Search Results (9619 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-2243 1 Webshophun 1 Webshop Hun 2025-04-12 N/A
Directory traversal vulnerability in Webshop hun 1.062S allows remote attackers to have unspecified impact via directory traversal sequences in the mappa parameter to index.php.
CVE-2016-8827 2 Microsoft, Nvidia 2 Windows, Geforce Experience 2025-04-12 6.5 Medium
NVIDIA GeForce Experience 3.x before GFE 3.1.0.52 contains a vulnerability in NVIDIA Web Helper.exe where a local web API endpoint, /VisualOPS/v.1.0./, lacks proper access control and parameter validation, allowing for information disclosure via a directory traversal attack.
CVE-2013-6768 2 Google, Koushik Dutta 2 Android, Superuser 2025-04-12 N/A
Untrusted search path vulnerability in the CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.2.x and earlier allows attackers to trigger the launch of a Trojan horse app_process program via a crafted PATH environment variable for a /system/xbin/su process.
CVE-2014-2210 1 Ca 1 Erwin Web Portal 2025-04-12 N/A
Multiple directory traversal vulnerabilities in CA ERwin Web Portal 9.5 allow remote attackers to obtain sensitive information, bypass intended access restrictions, cause a denial of service, or possibly execute arbitrary code via unspecified vectors.
CVE-2015-8565 1 Joomla 1 Joomla\! 2025-04-12 N/A
Directory traversal vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via unknown vectors.
CVE-2014-9282 1 Speed Software 2 Explorer, Root Explorer 2025-04-12 N/A
Directory traversal vulnerability in the Speed Root Explorer application before 3.2 for Android and the Speed Explorer application before 2.2 for Android allows remote attackers to write to arbitrary files via a crafted filename.
CVE-2016-9208 1 Cisco 1 Emergency Responder 2025-04-12 N/A
A vulnerability in the File Management Utility, the Download File form, and the Serviceability application of Cisco Emergency Responder could allow an authenticated, remote attacker to access files in arbitrary locations on the file system of an affected device. More Information: CSCva98951 CSCva98954 CSCvb57494. Known Affected Releases: 11.5(2.10000.5). Known Fixed Releases: 12.0(0.98000.14) 12.0(0.98000.16).
CVE-2015-2067 1 Magmi Project 1 Magmi 2025-04-12 N/A
Directory traversal vulnerability in web/ajax_pluginconf.php in the MAGMI (aka Magento Mass Importer) plugin for Magento Server allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
CVE-2014-6308 1 Osclass 1 Osclass 2025-04-12 N/A
Directory traversal vulnerability in OSClass before 3.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter in a render action to oc-admin/index.php.
CVE-2016-2571 2 Redhat, Squid-cache 2 Enterprise Linux, Squid 2025-04-12 N/A
http.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 proceeds with the storage of certain data after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response.
CVE-2015-1000005 1 Candidate-application-form Project 1 Candidate-application-form 2025-04-12 N/A
Remote file download vulnerability in candidate-application-form v1.0 wordpress plugin
CVE-2016-5664 1 Accellion 1 Kiteworks Appliance 2025-04-12 N/A
Directory traversal vulnerability on Accellion Kiteworks appliances before kw2016.03.00 allows remote attackers to read files via a crafted URI.
CVE-2014-8019 1 Cisco 1 Enterprise Content Delivery System 2025-04-12 N/A
Directory traversal vulnerability in Cisco Enterprise Content Delivery System (ECDS) allows remote attackers to read arbitrary files via a crafted URL, aka Bug ID CSCuo90148.
CVE-2015-8794 1 Roundcube 1 Roundcube Webmail 2025-04-12 N/A
Absolute path traversal vulnerability in program/steps/addressbook/photo.inc in Roundcube before 1.0.6 and 1.1.x before 1.1.2 allows remote authenticated users to read arbitrary files via a full pathname in the _alt parameter, related to contact photo handling.
CVE-2015-8920 4 Canonical, Libarchive, Novell and 1 more 6 Ubuntu Linux, Libarchive, Suse Linux Enterprise Desktop and 3 more 2025-04-12 N/A
The _ar_read_header function in archive_read_support_format_ar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds stack read) via a crafted ar file.
CVE-2015-2996 1 Sysaid 1 Sysaid 2025-04-12 N/A
Multiple directory traversal vulnerabilities in SysAid Help Desk before 15.2 allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the fileName parameter to getGfiUpgradeFile or (2) cause a denial of service (CPU and memory consumption) via a .. (dot dot) in the fileName parameter to calculateRdsFileChecksum.
CVE-2014-0475 2 Gnu, Redhat 2 Glibc, Enterprise Linux 2025-04-12 N/A
Multiple directory traversal vulnerabilities in GNU C Library (aka glibc or libc6) before 2.20 allow context-dependent attackers to bypass ForceCommand restrictions and possibly have other unspecified impact via a .. (dot dot) in a (1) LC_*, (2) LANG, or other locale environment variable.
CVE-2015-0480 2 Oracle, Redhat 6 Jdk, Jre, Enterprise Linux and 3 more 2025-04-12 N/A
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect integrity and availability via unknown vectors related to Tools.
CVE-2015-5688 1 Geddyjs 1 Geddy 2025-04-12 N/A
Directory traversal vulnerability in lib/app/index.js in Geddy before 13.0.8 for Node.js allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the PATH_INFO to the default URI.
CVE-2015-0516 1 Emc 2 Vipr Srm, Watch4net 2025-04-12 N/A
Directory traversal vulnerability in EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 allows remote authenticated users to read arbitrary files via a crafted URL.