Search Results (9603 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-7361 1 Sap 2 Cm Services, Cms Services 2025-04-12 N/A
Directory traversal vulnerability in SAP CMS and CM Services allows attackers to upload arbitrary files via unspecified vectors.
CVE-2016-1434 1 Cisco 2 Ip Phone 8800, Ip Phone 8800 Series Firmware 2025-04-12 N/A
The license-certificate upload functionality on Cisco 8800 phones with software 11.0(1) allows remote authenticated users to delete arbitrary files via an invalid file, aka Bug ID CSCuz03010.
CVE-2016-5639 1 Crestron 2 Airmedia Am-100, Airmedia Am-100 Firmware 2025-04-12 N/A
Directory traversal vulnerability in cgi-bin/login.cgi on Crestron AirMedia AM-100 devices with firmware before 1.4.0.13 allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter.
CVE-2014-5111 1 Netfortris 1 Trixbox 2025-04-12 N/A
Multiple directory traversal vulnerabilities in Fonality trixbox allow remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter to (1) home/index.php, (2) asterisk_info/asterisk_info.php, (3) repo/repo.php, or (4) endpointcfg/endpointcfg.php in maint/modules/.
CVE-2011-4367 1 Apache 1 Myfaces 2025-04-12 7.5 High
Multiple directory traversal vulnerabilities in MyFaces JavaServer Faces (JSF) in Apache MyFaces Core 2.0.x before 2.0.12 and 2.1.x before 2.1.6 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) ln parameter to faces/javax.faces.resource/web.xml or (2) the PATH_INFO to faces/javax.faces.resource/.
CVE-2016-8343 1 Indasengineering 1 Web Scada 2025-04-12 N/A
Directory traversal vulnerability in INDAS Web SCADA before 3 allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2014-0471 2 Canonical, Debian 2 Ubuntu Linux, Dpkg 2025-04-12 N/A
Directory traversal vulnerability in the unpacking functionality in dpkg before 1.15.9, 1.16.x before 1.16.13, and 1.17.x before 1.17.8 allows remote attackers to write arbitrary files via a crafted source package, related to "C-style filename quoting."
CVE-2016-5307 1 Symantec 1 Endpoint Protection Manager 2025-04-12 N/A
Directory traversal vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to read arbitrary files in the web-root directory tree via unspecified vectors.
CVE-2015-6459 1 Ge 1 Mds Pulsenet 2025-04-12 N/A
Absolute path traversal vulnerability in the download feature in FileDownloadServlet in GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise before 3.1.5 allows remote attackers to read or delete arbitrary files via a full pathname.
CVE-2014-3618 3 Canonical, Procmail, Redhat 3 Ubuntu Linux, Procmail, Enterprise Linux 2025-04-12 N/A
Heap-based buffer overflow in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted email header, related to "unbalanced quotes."
CVE-2013-6771 1 Splunk 1 Splunk 2025-04-12 N/A
Directory traversal vulnerability in the collect script in Splunk before 5.0.5 allows remote attackers to execute arbitrary commands via a .. (dot dot) in the file parameter. NOTE: this issue was SPLIT per ADT2 due to different vulnerability types. CVE-2013-7394 is for the issue in the "runshellscript echo.sh" script.
CVE-2014-9452 1 Vdgsecurity 1 Vdg Sense 2025-04-12 N/A
Directory traversal vulnerability in VDG Security SENSE (formerly DIVA) 2.3.13 allows remote attackers to read arbitrary files via a .. (dot dot) in the default URI to images/.
CVE-2014-3641 2 Openstack, Redhat 2 Cinder, Openstack 2025-04-12 N/A
The (1) GlusterFS and (2) Linux Smbfs drivers in OpenStack Cinder before 2014.1.3 allows remote authenticated users to obtain file data from the Cinder-volume host by cloning and attaching a volume with a crafted qcow2 header.
CVE-2014-5370 1 New Atlanta 1 Bluedragon 2025-04-12 N/A
Directory traversal vulnerability in the CFChart servlet (com.naryx.tagfusion.cfm.cfchartServlet) in New Atlanta BlueDragon before 7.1.1.18527 allows remote attackers to read or possibly delete arbitrary files via a .. (dot dot) in the QUERY_STRING to cfchart.cfchart.
CVE-2014-9155 1 Avatar Uploader Project 1 Avatar Uploader 2025-04-12 N/A
Directory traversal vulnerability in the Avatar Uploader module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.0-beta6 for Drupal allows remote authenticated users to read arbitrary files via a .. (dot dot) in the path of a cropped picture in the uploader panel.
CVE-2014-9581 1 Codiad 1 Codiad 2025-04-12 N/A
Directory traversal vulnerability in components/filemanager/download.php in Codiad 2.4.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter. NOTE: this issue was originally incorrectly mapped to CVE-2014-1137; see CVE-2014-1137 for more information.
CVE-2016-3972 1 Dotcms 1 Dotcms 2025-04-12 N/A
Directory traversal vulnerability in the dotTailLogServlet in dotCMS before 3.5.1 allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the fileName parameter.
CVE-2016-2166 3 Apache, Fedoraproject, Redhat 4 Qpid Proton, Fedora, Satellite and 1 more 2025-04-12 N/A
The (1) proton.reactor.Connector, (2) proton.reactor.Container, and (3) proton.utils.BlockingConnection classes in Apache Qpid Proton before 0.12.1 improperly use an unencrypted connection for an amqps URI scheme when SSL support is unavailable, which might allow man-in-the-middle attackers to obtain sensitive information or modify data via unspecified vectors.
CVE-2016-1671 1 Google 2 Android, Chrome 2025-04-12 N/A
Google Chrome before 50.0.2661.102 on Android mishandles / (slash) and \ (backslash) characters, which allows attackers to conduct directory traversal attacks via a file: URL, related to net/base/escape.cc and net/base/filename_util.cc.
CVE-2015-4031 1 Visualmining 1 Netcharts Server 2025-04-12 N/A
Directory traversal vulnerability in saveFile.jsp in the development installation in Visual Mining NetChart allows remote attackers to write to arbitrary files via unspecified vectors.