feature in eXtplorer 2.1.9 allows remote attackers to execute arbitrary files via a .. (dot dot) in an archive file. | |||||
| CVE-2016-6601 | 1 Zohocorp | 1 Webnms Framework | 2018-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to read arbitrary files via a .. (dot dot) in the fileName parameter to servlets/FetchFile. | |||||
| CVE-2016-6600 | 1 Zohocorp | 1 Webnms Framework | 2018-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| Directory traversal vulnerability in the file upload functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to upload and execute arbitrary JSP files via a .. (dot dot) in the fileName parameter to servlets/FileUploadServlet. | |||||
| CVE-2016-7135 | 1 Plone | 1 Plone | 2018-10-09 | 4.0 MEDIUM | 4.9 MEDIUM |
| Directory traversal vulnerability in Plone CMS 5.x through 5.0.6 and 4.2.x through 4.3.11 allows remote administrators to read arbitrary files via a .. (dot dot) in the path parameter in a getFile action to Plone/++theme++barceloneta/@@plone.resourceeditor.filemanager-actions. | |||||
| CVE-2016-4314 | 1 Wso2 | 1 Carbon | 2018-10-09 | 4.0 MEDIUM | 4.9 MEDIUM |
| Directory traversal vulnerability in the LogViewer Admin Service in WSO2 Carbon 4.4.5 allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the logFile parameter to downloadgz-ajaxprocessor.jsp. | |||||
| CVE-2016-1525 | 1 Netgear | 1 Prosafe Network Management Software 300 | 2018-10-09 | 7.8 HIGH | 8.6 HIGH |
| Directory traversal vulnerability in data/config/image.do in NETGEAR Management System NMS300 1.5.0.11 and earlier allows remote authenticated users to read arbitrary files via a .. (dot dot) in the realName parameter. | |||||
| CVE-2016-3151 | 1 Barco | 6 Clickshare Csc-1, Clickshare Csc-1 Firmware, Clickshare Cse-200 and 3 more | 2018-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in the wallpaper parsing functionality in Barco ClickShare CSC-1 devices with firmware before 01.09.03, CSM-1 devices with firmware before 01.06.02, and CSE-200 devices with firmware before 01.03.02 allows remote attackers to read /etc/shadow via unspecified vectors. | |||||
| CVE-2015-8770 | 1 Roundcube | 1 Roundcube Webmail | 2018-10-09 | 6.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in the set_skin function in program/include/rcmail_output_html.php in Roundcube before 1.0.8 and 1.1.x before 1.1.4 allows remote authenticated users with certain permissions to read arbitrary files or possibly execute arbitrary code via a .. (dot dot) in the _skin parameter to index.php. | |||||
| CVE-2015-8357 | 1 Bitrix | 1 Xscan | 2018-10-09 | 6.5 MEDIUM | N/A |
| Directory traversal vulnerability in the bitrix.xscan module before 1.0.4 for Bitrix allows remote authenticated users to rename arbitrary files, and consequently obtain sensitive information or cause a denial of service, via a .. (dot dot) in the file parameter to admin/bitrix.xscan_worker.php. | |||||
| CVE-2016-0784 | 1 Apache | 1 Openmeetings | 2018-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| Directory traversal vulnerability in the Import/Export System Backups functionality in Apache OpenMeetings before 3.1.1 allows remote authenticated administrators to write to arbitrary files via a .. (dot dot) in a ZIP archive entry. | |||||
| CVE-2015-7372 | 1 Revive-adserver | 1 Revive Adserver | 2018-10-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in delivery-dev/al.php in Revive Adserver before 3.2.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the layerstyle parameter. | |||||
| CVE-2015-8358 | 1 Bitrix | 1 Mpbuilder | 2018-10-09 | 9.0 HIGH | N/A |
| Directory traversal vulnerability in the bitrix.mpbuilder module before 1.0.12 for Bitrix allows remote administrators to include and execute arbitrary local files via a .. (dot dot) in the element name of the "work" array parameter to admin/bitrix.mpbuilder_step2.php. | |||||
| CVE-2015-7683 | 1 Font Project | 1 Font | 2018-10-09 | 4.0 MEDIUM | N/A |
| Absolute path traversal vulnerability in Font.php in the Font plugin before 7.5.1 for WordPress allows remote administrators to read arbitrary files via a full pathname in the url parameter to AjaxProxy.php. | |||||