Search Results (9721 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-5242 1 Bananadance 1 Banana Dance 2025-04-12 N/A
Directory traversal vulnerability in functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter in a get_template action.
CVE-2013-2039 1 Owncloud 2 Owncloud, Owncloud Server 2025-04-12 N/A
Directory traversal vulnerability in lib/files/view.php in ownCloud before 4.0.15, 4.5.x 4.5.11, and 5.x before 5.0.6 allows remote authenticated users to access arbitrary files via unspecified vectors.
CVE-2013-2641 1 Sophos 2 Web Appliance, Web Appliance Firmware 2025-04-12 N/A
Directory traversal vulnerability in patience.cgi in Sophos Web Appliance before 3.7.8.2 allows remote attackers to read arbitrary files via the id parameter.
CVE-2013-3514 1 Openx 1 Openx 2025-04-12 N/A
Multiple directory traversal vulnerabilities in OpenX before 2.8.10 revision 82710 allow remote administrators to read arbitrary files via a .. (dot dot) in the group parameter to (1) plugin-preferences.php or (2) plugin-settings.php in www/admin, a different vulnerability than CVE-2013-7376. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to read arbitrary files.
CVE-2013-3706 1 Novell 1 Zenworks Configuration Management 2025-04-12 N/A
Directory traversal vulnerability in the PreBoot service in Novell ZENworks Configuration Management (ZCM) 11.2 allows remote attackers to read arbitrary files via a .. (dot dot) in a preboot update pathname, aka ZDI-CAN-1595.
CVE-2013-3739 1 Network-weathermap 1 .network Weathermap 2025-04-12 N/A
Directory traversal vulnerability in editor.php in Network Weathermap 0.97c and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the mapname parameter in a show_config action.
CVE-2013-4413 2 Ruby-lang, Schneems 2 Ruby, Wicked 2025-04-12 N/A
Directory traversal vulnerability in controller/concerns/render_redirect.rb in the Wicked gem before 1.0.1 for Ruby allows remote attackers to read arbitrary files via a %2E%2E%2F (encoded dot dot slash) in the step.
CVE-2013-6221 1 Hp 1 Service Virtualization 2025-04-12 N/A
Directory traversal vulnerability in CommunicationServlet in HP Service Virtualization 3.x before 3.50.1, when the AutoPass license server is enabled, allows remote attackers to create arbitrary files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-2031.
CVE-2013-6303 1 Ibm 1 Algo One 2025-04-12 N/A
Directory traversal vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated users to read arbitrary files via unspecified vectors.
CVE-2013-6304 1 Ibm 2 Algo One, Algo Risk Application 2025-04-12 N/A
Multiple directory traversal vulnerabilities in Algo Risk Application (ARA) 2.4.0.1 through 4.9.1 in IBM Algo One allow remote authenticated users to bypass intended access restrictions via a crafted pathname for a (1) configuration or (2) JAR file.
CVE-2013-7361 1 Sap 2 Cm Services, Cms Services 2025-04-12 N/A
Directory traversal vulnerability in SAP CMS and CM Services allows attackers to upload arbitrary files via unspecified vectors.
CVE-2013-7448 2 Debian, Didiwiki Project 2 Debian Linux, Didiwiki 2025-04-12 N/A
Directory traversal vulnerability in wiki.c in didiwiki allows remote attackers to read arbitrary files via the page parameter to api/page/get.
CVE-2014-0598 1 Novell 1 Open Enterprise Server 2025-04-12 N/A
Directory traversal vulnerability in iPrint in Novell Open Enterprise Server (OES) 11 SP1 before Maintenance Update 9151 on Linux has unspecified impact and remote attack vectors.
CVE-2014-0604 1 Attachmate 1 Reflection Ftp Client 2025-04-12 N/A
Directory traversal vulnerability in the rftpcom.dll ActiveX control in Attachmate Reflection FTP Client before 14.1.429 allows remote attackers to execute arbitrary code via unspecified vectors to the StartLog method.
CVE-2014-0605 1 Attachmate 1 Reflection Ftp Client 2025-04-12 N/A
Directory traversal vulnerability in the rftpcom.dll ActiveX control in Attachmate Reflection FTP Client before 14.1.429 allows remote attackers to execute arbitrary code via unspecified vectors to the SaveSettings method.
CVE-2014-0632 1 Emc 1 Vplex Geosynchrony 2025-04-12 N/A
Directory traversal vulnerability in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 allows remote authenticated users to execute arbitrary code via unspecified vectors.
CVE-2014-1442 1 Coreftp 1 Core Ftp 2025-04-12 N/A
Directory traversal vulnerability in Core FTP Server 1.2 before build 515 allows remote authenticated users to determine the existence of arbitrary files via a /../ sequence in an XCRC command.
CVE-2014-2059 2 Jenkins, Redhat 2 Jenkins, Openshift 2025-04-12 N/A
Directory traversal vulnerability in the CLI job creation (hudson/cli/CreateJobCommand.java) in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to overwrite arbitrary files via the job name.
CVE-2014-2145 1 Cisco 1 Unity Connection 2025-04-12 N/A
Directory traversal vulnerability in the messaging API in Cisco Unity Connection allows remote authenticated users to read arbitrary files via vectors related to unenforced access constraints for .wav files and the audio/x-wav MIME type, aka Bug ID CSCun91071.
CVE-2014-2210 1 Ca 1 Erwin Web Portal 2025-04-12 N/A
Multiple directory traversal vulnerabilities in CA ERwin Web Portal 9.5 allow remote attackers to obtain sensitive information, bypass intended access restrictions, cause a denial of service, or possibly execute arbitrary code via unspecified vectors.