Total
6658 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-5393 | 1 Sos | 1 Jobscheduler | 2018-10-09 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in the JobScheduler Operations Center (JOC) in SOS JobScheduler before 1.6.4246 and 1.7.x before 1.7.4241 allows remote authenticated users with the info permission to read arbitrary files in the webroot via unspecified vectors. | |||||
| CVE-2014-3806 | 1 Vmturbo | 1 Operations Manager | 2018-10-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in cgi-bin/help/doIt.cgi in VMTurbo Operations Manager before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the xml_path parameter. | |||||
| CVE-2014-3225 | 1 Cobblerd | 1 Cobbler | 2018-10-09 | 4.0 MEDIUM | N/A |
| Absolute path traversal vulnerability in the web interface in Cobbler 2.4.x through 2.6.x allows remote authenticated users to read arbitrary files via the Kickstart field in a profile. | |||||
| CVE-2014-2858 | 1 Gopivotal | 2 Grails, Grails-resources | 2018-10-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the Resources plugin 1.0.0 before 1.2.6 for Pivotal Grails 2.0.0 through 2.3.6 allows remote attackers to obtain sensitive information via unspecified vectors related to a "configured block." NOTE: this issue was SPLIT from CVE-2014-0053 per ADT2 due to different vulnerability types. | |||||
| CVE-2014-2575 | 1 Devexpress | 1 Aspxfilemanager Control For Webforms And Mvc | 2018-10-09 | 6.5 MEDIUM | N/A |
| Directory traversal vulnerability in the File Manager component in DevExpress ASPxFileManager Control for ASP.NET WebForms and MVC before 13.1.10 and 13.2.x before 13.2.9 allows remote authenticated users to read or write arbitrary files via a .. (dot dot) in the __EVENTARGUMENT parameter. | |||||
| CVE-2014-1222 | 1 Vtiger | 1 Vtiger Crm | 2018-10-09 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in kcfinder/browse.php in Vtiger CRM before 6.0.0 Security patch 1 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter in a download action. NOTE: it is likely that this issue is actually in the KCFinder third-party component, and it affects additional products besides Vtiger CRM. | |||||
| CVE-2011-2744 | 1 Chyrp | 1 Chyrp | 2018-10-09 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in Chyrp 2.1 and earlier allows remote attackers to include and execute arbitrary local files via a ..%2F (encoded dot dot slash) in the action parameter to the default URI. | |||||
| CVE-2011-4712 | 1 Monoxide0184 | 1 Oxide Webserver | 2018-10-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Oxide WebServer allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in an HTTP request. | |||||
| CVE-2011-3357 | 1 Mantisbt | 1 Mantisbt | 2018-10-09 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in bug_actiongroup_ext_page.php in MantisBT before 1.2.8 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter, related to bug_actiongroup_page.php. | |||||
| CVE-2011-2780 | 1 Chyrp | 1 Chyrp | 2018-10-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in includes/lib/gz.php in Chyrp 2.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, a different vulnerability than CVE-2011-2744. | |||||
| CVE-2011-1736 | 1 Hp | 1 Openview Storage Data Protector | 2018-10-09 | 8.5 HIGH | N/A |
| Directory traversal vulnerability in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to read arbitrary files via directory traversal sequences in a filename in a GET_FILE message. | |||||
| CVE-2011-1099 | 1 Focalmedia.net | 1 Quick Polls | 2018-10-09 | 5.8 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in FocalMedia.Net Quick Polls before 1.0.2 allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the p parameter in a preview action to index.php, or (2) delete arbitrary files via a .. (dot dot) in the p parameter in a delete action to index.php. | |||||
| CVE-2011-0751 | 1 Nazgul | 1 Nostromo | 2018-10-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in nhttpd (aka Nostromo webserver) before 1.9.4 allows remote attackers to execute arbitrary programs or read arbitrary files via a ..%2f (encoded dot dot slash) in a URI. | |||||
| CVE-2018-7092 | 1 Hp | 1 Intelligent Management Center | 2018-10-05 | 6.4 MEDIUM | 7.5 HIGH |
| A potential security vulnerability has been identified in HPE Intelligent Management Center Platform (IMC Plat) 7.3 E0506P09. The vulnerability could be remotely exploited to allow for remote directory traversal leading to arbitrary file deletion. | |||||
| CVE-2018-14942 | 1 Harmonicinc | 2 Nsg 9000, Nsg 9000 Firmware | 2018-10-05 | 4.0 MEDIUM | 8.8 HIGH |
| Harmonic NSG 9000 devices allow remote authenticated users to conduct directory traversal attacks, as demonstrated by "POST /PY/EMULATION_GET_FILE" or "POST /PY/EMULATION_EXPORT" with FileName=../../../passwd in the POST data. | |||||
| CVE-2008-0782 | 1 Moinmoin | 1 Moinmoin | 2018-10-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in MoinMoin 1.5.8 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the MOIN_ID user ID in a cookie for a userform action. NOTE: this issue can be leveraged for PHP code execution via the quicklinks parameter. | |||||
| CVE-2018-14912 | 2 Cgit Project, Debian | 2 Cgit, Debian Linux | 2018-10-02 | 5.0 MEDIUM | 7.5 HIGH |
| cgit_clone_objects in CGit before 1.2.1 has a directory traversal vulnerability when `enable-http-clone=1` is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request. | |||||
| CVE-2018-14927 | 1 Matera | 1 Banco | 2018-10-02 | 5.0 MEDIUM | 5.3 MEDIUM |
| Matera Banco 1.0.0 is vulnerable to path traversal (allowing access to system files outside the default application folder) via the /contingency/servlet/ServletFileDownload file parameter, related to /contingency/web/receiptQuery/receiptDisplay.jsp. | |||||
| CVE-2018-12939 | 1 Seeddms | 1 Seeddms | 2018-09-28 | 5.5 MEDIUM | 6.5 MEDIUM |
| A directory traversal flaw in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows an authenticated attacker to write to (or potentially delete) arbitrary files via a .. (dot dot) in the "op/op.UploadChunks.php" "qquuid" parameter. NOTE: this can be leveraged to execute arbitrary code by using CVE-2018-12940. | |||||
| CVE-2018-16774 | 1 Hongcms Project | 1 Hongcms | 2018-09-24 | 6.4 MEDIUM | 7.5 HIGH |
| HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/language/ajax?action=delete. | |||||