Total
6174 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-4641 | 1 Pakupaku | 1 Pakupaku Cms | 2017-09-29 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file. | |||||
| CVE-2007-4585 | 1 2532gigs | 1 2532gigs | 2017-09-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in activateuser.php in 2532|Gigs 1.2.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter. | |||||
| CVE-2007-4583 | 1 Acti | 1 Network Video Recorder | 2017-09-29 | 5.0 MEDIUM | N/A |
| Multiple absolute path traversal vulnerabilities in the nvUtility.Utility.1 ActiveX control in nvUtility.dll 1.0.14.0 in ACTi Network Video Recorder (NVR) SP2 2.0 allow remote attackers to (1) create or overwrite arbitrary files via a full pathname in the first argument to the SaveXMLFile method or (2) delete arbitrary files via a full pathname in the argument to the DeleteXMLFile method. | |||||
| CVE-2007-4420 | 1 Edraw | 1 Office Viewer Component | 2017-09-29 | 9.3 HIGH | N/A |
| Absolute path traversal vulnerability in a certain ActiveX control in officeviewer.ocx 5.1.199.1 in EDraw Office Viewer Component 5.1 allows remote attackers to create or overwrite arbitrary files via a full pathname in the second argument to the HttpDownloadFile method, a different vulnerability than CVE-2007-3168 and CVE-2007-3169. | |||||
| CVE-2007-4058 | 1 Emc | 1 Vmware | 2017-09-29 | 4.3 MEDIUM | N/A |
| Absolute path traversal vulnerability in a certain ActiveX control in vielib.dll 2.2.5.42958 in EMC VMware 6.0.0 allows remote attackers to execute arbitrary local programs via a full pathname in the first argument to the StartProcess method. | |||||
| CVE-2007-4031 | 1 Nessus | 1 Vulnerability Scanner | 2017-09-29 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in a certain ActiveX control in Nessus Vulnerability Scanner 3.0.6 allows remote attackers to delete arbitrary files via a .. (dot dot) in the argument to the deleteReport method, probably related to the SCANCTRL.ScanCtrlCtrl.1 ActiveX control in scan.dll. | |||||
| CVE-2007-4008 | 1 Entertainment Cms | 1 Entertainment Cms | 2017-09-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in custom.php in Entertainment Media Sharing CMS allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pagename parameter. | |||||
| CVE-2007-3936 | 1 A-shop | 1 A-shop | 2017-09-29 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in admin/filebrowser.asp in A-shop 0.70 and earlier, and possibly 0.71, allows remote attackers to delete arbitrary files via unspecified filename references in the delfiles parameter. | |||||
| CVE-2017-10931 | 1 Zte | 2 Zxr10 1800-2s, Zxr10 1800-2s Firmware | 2017-09-27 | 5.0 MEDIUM | 7.5 HIGH |
| The ZXR10 1800-2S before v3.00.40 incorrectly restricts the download of the file directory range for WEB users, resulting in the ability to download any files and cause information leaks such as system configuration. | |||||
| CVE-2017-7974 | 1 Schneider-electric | 1 U.motion Builder | 2017-09-27 | 7.5 HIGH | 9.8 CRITICAL |
| A path traversal information disclosure vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can execute arbitrary code and exfiltrate files. | |||||
| CVE-2015-0550 | 1 Emc | 1 Documentum Thumbnail Server | 2017-09-23 | 8.5 HIGH | N/A |
| Directory traversal vulnerability in EMC Documentum Thumbnail Server 6.7SP1 before P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P01 allows remote attackers to bypass intended Content Server access restrictions via unspecified vectors. | |||||
| CVE-2015-4074 | 1 Helpdesk Pro Project | 1 Helpdesk Pro | 2017-09-22 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in the Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter in a ticket.download_attachment task. | |||||
| CVE-2017-14513 | 1 Metinfo | 1 Metinfo | 2017-09-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Directory traversal vulnerability in MetInfo 5.3.17 allows remote attackers to read information from any ini format file via the f_filename parameter in a fingerprintdo action to admin/app/physical/physical.php. | |||||
| CVE-2017-14514 | 1 Tenda | 2 W15e, W15e Firmware | 2017-09-21 | 5.0 MEDIUM | 7.5 HIGH |
| Directory Traversal on Tenda W15E devices before 15.11.0.14 allows remote attackers to read unencrypted files via a crafted URL. | |||||
| CVE-2015-1490 | 1 Symantec | 1 Endpoint Protection Manager | 2017-09-21 | 5.5 MEDIUM | N/A |
| Directory traversal vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to read arbitrary files via a relative pathname in a client installation package. | |||||
| CVE-2012-5978 | 1 Vmware | 1 View | 2017-09-19 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in the (1) View Connection Server and (2) View Security Server in VMware View 4.x before 4.6.2 and 5.x before 5.1.2 allow remote attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2011-0071 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Seamonkey and 1 more | 2017-09-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 on Windows allows remote attackers to determine the existence of arbitrary files, and possibly load resources, via vectors involving a resource: URL. | |||||
| CVE-2010-1391 | 2 Apple, Microsoft | 7 Mac Os X, Mac Os X Server, Safari and 4 more | 2017-09-19 | 4.3 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in the (a) Local Storage and (b) Web SQL database implementations in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allow remote attackers to create arbitrary database files via vectors involving a (1) %2f and .. (dot dot) or (2) %5c and .. (dot dot) in a URL. | |||||
| CVE-2009-5089 | 1 Ideacart | 1 Ideacart | 2017-09-19 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in IdeaCart 0.02 and 0.02a allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter. | |||||
| CVE-2009-4986 | 1 In-portal | 1 In-portal | 2017-09-19 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in In-Portal 4.3.1, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the env parameter. | |||||