Filtered by CWE-22
Total 9361 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2010-2507 2 Joomla, Masselink 2 Joomla\!, Com Picasa2gallery 2025-04-11 N/A
Directory traversal vulnerability in the Picasa2Gallery (com_picasa2gallery) component 1.2.8 and earlier for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
CVE-2011-3305 1 Cisco 2 Nac Appliance, Nac Manager 2025-04-11 N/A
Directory traversal vulnerability in Cisco Network Admission Control (NAC) Manager 4.8.x allows remote attackers to read arbitrary files via crafted traffic to TCP port 443, aka Bug ID CSCtq10755.
CVE-2011-4832 1 Caupo 2 Cauposhop Classic, Cauposhop Pro 2025-04-11 N/A
Directory traversal vulnerability in CaupoShop Pro 2.x, CaupoShop Classic 3.01, and CaupoShop Pro 3.70 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter in a template action.
CVE-2012-3360 1 Openstack 2 Essex, Folsom 2025-04-11 N/A
Directory traversal vulnerability in virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when used over libvirt-based hypervisors, allows remote authenticated users to write arbitrary files to the disk image via a .. (dot dot) in the path attribute of a file element.
CVE-2010-1531 2 Joomla, Redcomponent 2 Joomla\!, Com Redshop 2025-04-11 N/A
Directory traversal vulnerability in the redSHOP (com_redshop) component 1.0.x for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.
CVE-2011-4810 1 Whmcs 1 Whmcompletesolution 2025-04-11 N/A
Multiple directory traversal vulnerabilities in WHMCompleteSolution (WHMCS) 3.x and 4.x allow remote attackers to read arbitrary files via the templatefile parameter to (1) submitticket.php and (2) downloads.php, and (3) the report parameter to admin/reports.php.
CVE-2011-4800 1 Solarwinds 1 Serv-u File Server 2025-04-11 N/A
Directory traversal vulnerability in Serv-U FTP Server before 11.1.0.5 allows remote authenticated users to read and write arbitrary files, and list and create arbitrary directories, via a "..:/" (dot dot colon forward slash) in the (1) list, (2) put, or (3) get commands.
CVE-2011-4788 1 Hp 3 Storageworks P2000 G3 Msa Fc\/iscsi Dual Combo Controller Lff Array System, Storageworks P2000 G3 Msa Fibre Channel Dual Controller Lff Array System, Storageworks P2000 G3 Msa Fibre Channel Dual Controller Sff Array System 2025-04-11 N/A
Absolute path traversal vulnerability in the web interface on HP StorageWorks P2000 G3 MSA array systems allows remote attackers to read arbitrary files via a pathname in the URI.
CVE-2010-1491 2 Joomla, Mms.pipp 2 Joomla\!, Com Mmsblog 2025-04-11 N/A
Directory traversal vulnerability in the MMS Blog (com_mmsblog) component 2.3.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
CVE-2014-0666 1 Cisco 1 Jabber 2025-04-11 N/A
Directory traversal vulnerability in the Send Screen Capture implementation in Cisco Jabber 9.2(.1) and earlier on Windows allows remote attackers to upload arbitrary types of files, and consequently execute arbitrary code, via modified packets, aka Bug ID CSCug48056.
CVE-2011-4714 1 Vvertex 1 Muster 2025-04-11 N/A
Directory traversal vulnerability in Virtual Vertex Muster before 6.20 allows remote attackers to read arbitrary files via a \.. (backslash dot dot) in the URL.
CVE-2011-4712 1 Monoxide0184 1 Oxide Webserver 2025-04-11 N/A
Directory traversal vulnerability in Oxide WebServer allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in an HTTP request.
CVE-2011-4711 1 Namazu 1 Namazu 2025-04-11 N/A
Multiple directory traversal vulnerabilities in namazu.cgi in Namazu before 2.0.16 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) lang or (2) result parameter.
CVE-2010-3692 1 Apereo 1 Phpcas 2025-04-11 N/A
Directory traversal vulnerability in the callback function in client.php in phpCAS before 1.1.3, when proxy mode is enabled, allows remote attackers to create or overwrite arbitrary files via directory traversal sequences in a Proxy Granting Ticket IOU (PGTiou) parameter.
CVE-2011-4675 1 Widelands 1 Widelands 2025-04-11 N/A
The pathname canonicalization functionality in io/filesystem/filesystem.cc in Widelands before 15.1 expands leading ~ (tilde) characters to home-directory pathnames but does not restrict use of these characters in strings received from the network, which might allow remote attackers to conduct absolute path traversal attacks and overwrite arbitrary files via a ~ in a pathname that is used for a file transfer in an Internet game, a different vulnerability than CVE-2011-1932.
CVE-2010-0944 2 Joomla, Thorsten Riess 2 Joomla\!, Com Jcollection 2025-04-11 N/A
Directory traversal vulnerability in the JCollection (com_jcollection) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
CVE-2012-1196 1 Landesk 1 Lenovo Thinkmanagement Console 2025-04-11 N/A
Directory traversal vulnerability in the VulCore web service (WSVulnerabilityCore/VulCore.asmx) in Lenovo ThinkManagement Console 9.0.3 allows remote attackers to delete arbitrary files via a .. (dot dot) in the filename parameter in a SetTaskLogByFile SOAP request.
CVE-2010-1115 1 Comscripts 1 Web Server Creator Web Portal 2025-04-11 N/A
Directory traversal vulnerability in news/include/customize.php in Web Server Creator - Web Portal 0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the l parameter.
CVE-2012-4616 1 Emc 1 Data Protection Advisor 2025-04-11 N/A
Directory traversal vulnerability in the Web UI in EMC Data Protection Advisor (DPA) 5.6 through SP1, 5.7 through SP1, and 5.8 through SP4 allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2012-3380 1 Wargio 1 Naxsi 2025-04-11 N/A
Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Naxsi module before 0.46-1 for Nginx allows local users to read arbitrary files via unspecified vectors.