Search Results (9627 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-2626 1 Hp 1 Network Virtualization 2025-04-12 N/A
Directory traversal vulnerability in the toServerObject function in HP Network Virtualization 8.6 (aka Shunra Network Virtualization) allows remote attackers to create files, and consequently execute arbitrary code, via crafted input, aka ZDI-CAN-2024.
CVE-2014-3340 1 Cisco 1 Webex Meetmenow 2025-04-12 N/A
Directory traversal vulnerability in an unspecified PHP script in the server in Cisco WebEx MeetMeNow allows remote authenticated users to read arbitrary files via a crafted request, aka Bug ID CSCuo16166.
CVE-2014-2732 1 Siemens 1 Sinema Server 2025-04-12 N/A
Multiple directory traversal vulnerabilities in the integrated web server in Siemens SINEMA Server before 12 SP1 allow remote attackers to access arbitrary files via HTTP traffic to port (1) 4999 or (2) 80.
CVE-2013-5984 1 Microweber 1 Microweber 2025-04-12 N/A
Directory traversal vulnerability in userfiles/modules/admin/backup/delete.php in Microweber before 0.830 allows remote attackers to delete arbitrary files via a .. (dot dot) in the file parameter.
CVE-2013-6304 1 Ibm 2 Algo One, Algo Risk Application 2025-04-12 N/A
Multiple directory traversal vulnerabilities in Algo Risk Application (ARA) 2.4.0.1 through 4.9.1 in IBM Algo One allow remote authenticated users to bypass intended access restrictions via a crafted pathname for a (1) configuration or (2) JAR file.
CVE-2015-2862 1 Kaseya 1 Virtual System Administrator 2025-04-12 N/A
Directory traversal vulnerability in Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 allows remote authenticated users to read arbitrary files via a crafted HTTP request.
CVE-2015-3648 1 Montala 1 Resourcespace 2025-04-12 N/A
Directory traversal vulnerability in pages/setup.php in Montala Limited ResourceSpace before 7.2.6727 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the defaultlanguage parameter.
CVE-2014-2864 1 Paperthin 1 Commonspot Content Server 2025-04-12 N/A
Multiple directory traversal vulnerabilities in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allow remote attackers to have an unspecified impact via a filename parameter containing directory traversal sequences.
CVE-2015-5531 1 Elasticsearch 1 Elasticsearch 2025-04-12 N/A
Directory traversal vulnerability in Elasticsearch before 1.6.1 allows remote attackers to read arbitrary files via unspecified vectors related to snapshot API calls.
CVE-2014-0358 1 Xangati 2 Xangati Software Release, Xangati Xnr 2025-04-12 N/A
Multiple directory traversal vulnerabilities in Xangati XSR before 11 and XNR before 7 allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the file parameter in a getUpgradeStatus action to servlet/MGConfigData, (2) the download parameter in a download action to servlet/MGConfigData, (3) the download parameter in a port_svc action to servlet/MGConfigData, (4) the file parameter in a getfile action to servlet/Installer, or (5) the binfile parameter to servlet/MGConfigData.
CVE-2014-5111 1 Netfortris 1 Trixbox 2025-04-12 N/A
Multiple directory traversal vulnerabilities in Fonality trixbox allow remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter to (1) home/index.php, (2) asterisk_info/asterisk_info.php, (3) repo/repo.php, or (4) endpointcfg/endpointcfg.php in maint/modules/.
CVE-2013-7448 2 Debian, Didiwiki Project 2 Debian Linux, Didiwiki 2025-04-12 N/A
Directory traversal vulnerability in wiki.c in didiwiki allows remote attackers to read arbitrary files via the page parameter to api/page/get.
CVE-2014-6394 3 Apple, Fedoraproject, Joyent 3 Xcode, Fedora, Node.js 2025-04-12 N/A
visionmedia send before 0.8.4 for Node.js uses a partial comparison for verifying whether a directory is within the document root, which allows remote attackers to access restricted directories, as demonstrated using "public-restricted" under a "public" directory.
CVE-2015-1589 1 Archmage Project 1 Archmage 2025-04-12 N/A
Directory traversal vulnerability in arCHMage 0.2.4 allows remote attackers to write to arbitrary files via a .. (dot dot) in a CHM file.
CVE-2016-6138 1 Sap 1 Trex 2025-04-12 N/A
Directory traversal vulnerability in SAP TREX 7.10 Revision 63 allows remote attackers to read arbitrary files via unspecified vectors, aka SAP Security Note 2203591.
CVE-2013-6221 1 Hp 1 Service Virtualization 2025-04-12 N/A
Directory traversal vulnerability in CommunicationServlet in HP Service Virtualization 3.x before 3.50.1, when the AutoPass license server is enabled, allows remote attackers to create arbitrary files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-2031.
CVE-2015-2971 1 Seeds 1 Acmailer 2025-04-12 N/A
Directory traversal vulnerability in Seeds acmailer before 3.8.18 and 3.9.x before 3.9.12 Beta allows remote authenticated users to delete arbitrary files via a crafted string.
CVE-2014-5115 1 Dirphp Project 1 Dirphp 2025-04-12 N/A
Absolute path traversal vulnerability in DirPHP 1.0 allows remote attackers to read arbitrary files via a full pathname in the phpfile parameter to index.php.
CVE-2015-3940 1 Schneider-electric 1 Wonderware System Platform 2014 2025-04-12 N/A
Untrusted search path vulnerability in Schneider Electric Wonderware System Platform before 2014 R2 Patch 01 allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.
CVE-2014-1442 1 Coreftp 1 Core Ftp 2025-04-12 N/A
Directory traversal vulnerability in Core FTP Server 1.2 before build 515 allows remote authenticated users to determine the existence of arbitrary files via a /../ sequence in an XCRC command.