Total
5025 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-5393 | 1 Sos | 1 Jobscheduler | 2018-10-09 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in the JobScheduler Operations Center (JOC) in SOS JobScheduler before 1.6.4246 and 1.7.x before 1.7.4241 allows remote authenticated users with the info permission to read arbitrary files in the webroot via unspecified vectors. | |||||
| CVE-2014-5258 | 1 Webedition | 1 Webedition Cms | 2018-10-09 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in showTempFile.php in webEdition CMS before 6.3.9.0 Beta allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter. | |||||
| CVE-2014-5301 | 1 Manageengine | 4 Assetexplorer, It360, Servicedesk Plus and 1 more | 2018-10-09 | 9.0 HIGH | 8.8 HIGH |
| Directory traversal vulnerability in ServiceDesk Plus MSP v5 to v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 to v7.9; IT360 v8 to v10.4. | |||||
| CVE-2014-5302 | 1 Manageengine | 4 Assetexplorer, It360, Servicedesk Plus and 1 more | 2018-10-09 | 9.0 HIGH | 8.8 HIGH |
| Directory traversal vulnerability in ServiceDesk Plus and Plus MSP v5 through v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 to v7.9; IT360 v8 to v10.4 allows remote authenticated users to execute arbitrary code. | |||||
| CVE-2014-3806 | 1 Vmturbo | 1 Operations Manager | 2018-10-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in cgi-bin/help/doIt.cgi in VMTurbo Operations Manager before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the xml_path parameter. | |||||
| CVE-2014-2575 | 1 Devexpress | 1 Aspxfilemanager Control For Webforms And Mvc | 2018-10-09 | 6.5 MEDIUM | N/A |
| Directory traversal vulnerability in the File Manager component in DevExpress ASPxFileManager Control for ASP.NET WebForms and MVC before 13.1.10 and 13.2.x before 13.2.9 allows remote authenticated users to read or write arbitrary files via a .. (dot dot) in the __EVENTARGUMENT parameter. | |||||
| CVE-2014-2858 | 1 Gopivotal | 2 Grails, Grails-resources | 2018-10-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the Resources plugin 1.0.0 before 1.2.6 for Pivotal Grails 2.0.0 through 2.3.6 allows remote attackers to obtain sensitive information via unspecified vectors related to a "configured block." NOTE: this issue was SPLIT from CVE-2014-0053 per ADT2 due to different vulnerability types. | |||||
| CVE-2014-3225 | 1 Cobblerd | 1 Cobbler | 2018-10-09 | 4.0 MEDIUM | N/A |
| Absolute path traversal vulnerability in the web interface in Cobbler 2.4.x through 2.6.x allows remote authenticated users to read arbitrary files via the Kickstart field in a profile. | |||||
| CVE-2014-1222 | 1 Vtiger | 1 Vtiger Crm | 2018-10-09 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in kcfinder/browse.php in Vtiger CRM before 6.0.0 Security patch 1 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter in a download action. NOTE: it is likely that this issue is actually in the KCFinder third-party component, and it affects additional products besides Vtiger CRM. | |||||
| CVE-2011-2744 | 1 Chyrp | 1 Chyrp | 2018-10-09 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in Chyrp 2.1 and earlier allows remote attackers to include and execute arbitrary local files via a ..%2F (encoded dot dot slash) in the action parameter to the default URI. | |||||
| CVE-2011-2780 | 1 Chyrp | 1 Chyrp | 2018-10-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in includes/lib/gz.php in Chyrp 2.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, a different vulnerability than CVE-2011-2744. | |||||
| CVE-2011-3357 | 1 Mantisbt | 1 Mantisbt | 2018-10-09 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in bug_actiongroup_ext_page.php in MantisBT before 1.2.8 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter, related to bug_actiongroup_page.php. | |||||
| CVE-2011-4712 | 1 Monoxide0184 | 1 Oxide Webserver | 2018-10-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Oxide WebServer allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in an HTTP request. | |||||
| CVE-2011-2508 | 1 Phpmyadmin | 1 Phpmyadmin | 2018-10-09 | 6.0 MEDIUM | N/A |
| Directory traversal vulnerability in libraries/display_tbl.lib.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1, when a certain MIME transformation feature is enabled, allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in a GLOBALS[mime_map][$meta->name][transformation] parameter. | |||||
| CVE-2011-1736 | 1 Hp | 1 Openview Storage Data Protector | 2018-10-09 | 8.5 HIGH | N/A |
| Directory traversal vulnerability in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to read arbitrary files via directory traversal sequences in a filename in a GET_FILE message. | |||||
| CVE-2011-1099 | 1 Focalmedia.net | 1 Quick Polls | 2018-10-09 | 5.8 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in FocalMedia.Net Quick Polls before 1.0.2 allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the p parameter in a preview action to index.php, or (2) delete arbitrary files via a .. (dot dot) in the p parameter in a delete action to index.php. | |||||
| CVE-2011-0751 | 1 Nazgul | 1 Nostromo | 2018-10-09 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in nhttpd (aka Nostromo webserver) before 1.9.4 allows remote attackers to execute arbitrary programs or read arbitrary files via a ..%2f (encoded dot dot slash) in a URI. | |||||
| CVE-2018-7092 | 1 Hp | 1 Intelligent Management Center | 2018-10-05 | 6.4 MEDIUM | 7.5 HIGH |
| A potential security vulnerability has been identified in HPE Intelligent Management Center Platform (IMC Plat) 7.3 E0506P09. The vulnerability could be remotely exploited to allow for remote directory traversal leading to arbitrary file deletion. | |||||
| CVE-2018-14942 | 1 Harmonicinc | 2 Nsg 9000, Nsg 9000 Firmware | 2018-10-05 | 4.0 MEDIUM | 8.8 HIGH |
| Harmonic NSG 9000 devices allow remote authenticated users to conduct directory traversal attacks, as demonstrated by "POST /PY/EMULATION_GET_FILE" or "POST /PY/EMULATION_EXPORT" with FileName=../../../passwd in the POST data. | |||||
| CVE-2008-0782 | 1 Moinmoin | 1 Moinmoin | 2018-10-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in MoinMoin 1.5.8 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the MOIN_ID user ID in a cookie for a userform action. NOTE: this issue can be leveraged for PHP code execution via the quicklinks parameter. | |||||