Search Results (9710 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-2139 2 Cloudforms Cloudengine, Rubygems 2 1, Mail Gem 2025-04-11 N/A
Directory traversal vulnerability in lib/mail/network/delivery_methods/file_delivery.rb in the Mail gem before 2.4.4 for Ruby allows remote attackers to read arbitrary files via a .. (dot dot) in the to parameter.
CVE-2010-1659 2 Joomla, Webkul 2 Joomla\!, Com Ultimateportfolio 2025-04-11 N/A
Directory traversal vulnerability in the Ultimate Portfolio (com_ultimateportfolio) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
CVE-2009-4901 2 Muscle, Redhat 3 Pcsc-lite, Certificate System, Enterprise Linux 2025-04-11 N/A
The MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 might allow local users to cause a denial of service (daemon crash) via crafted SCARD_SET_ATTRIB message data, which is improperly demarshalled and triggers a buffer over-read, a related issue to CVE-2010-0407.
CVE-2010-1658 1 Code-garage 1 Com Noticeboard 2025-04-11 N/A
Directory traversal vulnerability in the Code-Garage NoticeBoard (com_noticeboard) component 1.3 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
CVE-2010-3099 1 Smartftp 1 Smartftp 2025-04-11 N/A
Directory traversal vulnerability in SmartSoft Ltd SmartFTP Client 4.0.1124.0, and possibly other versions before 4.0 Build 1133, allows remote FTP servers to overwrite arbitrary files via a "..\" (dot dot backslash) in a filename. NOTE: some of these details are obtained from third party information.
CVE-2013-1082 1 Novell 1 Zenworks Mobile Management 2025-04-11 N/A
Directory traversal vulnerability in DUSAP.php in Novell ZENworks Mobile Management before 2.7.1 allows remote attackers to include and execute arbitrary local files via the language parameter.
CVE-2011-0071 3 Microsoft, Mozilla, Redhat 5 Windows, Firefox, Seamonkey and 2 more 2025-04-11 N/A
Directory traversal vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 on Windows allows remote attackers to determine the existence of arbitrary files, and possibly load resources, via vectors involving a resource: URL.
CVE-2009-4896 1 Mlmmj 1 Mlmmj 2025-04-11 N/A
Multiple directory traversal vulnerabilities in the mlmmj-php-admin web interface for Mailing List Managing Made Joyful (mlmmj) 1.2.15 through 1.2.17 allow remote authenticated users to overwrite, create, or delete arbitrary files, or determine the existence of arbitrary directories, via a .. (dot dot) in a list name in a (1) edit or (2) save action.
CVE-2010-1653 2 Htmlcoderhelper, Joomla 2 Com Graphics, Joomla\! 2025-04-11 N/A
Directory traversal vulnerability in graphics.php in the Graphics (com_graphics) component 1.0.6 and 1.5.0 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information.
CVE-2012-1024 1 Dream-multimedia-tv 1 Enigma2 Webinterface 2025-04-11 N/A
Directory traversal vulnerability in file in Enigma2 Webinterface 1.5rc1 and 1.5beta4 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
CVE-2013-1224 1 Cisco 1 Unified Customer Voice Portal 2025-04-11 N/A
Directory traversal vulnerability in the Resource Manager in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 allows remote attackers to overwrite arbitrary files via a crafted (1) HTTP or (2) HTTPS request that triggers incorrect parameter validation, aka Bug ID CSCub38369.
CVE-2012-5380 1 Ruby-lang 1 Ruby 2025-04-11 6.7 Medium
Untrusted search path vulnerability in the installation functionality in Ruby 1.9.3-p194, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the C:\Ruby193\bin directory, which may be added to the PATH system environment variable by an administrator, as demonstrated by a Trojan horse wlbsctrl.dll file used by the "IKE and AuthIP IPsec Keying Modules" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview. NOTE: CVE disputes this issue because the unsafe PATH is established only by a separate administrative action that is not a default part of the Ruby installation
CVE-2010-1652 1 Helpcenterlive 1 Hcl 2025-04-11 N/A
Directory traversal vulnerability in the HelpCenter module in Help Center Live (HCL) 2.0.6 and 2.1.7 allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the file parameter to module.php. NOTE: some of these details are obtained from third party information.
CVE-2010-1607 2 Joomla, Paysyspro 2 Joomla\!, Com Wmi 2025-04-11 N/A
Directory traversal vulnerability in wmi.php in the Webmoney Web Merchant Interface (aka WMI or com_wmi) component 1.5.0 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
CVE-2010-1589 1 Vpasp 1 Vp-asp Shopping Cart 2025-04-11 N/A
Directory traversal vulnerability in shopsessionsubs.asp in Rocksalt International VP-ASP Shopping Cart 6.50 and earlier might allow remote attackers to determine the existence of arbitrary files via directory traversal sequences in the client's DNS hostname (aka the REMOTE_HOST variable), related to the CookielessGenerateFilename and CookielessReadFile functions.
CVE-2010-0799 1 Perlunity 1 Phpunity.newsmanager 2025-04-11 N/A
Directory traversal vulnerability in misc/tell_a_friend/tell.php in phpunity.newsmanager allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter.
CVE-2010-1492 1 Palosanto 1 Elastix 2025-04-11 N/A
Directory traversal vulnerability in help/frameRight.php in Elastix 1.6.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the id_nodo parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2012-5386 1 Nicolas Tormo 1 Phppaleo 2025-04-11 N/A
Directory traversal vulnerability in index.php in phpPaleo 4.8b180 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the phppaleo4_lang cookie, a different vulnerability than CVE-2012-1671. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2013-3661 1 Microsoft 8 Windows 7, Windows 8, Windows Rt and 5 more 2025-04-11 N/A
The EPATHOBJ::bFlatten function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not check whether linked-list traversal is continually accessing the same list member, which allows local users to cause a denial of service (infinite traversal) via vectors that trigger a crafted PATHRECORD chain.
CVE-2011-2780 1 Chyrp 1 Chyrp 2025-04-11 N/A
Directory traversal vulnerability in includes/lib/gz.php in Chyrp 2.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, a different vulnerability than CVE-2011-2744.