Total
6658 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-1199 | 1 Ppmd Project | 1 Ppmd | 2017-09-05 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in ppmd 10.1-5. | |||||
| CVE-2014-8676 | 1 Soplanning | 1 Soplanning | 2017-09-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| Directory traversal vulnerability in the file_get_contents function in SOPlanning 1.32 and earlier allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) in a URL path parameter. | |||||
| CVE-2016-6896 | 1 Wordpress | 1 Wordpress | 2017-09-03 | 5.5 MEDIUM | 7.1 HIGH |
| Directory traversal vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress 4.5.3 allows remote authenticated users to cause a denial of service or read certain text files via a .. (dot dot) in the plugin parameter to wp-admin/admin-ajax.php, as demonstrated by /dev/random read operations that deplete the entropy pool. | |||||
| CVE-2016-5639 | 1 Crestron | 2 Airmedia Am-100, Airmedia Am-100 Firmware | 2017-09-03 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in cgi-bin/login.cgi on Crestron AirMedia AM-100 devices with firmware before 1.4.0.13 allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter. | |||||
| CVE-2017-7693 | 1 Riverbed | 1 Opnet App Response Xpert | 2017-09-02 | 6.8 MEDIUM | 6.5 MEDIUM |
| Directory traversal vulnerability in viewer_script.jsp in Riverbed OPNET App Response Xpert (ARX) version 9.6.1 allows remote authenticated users to inject arbitrary commands to read OS files. | |||||
| CVE-2016-5307 | 1 Symantec | 1 Endpoint Protection Manager | 2017-09-01 | 4.0 MEDIUM | 4.3 MEDIUM |
| Directory traversal vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to read arbitrary files in the web-root directory tree via unspecified vectors. | |||||
| CVE-2016-2205 | 1 Symantec | 2 Workspace Streaming, Workspace Virtualization | 2017-09-01 | 6.1 MEDIUM | 5.7 MEDIUM |
| Directory traversal vulnerability in the file-download configuration file in the management console in Symantec Workspace Streaming (SWS) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 and Symantec Workspace Virtualization (SWV) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 allows remote authenticated users to read unspecified application files via unknown vectors. | |||||
| CVE-2015-1386 | 1 Unshield Project | 1 Unshield | 2017-08-31 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in unshield 1.0-1. | |||||
| CVE-2017-10834 | 1 Nippon-antenna | 2 Scr02hd, Scr02hd Firmware | 2017-08-31 | 4.0 MEDIUM | 6.5 MEDIUM |
| Directory traversal vulnerability in "Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier allows authenticated attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2017-10841 | 1 Webcalendar Project | 1 Webcalendar | 2017-08-30 | 4.0 MEDIUM | 4.9 MEDIUM |
| Directory traversal vulnerability in WebCalendar 1.2.7 and earlier allows authenticated attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2017-2258 | 1 Cybozu | 1 Garoon | 2017-08-30 | 4.0 MEDIUM | 4.3 MEDIUM |
| Directory traversal vulnerability in Cybozu Garoon 4.2.4 to 4.2.5 allows an attacker to read arbitrary files via Garoon SOAP API "WorkflowHandleApplications". | |||||
| CVE-2017-10665 | 1 Phpgrid | 1 Phpgrid | 2017-08-30 | 6.8 MEDIUM | 7.8 HIGH |
| Directory traversal vulnerability in ajaxfileupload.php in Kayson Group Ltd. phpGrid before 7.2.5 allows remote attackers to execute arbitrary code by uploading a crafted file with a .. (dot dot) in the file name. | |||||
| CVE-2015-4181 | 1 Phpmybackuppro | 1 Phpmybackuppro | 2017-08-30 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in get_file.php in phpMyBackupPro 2.1 through 2.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this vulnerability exists due to an incomplete fix to CVE-2015-4180. | |||||
| CVE-2015-4180 | 1 Phpmybackuppro | 1 Phpmybackuppro | 2017-08-30 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in get_file.php in phpMyBackupPro 2.1 through 2.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this vulnerability exists due to an incomplete fix to CVE-2009-4050. | |||||
| CVE-2015-1395 | 3 Canonical, Fedoraproject, Gnu | 3 Ubuntu Linux, Fedora, Patch | 2017-08-30 | 7.8 HIGH | 7.5 HIGH |
| Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. (dot dot) in a diff file name. | |||||
| CVE-2017-12791 | 1 Saltstack | 1 Salt | 2017-08-29 | 7.5 HIGH | 9.8 CRITICAL |
| Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.11.7 and 2017.7.x before 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. | |||||
| CVE-2017-12938 | 1 Rarlab | 1 Unrar | 2017-08-29 | 5.0 MEDIUM | 7.5 HIGH |
| UnRAR before 5.5.7 allows remote attackers to bypass a directory-traversal protection mechanism via vectors involving a symlink to the . directory, a symlink to the .. directory, and a regular file. | |||||
| CVE-2014-4910 | 1 X | 1 Xf86-video-intel | 2017-08-29 | 4.6 MEDIUM | N/A |
| Directory traversal vulnerability in tools/backlight_helper.c in X.Org xf86-video-intel 2.99.911 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the interface name. | |||||
| CVE-2014-2588 | 1 Mcafee | 1 Asset Manager | 2017-08-29 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in servlet/downloadReport in McAfee Asset Manager 6.6 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the reportFileName parameter. | |||||
| CVE-2014-3317 | 1 Cisco | 1 Unified Communications Manager | 2017-08-29 | 5.5 MEDIUM | N/A |
| Directory traversal vulnerability in the Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager 10.0(1) allows remote authenticated users to delete arbitrary files via a crafted URL, aka Bug ID CSCup76314. | |||||