Search Results (9633 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-0582 1 Forgerock 1 Access Management 2025-04-14 8.1 High
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ForgeRock Access Management allows Authorization Bypass. This issue affects access management: before 7.3.0, before 7.2.1, before 7.1.4, through 7.0.2.
CVE-2023-0511 1 Forgerock 1 Java Policy Agents 2025-04-14 9.1 Critical
Relative Path Traversal vulnerability in ForgeRock Access Management Java Policy Agent allows Authentication Bypass. This issue affects Access Management Java Policy Agent: all versions up to 5.10.1
CVE-2023-0339 1 Forgerock 1 Web Policy Agents 2025-04-14 9.1 Critical
Relative Path Traversal vulnerability in ForgeRock Access Management Web Policy Agent allows Authentication Bypass. This issue affects Access Management Web Policy Agent: all versions up to 5.10.1
CVE-2021-39369 1 Philips 4 Myvue, Speech, Vue Motion and 1 more 2025-04-14 6.5 Medium
In Philips (formerly Carestream) Vue MyVue PACS through 12.2.x.x, the VideoStream function allows Path Traversal by authenticated users to access files stored outside of the web root.
CVE-2022-4511 1 Docsys Project 1 Docsys 2025-04-14 5.3 Medium
A vulnerability has been found in RainyGao DocSys and classified as critical. Affected by this vulnerability is an unknown functionality of the component com.DocSystem.controller.UserController#getUserImg. The manipulation leads to path traversal: '../filedir'. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-215851.
CVE-2024-34315 1 Cmseasy 1 Cmseasy 2025-04-14 7.5 High
CmsEasy v7.7.7.9 was discovered to contain a local file inclusion vunerability via the file_get_contents function in the fckedit_action method of /admin/template_admin.php. This vulnerability allows attackers to read arbitrary files.
CVE-2024-32163 1 Cmseasy 1 Cmseasy 2025-04-14 6.4 Medium
CMSeasy 7.7.7.9 is vulnerable to code execution.
CVE-2023-40279 2 Openclinic, Openclinic Ga Project 2 Ga, Openclinic Ga 2025-04-14 7.5 High
An issue was discovered in OpenClinic GA 5.247.01. An attacker can perform a directory path traversal via the Page parameter in a GET request to main.do.
CVE-2023-40280 1 Openclinic Ga Project 1 Openclinic Ga 2025-04-14 7.5 High
An issue was discovered in OpenClinic GA 5.247.01. An attacker can perform a directory path traversal via the Page parameter in a GET request to popup.jsp.
CVE-2015-0171 1 Ibm 1 Security Siteprotector System 2025-04-12 N/A
Directory traversal vulnerability in IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to write to arbitrary files via unspecified vectors.
CVE-2014-9181 1 Plex 1 Media Server 2025-04-12 N/A
Multiple directory traversal vulnerabilities in Plex Media Server before 0.9.9.3 allow remote attackers to read arbitrary files via a .. (dot dot) in the URI to (1) manage/ or (2) web/ or remote authenticated users to read arbitrary files via a .. (dot dot) in the URI to resources/.
CVE-2014-7866 1 Zohocorp 3 Manageengine It360, Manageengine Opmanager, Manageengine Social It Plus 2025-04-12 N/A
Multiple directory traversal vulnerabilities in ZOHO ManageEngine OpManager 8 (build 88xx) through 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allow remote attackers or remote authenticated users to write and execute arbitrary files via a .. (dot dot) in the (1) fileName parameter to the MigrateLEEData servlet or (2) zipFileName parameter in a downloadFileFromProbe operation to the MigrateCentralData servlet.
CVE-2013-1641 1 Quixplorer 1 Quixplorer 2025-04-12 N/A
Directory traversal vulnerability in the zip download functionality in QuiXplorer before 2.5.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the selitems[] parameter in a download_selected action to index.php.
CVE-2015-5305 1 Redhat 1 Openshift 2025-04-12 N/A
Directory traversal vulnerability in Kubernetes, as used in Red Hat OpenShift Enterprise 3.0, allows attackers to write to arbitrary files via a crafted object type name, which is not properly handled before passing it to etcd.
CVE-2013-3295 1 Exponentcms 1 Exponent Cms 2025-04-12 N/A
Directory traversal vulnerability in install/popup.php in Exponent CMS before 2.2.0 RC1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.
CVE-2015-7603 1 Konicaminolta 1 Ftp Utility 2025-04-12 N/A
Directory traversal vulnerability in Konica Minolta FTP Utility 1.0 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in a RETR command.
CVE-2014-8606 1 Xcloner 1 Xcloner 2025-04-12 N/A
Directory traversal vulnerability in the XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! allows remote administrators to read arbitrary files via a .. (dot dot) in the file parameter in a json_return action in the xcloner_show page to wp-admin/admin-ajax.php.
CVE-2014-8799 1 Dukapress 1 Dukapress 2025-04-12 N/A
Directory traversal vulnerability in the dp_img_resize function in php/dp-functions.php in the DukaPress plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter to lib/dp_image.php.
CVE-2014-5446 1 Zohocorp 2 Manageengine It360, Manageengine Netflow Analyzer 2025-04-12 N/A
Directory traversal vulnerability in the DisplayChartPDF servlet in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 allows remote attackers and remote authenticated users to read arbitrary files via a .. (dot dot) in the filename parameter.
CVE-2014-9373 1 Manageengine 1 Netflow Analyzer 2025-04-12 N/A
Directory traversal vulnerability in the CollectorConfInfoServlet servlet in ManageEngine NetFlow Analyzer allows remote attackers to execute arbitrary code via a .. (dot dot) in the filename.