Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-22
Total 5025 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-9155 1 Avatar Uploader Project 1 Avatar Uploader 2014-12-05 4.0 MEDIUM N/A
Directory traversal vulnerability in the Avatar Uploader module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.0-beta6 for Drupal allows remote authenticated users to read arbitrary files via a .. (dot dot) in the path of a cropped picture in the uploader panel.
CVE-2014-9234 1 D-link 2 Dcs-2103 Hd Cube Network Camera, Dcs-2103 Hd Cube Network Camera Firmware 2014-12-05 5.0 MEDIUM N/A
Directory traversal vulnerability in cgi-bin/sddownload.cgi in D-link IP camera DCS-2103 with firmware 1.0.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
CVE-2014-6034 1 Zohocorp 3 Manageengine It360, Manageengine Opmanager, Manageengine Social It Plus 2014-12-05 5.0 MEDIUM N/A
Directory traversal vulnerability in the com.me.opmanager.extranet.remote.communication.fw.fe.FileCollector servlet in ZOHO ManageEngine OpManager 8.8 through 11.3, Social IT Plus 11.0, and IT360 10.4 and earlier allows remote attackers or remote authenticated users to write to and execute arbitrary WAR files via a .. (dot dot) in the regionID parameter.
CVE-2014-6035 1 Zohocorp 1 Manageengine Opmanager 2014-12-05 7.5 HIGH N/A
Directory traversal vulnerability in the FileCollector servlet in ZOHO ManageEngine OpManager 11.4, 11.3, and earlier allows remote attackers to write and execute arbitrary files via a .. (dot dot) in the FILENAME parameter.
CVE-2014-3697 1 Pidgin 1 Pidgin 2014-11-19 6.4 MEDIUM N/A
Absolute path traversal vulnerability in the untar_block function in win32/untar.c in Pidgin before 2.10.10 on Windows allows remote attackers to write to arbitrary files via a drive name in a tar archive of a smiley theme.
CVE-2012-6665 1 Phpmoneybooks 1 Phpmoneybooks 2014-11-18 4.3 MEDIUM N/A
Directory traversal vulnerability in index.php in phpMoneyBooks 1.0.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, a different vulnerability than CVE-2012-1669. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this issue might have been fixed in 1.0.3.
CVE-2012-1669 1 Phpmoneybooks 1 Phpmoneybooks 2014-11-18 4.3 MEDIUM N/A
Directory traversal vulnerability in index.php in phpMoneyBooks before 1.0.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module parameter.
CVE-2014-4577 1 Websupporter 1 Wp Amasin - The Amazon Affiliate Shop 2014-11-06 5.0 MEDIUM N/A
Absolute path traversal vulnerability in reviews.php in the WP AmASIN - The Amazon Affiliate Shop plugin 0.9.6 and earlier for WordPress allows remote attackers to read arbitrary files via a full pathname in the url parameter.
CVE-2013-3304 1 Dell 1 Equallogic Ps4000 Firmware 2014-10-31 5.0 MEDIUM N/A
Directory traversal vulnerability in Dell EqualLogic PS4000 with firmware 6.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the default URI.
CVE-2012-5242 1 Bananadance 1 Banana Dance 2014-10-24 6.8 MEDIUM N/A
Directory traversal vulnerability in functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter in a get_template action.
CVE-2014-5465 1 Werdswords 1 Download Shortcode 2014-09-03 5.0 MEDIUM N/A
Directory traversal vulnerability in force-download.php in the Download Shortcode plugin 0.2.3 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
CVE-2014-5115 1 Dirphp Project 1 Dirphp 2014-08-26 5.0 MEDIUM N/A
Absolute path traversal vulnerability in DirPHP 1.0 allows remote attackers to read arbitrary files via a full pathname in the phpfile parameter to index.php.
CVE-2014-4929 1 Owncloud 1 Owncloud 2014-08-21 6.8 MEDIUM N/A
Directory traversal vulnerability in the routing component in ownCloud Server before 5.0.17 and 6.0.x before 6.0.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in a filename, related to index.php.
CVE-2014-5350 1 Bitdefender 1 Gravityzone 2014-08-20 5.0 MEDIUM N/A
Multiple directory traversal vulnerabilities in Bitdefender GravityZone before 5.1.11.432 allow remote attackers to read arbitrary files via a (1) .. (dot dot) in the id parameter to webservice/CORE/downloadFullKitEpc/a/1 in the Web Console or (2) %2E%2E (encoded dot dot) in the default URI to port 7074 on the Update Server.
CVE-2014-5197 1 Splunk 1 Splunk 2014-08-13 4.0 MEDIUM N/A
Directory traversal vulnerability in (1) Splunk Web or the (2) Splunkd HTTP Server in Splunk Enterprise 6.1.x before 6.1.3 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URI, related to search ids.
CVE-2014-3914 1 Rocketsoftware 1 Rocket Servergraph 2014-08-07 10.0 HIGH N/A
Directory traversal vulnerability in the Admin Center for Tivoli Storage Manager (TSM) in Rocket ServerGraph 1.2 allows remote attackers to (1) create arbitrary files via a .. (dot dot) in the query parameter in a writeDataFile action to the fileRequestor servlet, execute arbitrary files via a .. (dot dot) in the query parameter in a (2) run or (3) runClear action to the fileRequestor servlet, (4) read arbitrary files via a readDataFile action to the fileRequestor servlet, (5) execute arbitrary code via a save_server_groups action to the userRequest servlet, or (6) delete arbitrary files via a del action in the fileRequestServlet servlet.
CVE-2014-3855 1 Pyplate 1 Pyplate 2014-08-07 5.0 MEDIUM N/A
Directory traversal vulnerability in download.py in Pyplate 0.08 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.
CVE-2013-6771 1 Splunk 1 Splunk 2014-08-07 9.3 HIGH N/A
Directory traversal vulnerability in the collect script in Splunk before 5.0.5 allows remote attackers to execute arbitrary commands via a .. (dot dot) in the file parameter. NOTE: this issue was SPLIT per ADT2 due to different vulnerability types. CVE-2013-7394 is for the issue in the "runshellscript echo.sh" script.
CVE-2014-5187 1 Tom M8te Plugin Project 1 Tom-m8te Plugin 2014-08-07 5.0 MEDIUM N/A
Directory traversal vulnerability in the Tom M8te (tom-m8te) plugin 1.5.3 for WordPress allows remote attackers to read arbitrary files via the file parameter to tom-download-file.php.
CVE-2014-5181 1 Last.fm Rotation Plugin Project 1 Lastfm-rotation Plugin 2014-08-07 5.0 MEDIUM N/A
Directory traversal vulnerability in lastfm-proxy.php in the Last.fm Rotation (lastfm-rotation) plugin 1.0 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the snode parameter.