Total
5025 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-9155 | 1 Avatar Uploader Project | 1 Avatar Uploader | 2014-12-05 | 4.0 MEDIUM | N/A |
Directory traversal vulnerability in the Avatar Uploader module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.0-beta6 for Drupal allows remote authenticated users to read arbitrary files via a .. (dot dot) in the path of a cropped picture in the uploader panel. | |||||
CVE-2014-9234 | 1 D-link | 2 Dcs-2103 Hd Cube Network Camera, Dcs-2103 Hd Cube Network Camera Firmware | 2014-12-05 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in cgi-bin/sddownload.cgi in D-link IP camera DCS-2103 with firmware 1.0.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | |||||
CVE-2014-6034 | 1 Zohocorp | 3 Manageengine It360, Manageengine Opmanager, Manageengine Social It Plus | 2014-12-05 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in the com.me.opmanager.extranet.remote.communication.fw.fe.FileCollector servlet in ZOHO ManageEngine OpManager 8.8 through 11.3, Social IT Plus 11.0, and IT360 10.4 and earlier allows remote attackers or remote authenticated users to write to and execute arbitrary WAR files via a .. (dot dot) in the regionID parameter. | |||||
CVE-2014-6035 | 1 Zohocorp | 1 Manageengine Opmanager | 2014-12-05 | 7.5 HIGH | N/A |
Directory traversal vulnerability in the FileCollector servlet in ZOHO ManageEngine OpManager 11.4, 11.3, and earlier allows remote attackers to write and execute arbitrary files via a .. (dot dot) in the FILENAME parameter. | |||||
CVE-2014-3697 | 1 Pidgin | 1 Pidgin | 2014-11-19 | 6.4 MEDIUM | N/A |
Absolute path traversal vulnerability in the untar_block function in win32/untar.c in Pidgin before 2.10.10 on Windows allows remote attackers to write to arbitrary files via a drive name in a tar archive of a smiley theme. | |||||
CVE-2012-6665 | 1 Phpmoneybooks | 1 Phpmoneybooks | 2014-11-18 | 4.3 MEDIUM | N/A |
Directory traversal vulnerability in index.php in phpMoneyBooks 1.0.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, a different vulnerability than CVE-2012-1669. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this issue might have been fixed in 1.0.3. | |||||
CVE-2012-1669 | 1 Phpmoneybooks | 1 Phpmoneybooks | 2014-11-18 | 4.3 MEDIUM | N/A |
Directory traversal vulnerability in index.php in phpMoneyBooks before 1.0.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module parameter. | |||||
CVE-2014-4577 | 1 Websupporter | 1 Wp Amasin - The Amazon Affiliate Shop | 2014-11-06 | 5.0 MEDIUM | N/A |
Absolute path traversal vulnerability in reviews.php in the WP AmASIN - The Amazon Affiliate Shop plugin 0.9.6 and earlier for WordPress allows remote attackers to read arbitrary files via a full pathname in the url parameter. | |||||
CVE-2013-3304 | 1 Dell | 1 Equallogic Ps4000 Firmware | 2014-10-31 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in Dell EqualLogic PS4000 with firmware 6.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the default URI. | |||||
CVE-2012-5242 | 1 Bananadance | 1 Banana Dance | 2014-10-24 | 6.8 MEDIUM | N/A |
Directory traversal vulnerability in functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter in a get_template action. | |||||
CVE-2014-5465 | 1 Werdswords | 1 Download Shortcode | 2014-09-03 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in force-download.php in the Download Shortcode plugin 0.2.3 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | |||||
CVE-2014-5115 | 1 Dirphp Project | 1 Dirphp | 2014-08-26 | 5.0 MEDIUM | N/A |
Absolute path traversal vulnerability in DirPHP 1.0 allows remote attackers to read arbitrary files via a full pathname in the phpfile parameter to index.php. | |||||
CVE-2014-4929 | 1 Owncloud | 1 Owncloud | 2014-08-21 | 6.8 MEDIUM | N/A |
Directory traversal vulnerability in the routing component in ownCloud Server before 5.0.17 and 6.0.x before 6.0.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in a filename, related to index.php. | |||||
CVE-2014-5350 | 1 Bitdefender | 1 Gravityzone | 2014-08-20 | 5.0 MEDIUM | N/A |
Multiple directory traversal vulnerabilities in Bitdefender GravityZone before 5.1.11.432 allow remote attackers to read arbitrary files via a (1) .. (dot dot) in the id parameter to webservice/CORE/downloadFullKitEpc/a/1 in the Web Console or (2) %2E%2E (encoded dot dot) in the default URI to port 7074 on the Update Server. | |||||
CVE-2014-5197 | 1 Splunk | 1 Splunk | 2014-08-13 | 4.0 MEDIUM | N/A |
Directory traversal vulnerability in (1) Splunk Web or the (2) Splunkd HTTP Server in Splunk Enterprise 6.1.x before 6.1.3 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URI, related to search ids. | |||||
CVE-2014-3914 | 1 Rocketsoftware | 1 Rocket Servergraph | 2014-08-07 | 10.0 HIGH | N/A |
Directory traversal vulnerability in the Admin Center for Tivoli Storage Manager (TSM) in Rocket ServerGraph 1.2 allows remote attackers to (1) create arbitrary files via a .. (dot dot) in the query parameter in a writeDataFile action to the fileRequestor servlet, execute arbitrary files via a .. (dot dot) in the query parameter in a (2) run or (3) runClear action to the fileRequestor servlet, (4) read arbitrary files via a readDataFile action to the fileRequestor servlet, (5) execute arbitrary code via a save_server_groups action to the userRequest servlet, or (6) delete arbitrary files via a del action in the fileRequestServlet servlet. | |||||
CVE-2014-3855 | 1 Pyplate | 1 Pyplate | 2014-08-07 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in download.py in Pyplate 0.08 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter. | |||||
CVE-2013-6771 | 1 Splunk | 1 Splunk | 2014-08-07 | 9.3 HIGH | N/A |
Directory traversal vulnerability in the collect script in Splunk before 5.0.5 allows remote attackers to execute arbitrary commands via a .. (dot dot) in the file parameter. NOTE: this issue was SPLIT per ADT2 due to different vulnerability types. CVE-2013-7394 is for the issue in the "runshellscript echo.sh" script. | |||||
CVE-2014-5187 | 1 Tom M8te Plugin Project | 1 Tom-m8te Plugin | 2014-08-07 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in the Tom M8te (tom-m8te) plugin 1.5.3 for WordPress allows remote attackers to read arbitrary files via the file parameter to tom-download-file.php. | |||||
CVE-2014-5181 | 1 Last.fm Rotation Plugin Project | 1 Lastfm-rotation Plugin | 2014-08-07 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in lastfm-proxy.php in the Last.fm Rotation (lastfm-rotation) plugin 1.0 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the snode parameter. |