Search Results (9721 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-2965 1 Oscommerce 1 Oscommerce 2025-04-12 N/A
Directory traversal vulnerability in osCommerce Japanese 2.2ms1j-R8 and earlier allows remote authenticated administrators to read arbitrary files via unspecified vectors.
CVE-2014-9155 1 Avatar Uploader Project 1 Avatar Uploader 2025-04-12 N/A
Directory traversal vulnerability in the Avatar Uploader module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.0-beta6 for Drupal allows remote authenticated users to read arbitrary files via a .. (dot dot) in the path of a cropped picture in the uploader panel.
CVE-2014-8799 1 Dukapress 1 Dukapress 2025-04-12 N/A
Directory traversal vulnerability in the dp_img_resize function in php/dp-functions.php in the DukaPress plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter to lib/dp_image.php.
CVE-2014-5111 1 Netfortris 1 Trixbox 2025-04-12 N/A
Multiple directory traversal vulnerabilities in Fonality trixbox allow remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter to (1) home/index.php, (2) asterisk_info/asterisk_info.php, (3) repo/repo.php, or (4) endpointcfg/endpointcfg.php in maint/modules/.
CVE-2014-5197 1 Splunk 1 Splunk 2025-04-12 N/A
Directory traversal vulnerability in (1) Splunk Web or the (2) Splunkd HTTP Server in Splunk Enterprise 6.1.x before 6.1.3 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URI, related to search ids.
CVE-2016-2289 1 Iconics 1 Webhmi 2025-04-12 N/A
Directory traversal vulnerability in ICONICS WebHMI 9 and earlier allows remote attackers to read configuration files, and consequently discover password hashes, via unspecified vectors.
CVE-2014-4937 1 Bookx Plugin Project 1 Bookx 2025-04-12 N/A
Directory traversal vulnerability in includes/bookx_export.php BookX plugin 1.7 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
CVE-2014-8659 1 Sap 1 Environment Health And Safety 2025-04-12 N/A
Directory traversal vulnerability in SAP Environment, Health, and Safety allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2014-5160 1 Hp 1 Data Protector 2025-04-12 N/A
Multiple directory traversal vulnerabilities in crs.exe in the Cell Request Service in HP Data Protector allow remote attackers to create arbitrary files via an opcode-1091 request, or create or delete arbitrary files via an opcode-305 request. NOTE: the vendor reportedly asserts that this behavior is "by design.
CVE-2015-8924 4 Canonical, Libarchive, Novell and 1 more 6 Ubuntu Linux, Libarchive, Suse Linux Enterprise Desktop and 3 more 2025-04-12 N/A
The archive_read_format_tar_read_header function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tar file.
CVE-2012-1669 1 Phpmoneybooks 1 Phpmoneybooks 2025-04-12 N/A
Directory traversal vulnerability in index.php in phpMoneyBooks before 1.0.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module parameter.
CVE-2015-5305 1 Redhat 1 Openshift 2025-04-12 N/A
Directory traversal vulnerability in Kubernetes, as used in Red Hat OpenShift Enterprise 3.0, allows attackers to write to arbitrary files via a crafted object type name, which is not properly handled before passing it to etcd.
CVE-2014-8737 4 Canonical, Fedoraproject, Gnu and 1 more 4 Ubuntu Linux, Fedora, Binutils and 1 more 2025-04-12 N/A
Multiple directory traversal vulnerabilities in GNU binutils 2.24 and earlier allow local users to delete arbitrary files via a .. (dot dot) or full path name in an archive to (1) strip or (2) objcopy or create arbitrary files via (3) a .. (dot dot) or full path name in an archive to ar.
CVE-2014-5370 1 New Atlanta 1 Bluedragon 2025-04-12 N/A
Directory traversal vulnerability in the CFChart servlet (com.naryx.tagfusion.cfm.cfchartServlet) in New Atlanta BlueDragon before 7.1.1.18527 allows remote attackers to read or possibly delete arbitrary files via a .. (dot dot) in the QUERY_STRING to cfchart.cfchart.
CVE-2014-2933 1 Caldera 1 Caldera 2025-04-12 N/A
Directory traversal vulnerability in dirmng/index.php in Caldera 9.20 allows remote attackers to access arbitrary directories via a crafted pathname.
CVE-2015-5174 4 Apache, Canonical, Debian and 1 more 6 Tomcat, Ubuntu Linux, Debian Linux and 3 more 2025-04-12 N/A
Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory.
CVE-2016-10037 1 Modx 1 Modx Revolution 2025-04-12 7.3 High
Directory traversal in /connectors/index.php in MODX Revolution before 2.5.2-pl allows remote attackers to perform local file inclusion/traversal/manipulation via a crafted id (aka dir) parameter, related to browser/directory/getlist.
CVE-2014-4929 1 Owncloud 2 Owncloud, Owncloud Server 2025-04-12 N/A
Directory traversal vulnerability in the routing component in ownCloud Server before 5.0.17 and 6.0.x before 6.0.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in a filename, related to index.php.
CVE-2014-4910 1 X 1 Xf86-video-intel 2025-04-12 N/A
Directory traversal vulnerability in tools/backlight_helper.c in X.Org xf86-video-intel 2.99.911 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the interface name.
CVE-2015-8922 5 Canonical, Libarchive, Novell and 2 more 7 Ubuntu Linux, Libarchive, Suse Linux Enterprise Desktop and 4 more 2025-04-12 N/A
The read_CodersInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted 7z file, related to the _7z_folder struct.