Total
5025 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-0049 | 1 Mj2 | 1 Majordomo 2 | 2018-10-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the _list_file_get function in lib/Majordomo.pm in Majordomo 2 before 20110131 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the help command, as demonstrated using (1) a crafted email and (2) cgi-bin/mj_wwwusr in the web interface. | |||||
| CVE-2011-0063 | 1 Mj2 | 1 Majordomo 2 | 2018-10-10 | 5.0 MEDIUM | N/A |
| The _list_file_get function in lib/Majordomo.pm in Majordomo 2 20110203 and earlier allows remote attackers to conduct directory traversal attacks and read arbitrary files via a ./.../ sequence in the "extra" parameter to the help command, which causes the regular expression to produce .. (dot dot) sequences. NOTE: this vulnerability is due to an incomplete fix for CVE-2011-0049. | |||||
| CVE-2011-0345 | 1 Alcatel-lucent | 1 Omnivista | 2018-10-10 | 3.3 LOW | N/A |
| Directory traversal vulnerability in the NMS server in Alcatel-Lucent OmniVista 4760 R5.1.06.03 and earlier allows remote attackers to read arbitrary files via directory traversal sequences in HTTP GET requests, related to the lang variable. | |||||
| CVE-2010-4330 | 1 Pulsecms | 1 Pulse Cms | 2018-10-10 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in includes/controller.php in Pulse CMS Basic before 1.2.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the p parameter to index.php. | |||||
| CVE-2010-4790 | 1 In-mediakg | 1 Filterftp | 2018-10-10 | 5.8 MEDIUM | N/A |
| Directory traversal vulnerability in FilterFTP 2.0.3, 2.0.5, and probably earlier versions, allows remote FTP servers to write arbitrary files via a "..\" (dot dot backslash) in a filename. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-4867 | 1 W-agora | 1 W-agora | 2018-10-10 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in search.php3 (aka search.php) in W-Agora 4.2.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the bn parameter. | |||||
| CVE-2010-5280 | 2 Joomla, Joomla-cbe | 2 Joomla\!, Com Cbe | 2018-10-10 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in the Community Builder Enhanced (CBE) (com_cbe) component 1.4.8, 1.4.9, and 1.4.10 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tabname parameter in a userProfile action to index.php. NOTE: this can be leveraged to execute arbitrary code by using the file upload feature. | |||||
| CVE-2010-4095 | 1 Robo-ftp | 1 Robo-ftp | 2018-10-10 | 9.3 HIGH | N/A |
| Directory traversal vulnerability in the FTP client in Serengeti Systems Incorporated Robo-FTP 3.7.3, and probably other versions before 3.7.5, allows remote FTP servers to write arbitrary files via a .. (dot dot) in a filename in a server response. | |||||
| CVE-2010-4149 | 1 Freshwebmaster | 1 Fresh Ftp | 2018-10-10 | 9.3 HIGH | N/A |
| Directory traversal vulnerability in FreshWebMaster Fresh FTP 5.36, 5.37, and possibly earlier, allows remote FTP servers to write arbitrary files via a "..\" (dot dot backslash) in a filename. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-4229 | 1 Novell | 1 Zenworks Configuration Management | 2018-10-10 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in an unspecified servlet in the Inventory component in ZENworks Asset Management (ZAM) in Novell ZENworks Configuration Management 10.3 before 10.3.2, and 11, allows remote attackers to overwrite files, and subsequently execute arbitrary code, via directory traversal sequences in a filename field in an upload request. | |||||
| CVE-2010-4231 | 2 Camtron, Tecvoz | 4 Cmnc-200, Cmnc-200 Firmware, Cmnc-200 and 1 more | 2018-10-10 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in the web-based administration interface on the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI. | |||||
| CVE-2010-4282 | 1 Artica | 1 Pandora Fms | 2018-10-10 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in Pandora FMS before 3.1.1 allow remote attackers to include and execute arbitrary local files via (1) the page parameter to ajax.php or (2) the id parameter to general/pandora_help.php, and allow remote attackers to include and execute, create, modify, or delete arbitrary local files via (3) the layout parameter to operation/agentes/networkmap.php. | |||||
| CVE-2010-3743 | 1 Rene Tegel | 1 Visual Synapse | 2018-10-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Visual Synapse HTTP Server 1.0 RC1 through RC3, and 0.60 and earlier, allows remote attackers to read arbitrary files via a .. (dot dot) in the URI. | |||||
| CVE-2010-3863 | 2 Apache, Jsecurity | 2 Shiro, Jsecurity | 2018-10-10 | 5.0 MEDIUM | N/A |
| Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI. | |||||
| CVE-2010-3096 | 1 Softx | 1 Ftp Client | 2018-10-10 | 9.3 HIGH | N/A |
| Directory traversal vulnerability in SoftX FTP Client 3.3 and possibly earlier allows remote FTP servers to write arbitrary files via "..\" (dot dot backslash) sequences in a filename. | |||||
| CVE-2010-3261 | 1 Rsa | 1 Authentication Agent For Web | 2018-10-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in RSA Authentication Agent 7.0 before P2 for Web allows remote attackers to read unspecified data via unknown vectors. | |||||
| CVE-2010-2848 | 2 Gonzalo Maser, Joomla | 2 Com Artforms, Joomla\! | 2018-10-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in assets/captcha/includes/alikon/playcode.php in the InterJoomla ArtForms (com_artforms) component 2.1b7.2 RC2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the l parameter. | |||||
| CVE-2010-2425 | 1 Southrivertech | 1 Titan Ftp Server | 2018-10-10 | 6.5 MEDIUM | N/A |
| Directory traversal vulnerability in TitanFTPd in South River Technologies Titan FTP Server 8.10.1125, and probably earlier versions, allows remote authenticated users to read or delete arbitrary files via "..//" sequences in a COMB command. | |||||
| CVE-2010-2426 | 1 Southrivertech | 1 Titan Ftp Server | 2018-10-10 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in TitanFTPd in South River Technologies Titan FTP Server 8.10.1125, and probably earlier versions, allows remote authenticated users to read arbitrary files, determine file size, via "..//" sequences in the xcrc command. | |||||
| CVE-2010-2695 | 1 Xlightftpd | 1 Xlight Ftp Server | 2018-10-10 | 6.5 MEDIUM | N/A |
| Directory traversal vulnerability in the SFTP/SSH2 virtual server in Xlight FTP Server 3.5.0, 3.5.5, and possibly other versions before 3.6 allows remote authenticated users to read, overwrite, or delete arbitrary files via .. (dot dot) sequences in the (1) ls, (2) rm, (3) rename, and other unspecified commands. | |||||