Search Results (9721 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-5160 1 Hp 1 Data Protector 2025-04-12 N/A
Multiple directory traversal vulnerabilities in crs.exe in the Cell Request Service in HP Data Protector allow remote attackers to create arbitrary files via an opcode-1091 request, or create or delete arbitrary files via an opcode-305 request. NOTE: the vendor reportedly asserts that this behavior is "by design.
CVE-2014-5181 1 Last.fm Rotation Plugin Project 1 Lastfm-rotation Plugin 2025-04-12 N/A
Directory traversal vulnerability in lastfm-proxy.php in the Last.fm Rotation (lastfm-rotation) plugin 1.0 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the snode parameter.
CVE-2014-5187 1 Tom M8te Plugin Project 1 Tom-m8te Plugin 2025-04-12 N/A
Directory traversal vulnerability in the Tom M8te (tom-m8te) plugin 1.5.3 for WordPress allows remote attackers to read arbitrary files via the file parameter to tom-download-file.php.
CVE-2014-5197 1 Splunk 1 Splunk 2025-04-12 N/A
Directory traversal vulnerability in (1) Splunk Web or the (2) Splunkd HTTP Server in Splunk Enterprise 6.1.x before 6.1.3 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URI, related to search ids.
CVE-2014-6035 1 Zohocorp 1 Manageengine Opmanager 2025-04-12 N/A
Directory traversal vulnerability in the FileCollector servlet in ZOHO ManageEngine OpManager 11.4, 11.3, and earlier allows remote attackers to write and execute arbitrary files via a .. (dot dot) in the FILENAME parameter.
CVE-2014-6036 1 Zohocorp 3 Manageengine It360, Manageengine Opmanager, Manageengine Social It Plus 2025-04-12 N/A
Directory traversal vulnerability in the multipartRequest servlet in ZOHO ManageEngine OpManager 11.3 and earlier, Social IT Plus 11.0, and IT360 10.3, 10.4, and earlier allows remote attackers or remote authenticated users to delete arbitrary files via a .. (dot dot) in the fileName parameter.
CVE-2014-6037 1 Zohocorp 1 Manageengine Eventlog Analyzer 2025-04-12 N/A
Directory traversal vulnerability in the agentUpload servlet in ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020 allows remote attackers to execute arbitrary code by uploading a ZIP file which contains an executable file with .. (dot dot) sequences in its name, then accessing the executable via a direct request to the file under the web root. Fixed in Build 11072.
CVE-2014-7985 1 Espocrm 1 Espocrm 2025-04-12 N/A
Directory traversal vulnerability in EspoCRM before 2.6.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter to install/index.php.
CVE-2014-8478 1 Siemens 9 Scalance X-300, Scalance X-300 Series Firmware, Scalance X-300eec and 6 more 2025-04-12 N/A
The web server on Siemens SCALANCE X-300 switches with firmware before 4.0 and SCALANCE X 408 switches with firmware before 4.0 allows remote attackers to cause a denial of service (reboot) via malformed HTTP requests.
CVE-2014-8555 1 Progress 1 Openedge 2025-04-12 N/A
Directory traversal vulnerability in report/reportViewAction.jsp in Progress Software OpenEdge 11.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the selection parameter.
CVE-2014-8659 1 Sap 1 Environment Health And Safety 2025-04-12 N/A
Directory traversal vulnerability in SAP Environment, Health, and Safety allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2014-9436 1 Sysaid 1 Sysaid 2025-04-12 N/A
Absolute path traversal vulnerability in SysAid On-Premise before 14.4.2 allows remote attackers to read arbitrary files via a \\\\ (four backslashes) in the fileName parameter to getRdsLogFile.
CVE-2014-9447 2 Elfutils Project, Redhat 2 Elfutils, Enterprise Linux 2025-04-12 N/A
Directory traversal vulnerability in the read_long_names function in libelf/elf_begin.c in elfutils 0.152 and 0.161 allows remote attackers to write to arbitrary files to the root directory via a / (slash) in a crafted archive, as demonstrated using the ar program.
CVE-2014-9452 1 Vdgsecurity 1 Vdg Sense 2025-04-12 N/A
Directory traversal vulnerability in VDG Security SENSE (formerly DIVA) 2.3.13 allows remote attackers to read arbitrary files via a .. (dot dot) in the default URI to images/.
CVE-2014-9461 1 Reality66 1 Cart66 Lite 2025-04-12 N/A
Directory traversal vulnerability in models/Cart66.php in the Cart66 Lite plugin before 1.5.4 for WordPress allows remote authenticated users to read arbitrary files via a .. (dot dot) in the member_download action to wp-admin/admin-ajax.php.
CVE-2014-9493 2 Openstack, Redhat 2 Image Registry And Delivery Service \(glance\), Openstack 2025-04-12 N/A
The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.2.2 and 2014.1.4 allows remote authenticated users to read or delete arbitrary files via a full pathname in a file: URL in the image location property.
CVE-2014-9512 3 Opensuse, Oracle, Samba 3 Opensuse, Solaris, Rsync 2025-04-12 N/A
rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path.
CVE-2014-9574 1 Fluxbb 1 Fluxbb 2025-04-12 N/A
Directory traversal vulnerability in install.php in FluxBB before 1.5.8 allows remote attackers to include and execute arbitrary local install.php files via a .. (dot dot) in the install_lang parameter.
CVE-2014-9581 1 Codiad 1 Codiad 2025-04-12 N/A
Directory traversal vulnerability in components/filemanager/download.php in Codiad 2.4.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter. NOTE: this issue was originally incorrectly mapped to CVE-2014-1137; see CVE-2014-1137 for more information.
CVE-2015-1000005 1 Candidate-application-form Project 1 Candidate-application-form 2025-04-12 N/A
Remote file download vulnerability in candidate-application-form v1.0 wordpress plugin