Export limit exceeded: 359507 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (9416 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-3460 | 1 Microfocus | 2 Sentinel, Sentinel Agent Manager | 2025-04-12 | N/A |
| Directory traversal vulnerability in the DumpToFile method in the NQMcsVarSet ActiveX control in Agent Manager in NetIQ Sentinel allows remote attackers to create arbitrary files, and consequently execute arbitrary code, via a crafted pathname. | ||||
| CVE-2014-9238 | 1 D-link | 2 Dcs-2103 Hd Cube Network Camera, Dcs-2103 Hd Cube Network Camera Firmware | 2025-04-12 | N/A |
| D-link IP camera DCS-2103 with firmware 1.0.0 allows remote attackers to obtain the installation path via the file parameter to cgi-bin/sddownload.cgi, as demonstrated by a / (forward slash) character. | ||||
| CVE-2013-2085 | 1 Owncloud | 1 Owncloud | 2025-04-12 | N/A |
| Directory traversal vulnerability in apps/files_trashbin/index.php in ownCloud Server before 5.0.6 allows remote authenticated users to access arbitrary files via a .. (dot dot) in the dir parameter. | ||||
| CVE-2014-7818 | 2 Opensuse, Rubyonrails | 3 Opensuse, Rails, Ruby On Rails | 2025-04-12 | N/A |
| Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.20, 4.0.x before 4.0.11, 4.1.x before 4.1.7, and 4.2.x before 4.2.0.beta3, when serve_static_assets is enabled, allows remote attackers to determine the existence of files outside the application root via a /..%2F sequence. | ||||
| CVE-2013-3304 | 1 Dell | 1 Equallogic Ps4000 Firmware | 2025-04-12 | N/A |
| Directory traversal vulnerability in Dell EqualLogic PS4000 with firmware 6.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the default URI. | ||||
| CVE-2013-3295 | 1 Exponentcms | 1 Exponent Cms | 2025-04-12 | N/A |
| Directory traversal vulnerability in install/popup.php in Exponent CMS before 2.2.0 RC1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. | ||||
| CVE-2013-2039 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-12 | N/A |
| Directory traversal vulnerability in lib/files/view.php in ownCloud before 4.0.15, 4.5.x 4.5.11, and 5.x before 5.0.6 allows remote authenticated users to access arbitrary files via unspecified vectors. | ||||
| CVE-2014-2583 | 1 Linux-pam | 1 Linux-pam | 2025-04-12 | N/A |
| Multiple directory traversal vulnerabilities in pam_timestamp.c in the pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users to create arbitrary files or possibly bypass authentication via a .. (dot dot) in the (1) PAM_RUSER value to the get_ruser function or (2) PAM_TTY value to the check_tty function, which is used by the format_timestamp_name function. | ||||
| CVE-2015-6003 | 1 Qnap | 1 Qts | 2025-04-12 | N/A |
| Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account. | ||||
| CVE-2014-9261 | 1 Codologic | 1 Codoforum | 2025-04-12 | N/A |
| The sanitize function in Codoforum 2.5.1 does not properly implement filtering for directory traversal sequences, which allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter to index.php. | ||||
| CVE-2014-3319 | 1 Cisco | 1 Unified Communications Manager | 2025-04-12 | N/A |
| Directory traversal vulnerability in the Real-Time Monitoring Tool (RTMT) in Cisco Unified Communications Manager (CM) 10.0(1) allows remote authenticated users to read arbitrary files via a crafted URL, aka Bug ID CSCup57676. | ||||
| CVE-2014-2610 | 1 Hp | 1 Executive Scorecard | 2025-04-12 | N/A |
| Directory traversal vulnerability in the Content Acceleration Pack (CAP) web application in HP Executive Scorecard 9.40 and 9.41 allows remote authenticated users to execute arbitrary code by uploading an executable file, aka ZDI-CAN-2117. | ||||
| CVE-2011-5273 | 1 Gplhost | 1 Domain Technologie Control | 2025-04-12 | N/A |
| Directory traversal vulnerability in shared/package-installer in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary PHP code via a .. (dot dot) in the pkg parameter in a do_install action to dtc/. | ||||
| CVE-2014-1969 | 1 Apps4u\@android | 1 Sd Card Manager | 2025-04-12 | N/A |
| Directory traversal vulnerability in the apps4u@android SD Card Manager application before 20140224 for Android allows attackers to overwrite or create arbitrary files via a crafted filename. | ||||
| CVE-2014-1222 | 1 Vtiger | 1 Vtiger Crm | 2025-04-12 | N/A |
| Directory traversal vulnerability in kcfinder/browse.php in Vtiger CRM before 6.0.0 Security patch 1 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter in a download action. NOTE: it is likely that this issue is actually in the KCFinder third-party component, and it affects additional products besides Vtiger CRM. | ||||
| CVE-2012-5242 | 1 Bananadance | 1 Banana Dance | 2025-04-12 | N/A |
| Directory traversal vulnerability in functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter in a get_template action. | ||||
| CVE-2015-5531 | 1 Elasticsearch | 1 Elasticsearch | 2025-04-12 | N/A |
| Directory traversal vulnerability in Elasticsearch before 1.6.1 allows remote attackers to read arbitrary files via unspecified vectors related to snapshot API calls. | ||||
| CVE-2016-8827 | 2 Microsoft, Nvidia | 2 Windows, Geforce Experience | 2025-04-12 | 6.5 Medium |
| NVIDIA GeForce Experience 3.x before GFE 3.1.0.52 contains a vulnerability in NVIDIA Web Helper.exe where a local web API endpoint, /VisualOPS/v.1.0./, lacks proper access control and parameter validation, allowing for information disclosure via a directory traversal attack. | ||||
| CVE-2008-3277 | 2 Openfabrics, Redhat | 2 Ibutils, Enterprise Linux | 2025-04-12 | N/A |
| Untrusted search path vulnerability in a certain Red Hat build script for the ibmssh executable in ibutils packages before ibutils-1.5.7-2.el6 in Red Hat Enterprise Linux (RHEL) 6 and ibutils-1.2-11.2.el5 in Red Hat Enterprise Linux (RHEL) 5 allows local users to gain privileges via a Trojan Horse program in refix/lib/, related to an incorrect RPATH setting in the ELF header. | ||||
| CVE-2014-3777 | 1 Reportico | 1 Php Report Designer | 2025-04-12 | N/A |
| Directory traversal vulnerability in Reportico PHP Report Designer before 4.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the xmlin parameter. | ||||