Total
7108 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-4920 | 2 Wordpress, Zingiri | 2 Wordpress, Forums | 2025-04-12 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the zing_forum_output function in forum.php in the Zingiri Forum (aka Forums) plugin before 1.4.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter to index.php. | |||||
| CVE-2014-100029 | 1 Ganesha Digital Library Project | 1 Ganesha Digital Library | 2025-04-12 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in class/session.php in Ganesha Digital Library (GDL) 4.2 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) newlang or (2) newtheme parameter. | |||||
| CVE-2016-0855 | 1 Advantech | 1 Webaccess | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in Advantech WebAccess before 8.1 allows remote attackers to list arbitrary virtual-directory files via unspecified vectors. | |||||
| CVE-2016-3976 | 1 Sap | 1 Netweaver Application Server Java | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the fileName parameter to CrashFileDownloadServlet, aka SAP Security Note 2234971. | |||||
| CVE-2015-4716 | 2 Microsoft, Owncloud | 3 Windows, Owncloud, Owncloud Server | 2025-04-12 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in the routing component in ownCloud Server before 7.0.6 and 8.0.x before 8.0.4, when running on Windows, allows remote attackers to reinstall the application or execute arbitrary code via unspecified vectors. | |||||
| CVE-2013-6303 | 1 Ibm | 1 Algo One | 2025-04-12 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated users to read arbitrary files via unspecified vectors. | |||||
| CVE-2014-2536 | 2 Intel, Mcafee | 3 Expressway Cloud Access 360, Cloud Identity Manager, Cloud Single Sign On | 2025-04-12 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in McAfee Cloud Identity Manager 3.0, 3.1, and 3.5.1, McAfee Cloud Single Sign On (MCSSO) before 4.0.1, and Intel Expressway Cloud Access 360-SSO 2.1 and 2.5 allows remote authenticated users to read an unspecified file containing a hash of the administrator password via unknown vectors. | |||||
| CVE-2014-2588 | 1 Mcafee | 1 Asset Manager | 2025-04-12 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in servlet/downloadReport in McAfee Asset Manager 6.6 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the reportFileName parameter. | |||||
| CVE-2015-4694 | 1 Zip Attachments Project | 1 Zip Attachments | 2025-04-12 | 5.0 MEDIUM | 8.6 HIGH |
| Directory traversal vulnerability in download.php in the Zip Attachments plugin before 1.5.1 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the za_file parameter. | |||||
| CVE-2015-2996 | 1 Sysaid | 1 Sysaid | 2025-04-12 | 8.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in SysAid Help Desk before 15.2 allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the fileName parameter to getGfiUpgradeFile or (2) cause a denial of service (CPU and memory consumption) via a .. (dot dot) in the fileName parameter to calculateRdsFileChecksum. | |||||
| CVE-2014-2976 | 1 Sixnet | 1 Sixview Manager | 2025-04-12 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Sixnet SixView Manager 2.4.1 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request to TCP port 18081. | |||||
| CVE-2016-5664 | 1 Accellion | 1 Kiteworks Appliance | 2025-04-12 | 5.0 MEDIUM | 4.3 MEDIUM |
| Directory traversal vulnerability on Accellion Kiteworks appliances before kw2016.03.00 allows remote attackers to read files via a crafted URI. | |||||
| CVE-2014-2858 | 1 Gopivotal | 2 Grails, Grails-resources | 2025-04-12 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the Resources plugin 1.0.0 before 1.2.6 for Pivotal Grails 2.0.0 through 2.3.6 allows remote attackers to obtain sensitive information via unspecified vectors related to a "configured block." NOTE: this issue was SPLIT from CVE-2014-0053 per ADT2 due to different vulnerability types. | |||||
| CVE-2015-1493 | 1 Moodle | 1 Moodle | 2025-04-12 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in the min_get_slash_argument function in lib/configonlylib.php in Moodle through 2.5.9, 2.6.x before 2.6.8, 2.7.x before 2.7.5, and 2.8.x before 2.8.3 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter, as demonstrated by reading PHP scripts. | |||||
| CVE-2015-5313 | 1 Redhat | 1 Libvirt | 2025-04-12 | 1.9 LOW | 2.5 LOW |
| Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage_backend_fs.c in libvirt, when fine-grained Access Control Lists (ACL) are in effect, allows local users with storage_vol:create ACL but not domain:write permission to write to arbitrary files via a .. (dot dot) in a volume name. | |||||
| CVE-2014-4306 | 1 Webtitan | 1 Webtitan | 2025-04-12 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in logs-x.php in WebTitan before 4.04 allows remote attackers to read arbitrary files via a .. (dot dot) in the logfile parameter in a download action. | |||||
| CVE-2014-0820 | 1 Cybozu | 1 Garoon | 2025-04-12 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in the download feature in Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 allows remote authenticated users to read arbitrary files via unspecified vectors. | |||||
| CVE-2014-0632 | 1 Emc | 1 Vplex Geosynchrony | 2025-04-12 | 9.0 HIGH | N/A |
| Directory traversal vulnerability in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 allows remote authenticated users to execute arbitrary code via unspecified vectors. | |||||
| CVE-2016-2872 | 1 Ibm | 2 Qradar Security Information And Event Manager, Security Qradar Incident Forensics | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| Directory traversal vulnerability in IBM Security QRadar SIEM 7.2.x before 7.2.7 and QRadar Incident Forensics 7.2.x before 7.2.7 allows remote attackers to read arbitrary files via a crafted URL. | |||||
| CVE-2014-3460 | 1 Microfocus | 2 Sentinel, Sentinel Agent Manager | 2025-04-12 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in the DumpToFile method in the NQMcsVarSet ActiveX control in Agent Manager in NetIQ Sentinel allows remote attackers to create arbitrary files, and consequently execute arbitrary code, via a crafted pathname. | |||||