Total
7974 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-7169 | 1 Wordpress | 1 Wordpress | 2025-04-12 | N/A |
| Directory traversal vulnerability in the File_Upload_Upgrader class in wp-admin/includes/class-file-upload-upgrader.php in the upgrade package uploader in WordPress before 4.6.1 allows remote authenticated users to access arbitrary files via a crafted urlholder parameter. | ||||
| CVE-2014-6222 | 1 Ibm | 1 Marketing Operations | 2025-04-12 | N/A |
| Directory traversal vulnerability in IBM Marketing Operations 7.x and 8.x before 8.5.0.7.2, 8.6.x before 8.6.0.8, 9.0.x before 9.0.0.4.1, 9.1.0.x before 9.1.0.5, and 9.1.1.x before 9.1.1.2 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URL. | ||||
| CVE-2015-2243 | 1 Webshophun | 1 Webshop Hun | 2025-04-12 | N/A |
| Directory traversal vulnerability in Webshop hun 1.062S allows remote attackers to have unspecified impact via directory traversal sequences in the mappa parameter to index.php. | ||||
| CVE-2016-1593 | 1 Novell | 1 Service Desk | 2025-04-12 | N/A |
| Directory traversal vulnerability in the import users feature in Micro Focus Novell Service Desk before 7.2 allows remote authenticated administrators to upload and execute arbitrary JSP files via a .. (dot dot) in a filename within a multipart/form-data POST request to a LiveTime.woa URL. | ||||
| CVE-2015-1577 | 1 Yuba | 1 U5cms | 2025-04-12 | N/A |
| Directory traversal vulnerability in u5admin/deletefile.php in u5CMS before 3.9.4 allows remote attackers to write to arbitrary files via a (1) .. (dot dot) or (2) full pathname in the f parameter. | ||||
| CVE-2015-1550 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-04-12 | N/A |
| Directory traversal vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allows remote administrators to execute arbitrary files via unspecified vectors. | ||||
| CVE-2015-2950 | 1 Open Explorer Beta Project | 1 Open Explorer Beta | 2025-04-12 | N/A |
| Directory traversal vulnerability in the Brandon Bowles Open Explorer application before 0.254 Beta for Android allows remote attackers to write to arbitrary files via a crafted filename. | ||||
| CVE-2015-1196 | 3 Gnu, Opensuse, Oracle | 3 Patch, Opensuse, Solaris | 2025-04-12 | N/A |
| GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file. | ||||
| CVE-2015-1193 | 1 Pax Project | 1 Pax | 2025-04-12 | N/A |
| Multiple directory traversal vulnerabilities in pax 1:20140703 allow remote attackers to write to arbitrary files via a (1) full pathname or (2) .. (dot dot) in an archive. | ||||
| CVE-2014-3227 | 1 Debian | 1 Dpkg | 2025-04-12 | N/A |
| dpkg 1.15.9, 1.16.x before 1.16.14, and 1.17.x before 1.17.9 expect the patch program to be compliant with a need for the "C-style encoded filenames" feature, but is supported in environments with noncompliant patch programs, which triggers an interaction error that allows remote attackers to conduct directory traversal attacks and modify files outside of the intended directories via a crafted source package. NOTE: this vulnerability exists because of reliance on unrealistic constraints on the behavior of an external program. | ||||
| CVE-2014-6394 | 3 Apple, Fedoraproject, Joyent | 3 Xcode, Fedora, Node.js | 2025-04-12 | N/A |
| visionmedia send before 0.8.4 for Node.js uses a partial comparison for verifying whether a directory is within the document root, which allows remote attackers to access restricted directories, as demonstrated using "public-restricted" under a "public" directory. | ||||
| CVE-2015-1003 | 1 Ininet Solutions | 1 Scada Web Server | 2025-04-12 | N/A |
| Directory traversal vulnerability in IniNet embeddedWebServer (aka eWebServer) before 2.02 allows remote attackers to read arbitrary files via a crafted pathname. | ||||
| CVE-2013-1641 | 1 Quixplorer | 1 Quixplorer | 2025-04-12 | N/A |
| Directory traversal vulnerability in the zip download functionality in QuiXplorer before 2.5.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the selitems[] parameter in a download_selected action to index.php. | ||||
| CVE-2015-1000005 | 1 Candidate-application-form Project | 1 Candidate-application-form | 2025-04-12 | N/A |
| Remote file download vulnerability in candidate-application-form v1.0 wordpress plugin | ||||
| CVE-2015-0911 | 1 Dounokouno | 1 Transmitmail | 2025-04-12 | N/A |
| Directory traversal vulnerability in TAGAWA Takao TransmitMail 1.0.11 through 1.5.8 allows remote attackers to read arbitrary files via vectors related to attachment handling. | ||||
| CVE-2015-0906 | 1 Lhaplus | 1 Lhaplus | 2025-04-12 | N/A |
| Directory traversal vulnerability in Lhaplus before 1.70 allows remote attackers to write to arbitrary files via a crafted archive. | ||||
| CVE-2015-2966 | 1 Droidwareuk | 1 Explorer\+ File Manager | 2025-04-12 | N/A |
| Directory traversal vulnerability in the Droidware UK Explorer+ File Manager application before 2.3.3 for Android allows remote attackers to write to arbitrary files via unspecified vectors. | ||||
| CVE-2015-0878 | 1 Almail | 1 Al-mail32 | 2025-04-12 | N/A |
| Directory traversal vulnerability in CREAR AL-Mail32 before 1.13d allows remote attackers to write to arbitrary files via a crafted filename of an attachment. | ||||
| CVE-2015-0867 | 1 Synck Graphica | 1 Download Log Cgi | 2025-04-12 | N/A |
| Directory traversal vulnerability in SYNCK GRAPHICA Download Log CGI 3.0 and earlier allows remote attackers to read arbitrary files via a crafted filename. | ||||
| CVE-2015-0665 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2025-04-12 | N/A |
| The Hostscan module in Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local users to write to arbitrary files via crafted IPC messages, aka Bug ID CSCus79173. | ||||