Total
5025 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-7601 | 1 Pcman\'s Ftp Server Project | 1 Pcman\'s Ftp Server | 2017-11-06 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in PCMan's FTP Server 2.0.7 allows remote attackers to read arbitrary files via a ..// (dot dot double slash) in a RETR command. | |||||
| CVE-2017-14614 | 1 Gridgain | 1 Gridgain | 2017-11-05 | 4.0 MEDIUM | 6.5 MEDIUM |
| Directory traversal vulnerability in the Visor GUI Console in GridGain before 1.7.16, 1.8.x before 1.8.12, 1.9.x before 1.9.7, and 8.x before 8.1.5 allows remote authenticated users to read arbitrary files on remote cluster nodes via a crafted path. | |||||
| CVE-2016-7169 | 1 Wordpress | 1 Wordpress | 2017-11-03 | 6.5 MEDIUM | 6.3 MEDIUM |
| Directory traversal vulnerability in the File_Upload_Upgrader class in wp-admin/includes/class-file-upload-upgrader.php in the upgrade package uploader in WordPress before 4.6.1 allows remote authenticated users to access arbitrary files via a crafted urlholder parameter. | |||||
| CVE-2017-9031 | 1 Deluge-torrent | 1 Deluge | 2017-11-03 | 7.5 HIGH | 9.8 CRITICAL |
| The WebUI component in Deluge before 1.3.15 contains a directory traversal vulnerability involving a request in which the name of the render file is not associated with any template file. | |||||
| CVE-2015-6500 | 1 Owncloud | 1 Owncloud | 2017-11-03 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in ownCloud Server before 8.0.6 and 8.1.x before 8.1.1 allows remote authenticated users to list directory contents and possibly cause a denial of service (CPU consumption) via a .. (dot dot) in the dir parameter to index.php/apps/files/ajax/scan.php. | |||||
| CVE-2015-6833 | 1 Php | 1 Php | 2017-11-03 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in the PharData class in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to write to arbitrary files via a .. (dot dot) in a ZIP archive entry that is mishandled during an extractTo call. | |||||
| CVE-2017-15276 | 1 Opentext | 1 Documentum Content Server | 2017-11-02 | 6.5 MEDIUM | 8.8 HIGH |
| OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Server allows uploading content using batches (TAR archives). When unpacking TAR archives, Content Server fails to verify the contents of an archive, which causes a path traversal vulnerability via symlinks. Because some files on the Content Server filesystem are security-sensitive, this leads to privilege escalation. | |||||
| CVE-2015-2856 | 1 Accellion | 1 File Transfer Appliance | 2017-10-23 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in the template function in function.inc in Accellion File Transfer Appliance devices before FTA_9_11_210 allows remote attackers to read arbitrary files via a .. (dot dot) in the statecode cookie. | |||||
| CVE-2008-4455 | 1 Mysql Quick Admin | 1 Mysql Quick Admin | 2017-10-18 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in EKINdesigns MySQL Quick Admin 1.5.5 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to read and execute arbitrary files via a .. (dot dot) in the language cookie. | |||||
| CVE-2008-4894 | 1 Tribiq | 1 Tribiq Cms | 2017-10-18 | 5.1 MEDIUM | N/A |
| Directory traversal vulnerability in templates/mytribiqsite/tribal-GPL-1066/includes/header.inc.php in Tribiq CMS 5.0.10a, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the template_path parameter. NOTE: it was later reported that this issue also affects 5.0.12c. | |||||
| CVE-2008-5968 | 1 Phpicalendar | 1 Phpicalendar | 2017-10-18 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in print.php in PHP iCalendar 2.24 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cookie_language parameter in a phpicalendar_* cookie, a different vector than CVE-2006-1292. | |||||
| CVE-2008-6012 | 1 Hardkap | 1 Pritlog | 2017-10-18 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in Pritlog 0.4 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter in a viewEntry action. | |||||
| CVE-2008-6201 | 1 Kwsphp | 1 Kwsphp | 2017-10-18 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in help.php in the eskuel module in KwsPHP 1.3.456, as available before 20080416, allows remote attackers to execute arbitrary commands via the action parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-0865 | 1 Geovision | 1 Livex Activex Control | 2017-10-18 | 8.8 HIGH | N/A |
| Directory traversal vulnerability in the SnapShotToFile method in the GeoVision LiveX (aka LiveX_v8200) ActiveX control 8.1.2 and 8.2.0 in LIVEX_~1.OCX allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the argument, possibly involving the PlayX and SnapShotX methods. | |||||
| CVE-2008-6222 | 2 Joomla, Joomlashowroom | 2 Joomla, Pro Desk Support Center | 2017-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the Pro Desk Support Center (com_pro_desk) component 1.0 and 1.2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the include_file parameter to index.php. | |||||
| CVE-2008-6224 | 1 Samelinux | 1 Way Of The Warrior | 2017-10-18 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in visualizza.php in Way Of The Warrior (WOTW) 5.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the plancia parameter. | |||||
| CVE-2007-5174 | 1 Actsite | 1 Actsite | 2017-10-18 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in phpinc/news.php in actSite 1.56 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the do parameter. | |||||
| CVE-2007-5321 | 1 Verlihub-project | 1 Verlihub Control Panel | 2017-10-18 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in Verlihub Control Panel (VHCP) 1.7 and earlier allows remote attackers to include arbitrary files via a .. (dot dot) in the page parameter. | |||||
| CVE-2008-1730 | 1 Arwscripts | 1 Gallery Script Lite | 2017-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in download.html in ARWScripts Gallery Script Lite (aka gallery-script-lite or Free Photo Gallery Site Script), as of 20080411, allows remote attackers to read arbitrary local files via directory traversal sequences in the path parameter. | |||||
| CVE-2008-2887 | 1 Chaozzatwork | 1 Fubarforum | 2017-10-18 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in chaozz@work FubarForum 1.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. | |||||