Total
7108 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-4532 | 1 Siemens | 1 Automation License Manager | 2025-04-11 | 5.0 MEDIUM | N/A |
| Absolute path traversal vulnerability in the ALMListView.ALMListCtrl ActiveX control in almaxcx.dll in the graphical user interface in Siemens Automation License Manager (ALM) 2.0 through 5.1+SP1+Upd2 allows remote attackers to overwrite arbitrary files via the Save method. | |||||
| CVE-2010-2861 | 1 Adobe | 1 Coldfusion | 2025-04-11 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files via the locale parameter to (1) CFIDE/administrator/settings/mappings.cfm, (2) logging/settings.cfm, (3) datasources/index.cfm, (4) j2eepackaging/editarchive.cfm, and (5) enter.cfm in CFIDE/administrator/. | |||||
| CVE-2012-0998 | 1 Lepton-cms | 1 Lepton | 2025-04-11 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in account/preferences.php in LEPTON before 1.1.4 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the language parameter. | |||||
| CVE-2012-0403 | 1 Rsa | 1 Envision | 2025-04-11 | 6.3 MEDIUM | N/A |
| Directory traversal vulnerability in EMC RSA enVision 4.x before 4.1 Patch 4 allows remote authenticated users to have an unspecified impact via unknown vectors. | |||||
| CVE-2013-4702 | 1 Lockon | 1 Ec-cube | 2025-04-11 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in the doApiAction function in data/class/api/SC_Api_Operation.php in LOCKON EC-CUBE 2.12.0 through 2.12.5 on Windows allow remote attackers to read arbitrary files via vectors involving a (1) Operation, (2) Service, (3) Style, (4) Validate, or (5) Version value. | |||||
| CVE-2011-4518 | 1 Microsys | 1 Promotic | 2025-04-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the PmWebDir object in the web server in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2013-4315 | 1 Djangoproject | 1 Django | 2025-04-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Django 1.4.x before 1.4.7, 1.5.x before 1.5.3, and 1.6.x before 1.6 beta 3 allows remote attackers to read arbitrary files via a file path in the ALLOWED_INCLUDE_ROOTS setting followed by a .. (dot dot) in a ssi template tag. | |||||
| CVE-2010-5086 | 1 Bitweaver | 1 Bitweaver | 2025-04-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in wiki/rankings.php in Bitweaver 2.7 and 2.8.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the style parameter. | |||||
| CVE-2010-1951 | 1 60cyclecms Project | 1 60cyclecms | 2025-04-11 | 6.8 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in 60cycleCMS allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the DOCUMENT_ROOT parameter to (1) news.php, (2) submitComment.php, and (3) sqlConnect.php. | |||||
| CVE-2012-5386 | 1 Nicolas Tormo | 1 Phppaleo | 2025-04-11 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in phpPaleo 4.8b180 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the phppaleo4_lang cookie, a different vulnerability than CVE-2012-1671. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2012-5380 | 1 Ruby-lang | 1 Ruby | 2025-04-11 | 6.0 MEDIUM | 6.7 MEDIUM |
| Untrusted search path vulnerability in the installation functionality in Ruby 1.9.3-p194, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the C:\Ruby193\bin directory, which may be added to the PATH system environment variable by an administrator, as demonstrated by a Trojan horse wlbsctrl.dll file used by the "IKE and AuthIP IPsec Keying Modules" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview. NOTE: CVE disputes this issue because the unsafe PATH is established only by a separate administrative action that is not a default part of the Ruby installation | |||||
| CVE-2012-5972 | 1 Specview | 1 Specview | 2025-04-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the web server in SpecView 2.5 build 853 and earlier allows remote attackers to read arbitrary files via a ... (dot dot dot) in a URI. | |||||
| CVE-2012-0896 | 3 Count Per Day Project, Tom Braider, Wordpress | 3 Count Per Day, Count Per Day, Wordpress | 2025-04-11 | 5.0 MEDIUM | N/A |
| Absolute path traversal vulnerability in download.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to read arbitrary files via the f parameter. | |||||
| CVE-2011-0751 | 1 Nazgul | 1 Nostromo | 2025-04-11 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in nhttpd (aka Nostromo webserver) before 1.9.4 allows remote attackers to execute arbitrary programs or read arbitrary files via a ..%2f (encoded dot dot slash) in a URI. | |||||
| CVE-2011-4135 | 1 Flexerasoftware | 1 Flexnet Publisher | 2025-04-11 | 10.0 HIGH | N/A |
| Multiple directory traversal vulnerabilities in lmgrd in Flexera FlexNet Publisher 11.10 (aka FlexNet License Server Manager) allow remote attackers to execute arbitrary code via vectors related to save, rename, and load operations on log files. NOTE: this might overlap CVE-2011-1389. | |||||
| CVE-2011-0505 | 1 Remi Jean | 1 Zwii | 2025-04-11 | 5.1 MEDIUM | N/A |
| Directory traversal vulnerability in system/system.php in Zwii 2.1.1, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the set[template][value] parameter. | |||||
| CVE-2010-2456 | 1 Codelib | 1 Linker Img | 2025-04-11 | 6.8 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in index.php in Linker IMG 1.0 and earlier allow remote attackers to read and execute arbitrary local files via a URL in the (1) cook_lan cookie parameter ($lan_dir variable) or possibly (2) Sdb_type parameter. NOTE: this was originally reported as remote file inclusion, but this may be inaccurate. | |||||
| CVE-2011-1586 | 1 Kde | 1 Kde Sc | 2025-04-11 | 5.8 MEDIUM | N/A |
| Directory traversal vulnerability in the KGetMetalink::File::isValidNameAttr function in ui/metalinkcreator/metalinker.cpp in KGet in KDE SC 4.6.2 and earlier allows remote attackers to create arbitrary files via a .. (dot dot) in the name attribute of a file element in a metalink file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-1000. | |||||
| CVE-2010-2322 | 1 Matthias Klose | 1 Fastjar | 2025-04-11 | 2.6 LOW | N/A |
| Absolute path traversal vulnerability in the extract_jar function in jartool.c in FastJar 0.98 allows remote attackers to create or overwrite arbitrary files via a full pathname for a file within a .jar archive, a related issue to CVE-2010-0831. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-3619. | |||||
| CVE-2012-1671 | 1 Nicolas Tormo | 1 Phppaleo | 2025-04-11 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in phpPaleo 4.8b155 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter. | |||||