Total
5025 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-7448 | 2 Debian, Didiwiki Project | 2 Debian Linux, Didiwiki | 2016-03-10 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in wiki.c in didiwiki allows remote attackers to read arbitrary files via the page parameter to api/page/get. | |||||
| CVE-2015-8794 | 1 Roundcube | 1 Roundcube Webmail | 2016-02-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| Absolute path traversal vulnerability in program/steps/addressbook/photo.inc in Roundcube before 1.0.6 and 1.1.x before 1.1.2 allows remote authenticated users to read arbitrary files via a full pathname in the _alt parameter, related to contact photo handling. | |||||
| CVE-2015-4988 | 1 Ibm | 1 Tealeaf Customer Experience | 2016-01-21 | 7.8 HIGH | 8.6 HIGH |
| Directory traversal vulnerability in the replay server in IBM Tealeaf Customer Experience before 8.7.1.8818, 8.8 before 8.8.0.9026, 9.0.0, 9.0.0A, 9.0.1 before 9.0.1.1083, 9.0.1A before 9.0.1.5073, 9.0.2 before 9.0.2.1095, and 9.0.2A before 9.0.2.5144 allows remote attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2015-2007 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2016-01-07 | 4.0 MEDIUM | 5.0 MEDIUM |
| Directory traversal vulnerability in IBM Security QRadar SIEM 7.2.x before 7.2.5 Patch 6 allows remote authenticated users to read arbitrary files via a crafted URL. | |||||
| CVE-2015-2875 | 2 Lacie, Seagate | 7 Lac9000436u, Lac9000436u Firmware, Lac9000464u and 4 more | 2015-12-31 | 7.8 HIGH | 7.5 HIGH |
| Absolute path traversal vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 allows remote attackers to read arbitrary files via a full pathname in a download request during a Wi-Fi session. | |||||
| CVE-2015-7907 | 1 Honeywell | 2 Midas Black Firmware, Midas Firmware | 2015-12-22 | 6.4 MEDIUM | 8.6 HIGH |
| Directory traversal vulnerability in the web server on Honeywell Midas gas detectors before 1.13b3 and Midas Black gas detectors before 2.13b3 allows remote attackers to bypass authentication, and write to a configuration file or trigger a calibration or test, via unspecified vectors. | |||||
| CVE-2015-8564 | 1 Joomla | 1 Joomla\! | 2015-12-17 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in Joomla! 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via directory traversal sequences in the XML install file in an extension package archive. | |||||
| CVE-2015-8565 | 1 Joomla | 1 Joomla\! | 2015-12-17 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via unknown vectors. | |||||
| CVE-2014-3323 | 1 Cisco | 1 Unified Contact Center Enterprise | 2015-12-03 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in Cisco Unified Contact Center Enterprise allows remote authenticated users to read arbitrary web-root files via a crafted URL, aka Bug ID CSCun25262. | |||||
| CVE-2015-8228 | 1 Huawei | 10 Ar120, Ar1200, Ar150 and 7 more | 2015-11-25 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in the SFTP server in Huawei AR 120, 150, 160, 200, 500, 1200, 2200, 3200, and 3600 routers with software before V200R006SPH003 allows remote authenticated users to access arbitrary directories via unspecified vectors. | |||||
| CVE-2015-0665 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2015-10-27 | 6.6 MEDIUM | N/A |
| The Hostscan module in Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local users to write to arbitrary files via crafted IPC messages, aka Bug ID CSCus79173. | |||||
| CVE-2015-1003 | 1 Ininet Solutions | 1 Scada Web Server | 2015-10-26 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in IniNet embeddedWebServer (aka eWebServer) before 2.02 allows remote attackers to read arbitrary files via a crafted pathname. | |||||
| CVE-2014-0471 | 2 Canonical, Debian | 2 Ubuntu Linux, Dpkg | 2015-10-16 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the unpacking functionality in dpkg before 1.15.9, 1.16.x before 1.16.13, and 1.17.x before 1.17.8 allows remote attackers to write arbitrary files via a crafted source package, related to "C-style filename quoting." | |||||
| CVE-2015-7602 | 1 Bisonware | 1 Bisonftp | 2015-10-13 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in BisonWare BisonFTP 3.5 allows remote attackers to read arbitrary files via a ../ (dot dot slash) in a RETR command. | |||||
| CVE-2014-0632 | 1 Emc | 1 Vplex Geosynchrony | 2015-10-13 | 9.0 HIGH | N/A |
| Directory traversal vulnerability in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 allows remote authenticated users to execute arbitrary code via unspecified vectors. | |||||
| CVE-2013-6975 | 1 Cisco | 1 Nx-os | 2015-10-13 | 4.6 MEDIUM | N/A |
| Directory traversal vulnerability in the command-line interface in Cisco NX-OS 6.2(2a) and earlier allows local users to read arbitrary files via unspecified input, aka Bug ID CSCul05217. | |||||
| CVE-2014-2732 | 1 Siemens | 1 Sinema Server | 2015-10-08 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in the integrated web server in Siemens SINEMA Server before 12 SP1 allow remote attackers to access arbitrary files via HTTP traffic to port (1) 4999 or (2) 80. | |||||
| CVE-2012-6069 | 1 3s-software | 1 Codesys Runtime System | 2015-10-08 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in the Runtime Toolkit in CODESYS Runtime System 2.3.x and 2.4.x allows remote attackers to read, overwrite, or create arbitrary files via a .. (dot dot) in a request to the TCP listener service. | |||||
| CVE-2015-5650 | 1 Ajaxplorer | 1 Ajaxplorer | 2015-10-06 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in AjaXplorer 2.0 allows remote attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2014-8555 | 1 Progress | 1 Openedge | 2015-10-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in report/reportViewAction.jsp in Progress Software OpenEdge 11.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the selection parameter. | |||||