Export limit exceeded: 366715 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (9705 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-2560 1 Foscam 1 Fi8919w 2025-04-11 N/A
Directory traversal vulnerability in the web interface on Foscam devices with firmware before 11.37.2.49 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI, as demonstrated by discovering (1) web credentials or (2) Wi-Fi credentials.
CVE-2010-1306 2 Joomla, Roberto Aloi 2 Joomla\!, Com Joomlapicasa2 2025-04-11 N/A
Directory traversal vulnerability in the Picasa (com_joomlapicasa2) component 2.0 and 2.0.5 for Joomla! allows remote attackers to read arbitrary local files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information.
CVE-2013-3429 1 Cisco 1 Video Surveillance Manager 2025-04-11 N/A
Multiple directory traversal vulnerabilities in Cisco Video Surveillance Manager (VSM) before 7.0.0 allow remote attackers to read system files via a crafted URL, related to the Cisco_VSBWT (aka Broadware sample code) package, aka Bug ID CSCsv37163.
CVE-2013-3457 1 Cisco 1 Finesse 2025-04-11 N/A
Absolute path traversal vulnerability in the web interface in Cisco Finesse allows remote attackers to read directory contents via a direct request to a directory URL, aka Bug ID CSCug16772.
CVE-2013-3495 2 Opensuse, Xen 2 Opensuse, Xen 2025-04-11 N/A
The Intel VT-d Interrupt Remapping engine in Xen 3.3.x through 4.3.x allows local guests to cause a denial of service (kernel panic) via a malformed Message Signaled Interrupt (MSI) from a PCI device that is bus mastering capable that triggers a System Error Reporting (SERR) Non-Maskable Interrupt (NMI).
CVE-2011-4168 1 Hp 1 Managed Printing Administration 2025-04-11 N/A
Directory traversal vulnerability in hpmpa/jobDelivery/Default.asp in HP Managed Printing Administration before 2.6.4 allows remote attackers to create arbitrary files via crafted form data.
CVE-2013-3504 1 Gwos 1 Groundwork Monitor 2025-04-11 N/A
Directory traversal vulnerability in monarch.cgi in the MONARCH component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to overwrite arbitrary files by leveraging access to the nagios account.
CVE-2013-3598 1 Searchblox 1 Searchblox 2025-04-11 N/A
Directory traversal vulnerability in servlet/CreateTemplateServlet in SearchBlox before 7.5 build 1 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the name parameter.
CVE-2011-4166 1 Hp 1 Managed Printing Administration 2025-04-11 N/A
Directory traversal vulnerability in the MPAUploader.Uploader.1.UploadFiles method in HP Managed Printing Administration before 2.6.4 allows remote attackers to create arbitrary files via crafted form data.
CVE-2013-4093 1 Imperva 1 Securesphere 2025-04-11 N/A
The SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows remote attackers to obtain sensitive information via (1) a direct request to dwr/call/plaincall/AsyncOperationsContainer.getOperationState.dwr, which reveals the installation path in the s0.filePath field, or (2) a T/keyManagement request to plain/settings.html, which reveals a temporary path in an error message.
CVE-2011-4135 1 Flexerasoftware 1 Flexnet Publisher 2025-04-11 N/A
Multiple directory traversal vulnerabilities in lmgrd in Flexera FlexNet Publisher 11.10 (aka FlexNet License Server Manager) allow remote attackers to execute arbitrary code via vectors related to save, rename, and load operations on log files. NOTE: this might overlap CVE-2011-1389.
CVE-2011-4122 1 Freebsd 1 Freebsd 2025-04-11 N/A
Directory traversal vulnerability in openpam_configure.c in OpenPAM before r478 on FreeBSD 8.1 allows local users to load arbitrary DSOs and gain privileges via a .. (dot dot) in the service_name argument to the pam_start function, as demonstrated by a .. in the -c option to kcheckpass.
CVE-2013-4097 1 Ds3 1 Authentication Server 2025-04-11 N/A
ServerAdmin/TestDRConnection.jsp in DS3 Authentication Server allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in a -REG-E-OPEN error message.
CVE-2013-4164 2 Redhat, Ruby-lang 6 Cloudforms Managementengine, Enterprise Linux, Openstack and 3 more 2025-04-11 N/A
Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a string that is converted to a floating point value, as demonstrated using (1) the to_f method or (2) JSON.parse.
CVE-2010-1305 2 Joomla, Joomlamo 2 Joomla\!, Com Jinventory 2025-04-11 N/A
Directory traversal vulnerability in jinventory.php in the JInventory (com_jinventory) component 1.23.02 and possibly other versions before 1.26.03, a module for Joomla!, allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
CVE-2011-4036 1 Schneider-electric 3 Citecthistorian, Citectscada Reports, Vijeo Historian 2025-04-11 N/A
Directory traversal vulnerability in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2011-4001 1 Mawashimono 1 Nikki 2025-04-11 N/A
Directory traversal vulnerability in HP no Mawashimono Nikki 6.6 and earlier allows remote attackers to read and modify arbitrary files via unspecified vectors.
CVE-2009-4000 1 Hp 1 Power Manager 2025-04-11 N/A
Directory traversal vulnerability in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to overwrite arbitrary files, and execute arbitrary code, via directory traversal sequences in the fileName parameter.
CVE-2011-3378 2 Redhat, Rpm 5 Enterprise Linux, Rhel Els, Rhel Eus and 2 more 2025-04-11 N/A
RPM 4.4.x through 4.9.x, probably before 4.9.1.2, allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via an rpm package with crafted headers and offsets that are not properly handled when a package is queried or installed, related to (1) the regionSwab function, (2) the headerLoad function, and (3) multiple functions in rpmio/rpmpgp.c.
CVE-2013-4173 1 Xymon 1 Xymon 2025-04-11 N/A
Directory traversal vulnerability in the trend-data daemon (xymond_rrd) in Xymon 4.x before 4.3.12 allows remote attackers to delete arbitrary files via a .. (dot dot) in the host name in a "drophost" command.