Total
8912 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-6037 | 1 Zohocorp | 1 Manageengine Eventlog Analyzer | 2025-04-12 | N/A |
| Directory traversal vulnerability in the agentUpload servlet in ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020 allows remote attackers to execute arbitrary code by uploading a ZIP file which contains an executable file with .. (dot dot) sequences in its name, then accessing the executable via a direct request to the file under the web root. Fixed in Build 11072. | ||||
| CVE-2014-8727 | 1 F5 | 1 Big-ip Local Traffic Manager | 2025-04-12 | N/A |
| Multiple directory traversal vulnerabilities in F5 BIG-IP before 10.2.2 allow local users with the "Resource Administrator" or "Administrator" role to enumerate and delete arbitrary files via a .. (dot dot) in the name parameter to (1) tmui/Control/jspmap/tmui/system/archive/properties.jsp or (2) tmui/Control/form. | ||||
| CVE-2015-0665 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2025-04-12 | N/A |
| The Hostscan module in Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local users to write to arbitrary files via crafted IPC messages, aka Bug ID CSCus79173. | ||||
| CVE-2010-5323 | 1 Novell | 1 Zenworks Configuration Management | 2025-04-12 | N/A |
| Directory traversal vulnerability in UploadServlet in the Remote Management component in Novell ZENworks Configuration Management (ZCM) 10 before 10.3 allows remote attackers to execute arbitrary code via a crafted WAR pathname in the filename parameter in conjunction with WAR content in the POST data, a different vulnerability than CVE-2010-5324. | ||||
| CVE-2015-1577 | 1 Yuba | 1 U5cms | 2025-04-12 | N/A |
| Directory traversal vulnerability in u5admin/deletefile.php in u5CMS before 3.9.4 allows remote attackers to write to arbitrary files via a (1) .. (dot dot) or (2) full pathname in the f parameter. | ||||
| CVE-2015-2007 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2025-04-12 | N/A |
| Directory traversal vulnerability in IBM Security QRadar SIEM 7.2.x before 7.2.5 Patch 6 allows remote authenticated users to read arbitrary files via a crafted URL. | ||||
| CVE-2014-5370 | 1 New Atlanta | 1 Bluedragon | 2025-04-12 | N/A |
| Directory traversal vulnerability in the CFChart servlet (com.naryx.tagfusion.cfm.cfchartServlet) in New Atlanta BlueDragon before 7.1.1.18527 allows remote attackers to read or possibly delete arbitrary files via a .. (dot dot) in the QUERY_STRING to cfchart.cfchart. | ||||
| CVE-2015-2990 | 1 Neojapan | 1 Desknet Neo | 2025-04-12 | N/A |
| Directory traversal vulnerability in zhtml.cgi in NEOJAPAN desknet NEO 2.0R1.0 through 2.5R1.4 allows remote authenticated users to read arbitrary files via a crafted parameter. | ||||
| CVE-2015-5065 | 1 Intelligent-it | 1 Paypal Currency Converter Basic For Woocommerce | 2025-04-12 | N/A |
| Absolute path traversal vulnerability in proxy.php in the google currency lookup in the Paypal Currency Converter Basic For WooCommerce plugin before 1.4 for WordPress allows remote attackers to read arbitrary files via a full pathname in the requrl parameter. | ||||
| CVE-2015-5472 | 1 Ibs Mappro Project | 1 Ibs Mappro | 2025-04-12 | N/A |
| Absolute path traversal vulnerability in lib/download.php in the IBS Mappro plugin before 1.0 for WordPress allows remote attackers to read arbitrary files via a full pathname in the file parameter. | ||||
| CVE-2015-6003 | 1 Qnap | 1 Qts | 2025-04-12 | N/A |
| Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account. | ||||
| CVE-2015-7815 | 1 Matomo | 1 Matomo | 2025-04-12 | N/A |
| Directory traversal vulnerability in core/ViewDataTable/Factory.php in Piwik before 2.15.0 allows remote attackers to include and execute arbitrary local files via the viewDataTable parameter. | ||||
| CVE-2016-1525 | 1 Netgear | 1 Prosafe Network Management Software 300 | 2025-04-12 | N/A |
| Directory traversal vulnerability in data/config/image.do in NETGEAR Management System NMS300 1.5.0.11 and earlier allows remote authenticated users to read arbitrary files via a .. (dot dot) in the realName parameter. | ||||
| CVE-2016-2933 | 1 Ibm | 1 Bigfix Remote Control | 2025-04-12 | N/A |
| Directory traversal vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote authenticated administrators to read arbitrary files via a crafted request. | ||||
| CVE-2016-3972 | 1 Dotcms | 1 Dotcms | 2025-04-12 | N/A |
| Directory traversal vulnerability in the dotTailLogServlet in dotCMS before 3.5.1 allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the fileName parameter. | ||||
| CVE-2016-5332 | 1 Vmware | 1 Vrealize Log Insight | 2025-04-12 | N/A |
| Directory traversal vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.6.0 allows remote attackers to read arbitrary files via unspecified vectors. | ||||
| CVE-2016-6023 | 1 Ibm | 1 Sterling Secure Proxy | 2025-04-12 | N/A |
| Directory traversal vulnerability in the Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows remote attackers to read arbitrary files via a crafted URL. | ||||
| CVE-2016-8343 | 1 Indasengineering | 1 Web Scada | 2025-04-12 | N/A |
| Directory traversal vulnerability in INDAS Web SCADA before 3 allows remote attackers to read arbitrary files via unspecified vectors. | ||||
| CVE-2016-8827 | 2 Microsoft, Nvidia | 2 Windows, Geforce Experience | 2025-04-12 | 6.5 Medium |
| NVIDIA GeForce Experience 3.x before GFE 3.1.0.52 contains a vulnerability in NVIDIA Web Helper.exe where a local web API endpoint, /VisualOPS/v.1.0./, lacks proper access control and parameter validation, allowing for information disclosure via a directory traversal attack. | ||||
| CVE-2016-9208 | 1 Cisco | 1 Emergency Responder | 2025-04-12 | N/A |
| A vulnerability in the File Management Utility, the Download File form, and the Serviceability application of Cisco Emergency Responder could allow an authenticated, remote attacker to access files in arbitrary locations on the file system of an affected device. More Information: CSCva98951 CSCva98954 CSCvb57494. Known Affected Releases: 11.5(2.10000.5). Known Fixed Releases: 12.0(0.98000.14) 12.0(0.98000.16). | ||||