Search Results (9714 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-3706 1 Novell 1 Zenworks Configuration Management 2025-04-12 N/A
Directory traversal vulnerability in the PreBoot service in Novell ZENworks Configuration Management (ZCM) 11.2 allows remote attackers to read arbitrary files via a .. (dot dot) in a preboot update pathname, aka ZDI-CAN-1595.
CVE-2014-2626 1 Hp 1 Network Virtualization 2025-04-12 N/A
Directory traversal vulnerability in the toServerObject function in HP Network Virtualization 8.6 (aka Shunra Network Virtualization) allows remote attackers to create files, and consequently execute arbitrary code, via crafted input, aka ZDI-CAN-2024.
CVE-2015-0171 1 Ibm 1 Security Siteprotector System 2025-04-12 N/A
Directory traversal vulnerability in IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to write to arbitrary files via unspecified vectors.
CVE-2014-5160 1 Hp 1 Data Protector 2025-04-12 N/A
Multiple directory traversal vulnerabilities in crs.exe in the Cell Request Service in HP Data Protector allow remote attackers to create arbitrary files via an opcode-1091 request, or create or delete arbitrary files via an opcode-305 request. NOTE: the vendor reportedly asserts that this behavior is "by design.
CVE-2013-3739 1 Network-weathermap 1 .network Weathermap 2025-04-12 N/A
Directory traversal vulnerability in editor.php in Network Weathermap 0.97c and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the mapname parameter in a show_config action.
CVE-2012-3521 1 Qbnz 1 Geshi 2025-04-12 N/A
Multiple directory traversal vulnerabilities in the cssgen contrib module in GeSHi before 1.0.8.11 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) geshi-path or (2) geshi-lang-path parameter.
CVE-2015-6500 1 Owncloud 1 Owncloud Server 2025-04-12 N/A
Directory traversal vulnerability in ownCloud Server before 8.0.6 and 8.1.x before 8.1.1 allows remote authenticated users to list directory contents and possibly cause a denial of service (CPU consumption) via a .. (dot dot) in the dir parameter to index.php/apps/files/ajax/scan.php.
CVE-2014-5187 1 Tom M8te Plugin Project 1 Tom-m8te Plugin 2025-04-12 N/A
Directory traversal vulnerability in the Tom M8te (tom-m8te) plugin 1.5.3 for WordPress allows remote attackers to read arbitrary files via the file parameter to tom-download-file.php.
CVE-2014-5197 1 Splunk 1 Splunk 2025-04-12 N/A
Directory traversal vulnerability in (1) Splunk Web or the (2) Splunkd HTTP Server in Splunk Enterprise 6.1.x before 6.1.3 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URI, related to search ids.
CVE-2014-6394 3 Apple, Fedoraproject, Joyent 3 Xcode, Fedora, Node.js 2025-04-12 N/A
visionmedia send before 0.8.4 for Node.js uses a partial comparison for verifying whether a directory is within the document root, which allows remote attackers to access restricted directories, as demonstrated using "public-restricted" under a "public" directory.
CVE-2015-5065 1 Intelligent-it 1 Paypal Currency Converter Basic For Woocommerce 2025-04-12 N/A
Absolute path traversal vulnerability in proxy.php in the google currency lookup in the Paypal Currency Converter Basic For WooCommerce plugin before 1.4 for WordPress allows remote attackers to read arbitrary files via a full pathname in the requrl parameter.
CVE-2014-6194 1 Ibm 12 Change And Configuration Management Database, Maximo Asset Management, Maximo Asset Management Essentials and 9 more 2025-04-12 N/A
Directory traversal vulnerability in an unspecified web form in IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX007, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to read arbitrary files via a .. (dot dot) in a pathname.
CVE-2015-1550 1 Arubanetworks 1 Clearpass Policy Manager 2025-04-12 N/A
Directory traversal vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allows remote administrators to execute arbitrary files via unspecified vectors.
CVE-2014-3625 3 Pivotal Software, Redhat, Vmware 7 Spring Framework, Jboss Amq, Jboss Bpms and 4 more 2025-04-12 N/A
Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling.
CVE-2015-0984 1 Honeywell 8 Excel Web Xl 1000c1000 600 I\/o, Excel Web Xl 1000c1000 600 I\/o Uukl, Excel Web Xl 1000c100 104 I\/o and 5 more 2025-04-12 N/A
Directory traversal vulnerability in the FTP server on Honeywell Excel Web XL1000C50 52 I/O, XL1000C100 104 I/O, XL1000C500 300 I/O, XL1000C1000 600 I/O, XL1000C50U 52 I/O UUKL, XL1000C100U 104 I/O UUKL, XL1000C500U 300 I/O UUKL, and XL1000C1000U 600 I/O UUKL controllers before 2.04.01 allows remote attackers to read files under the web root, and consequently obtain administrative login access, via a crafted pathname.
CVE-2013-3304 1 Dell 1 Equallogic Ps4000 Firmware 2025-04-12 N/A
Directory traversal vulnerability in Dell EqualLogic PS4000 with firmware 6.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the default URI.
CVE-2014-7828 1 Freeipa 1 Freeipa 2025-04-12 N/A
FreeIPA 4.0.x before 4.0.5 and 4.1.x before 4.1.1, when 2FA is enabled, allows remote attackers to bypass the password requirement of the two-factor authentication leveraging an enabled OTP token, which triggers an anonymous bind.
CVE-2016-1525 1 Netgear 1 Prosafe Network Management Software 300 2025-04-12 N/A
Directory traversal vulnerability in data/config/image.do in NETGEAR Management System NMS300 1.5.0.11 and earlier allows remote authenticated users to read arbitrary files via a .. (dot dot) in the realName parameter.
CVE-2014-3323 1 Cisco 1 Unified Contact Center Enterprise 2025-04-12 N/A
Directory traversal vulnerability in Cisco Unified Contact Center Enterprise allows remote authenticated users to read arbitrary web-root files via a crafted URL, aka Bug ID CSCun25262.
CVE-2014-5445 1 Zohocorp 2 Manageengine It360, Manageengine Netflow Analyzer 2025-04-12 N/A
Multiple absolute path traversal vulnerabilities in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 allow remote attackers or remote authenticated users to read arbitrary files via a full pathname in the schFilePath parameter to the (1) CSVServlet or (2) CReportPDFServlet servlet.