Total
6174 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-8913 | 1 Ibm | 1 Kenexa Lms On Cloud | 2017-02-07 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. | |||||
| CVE-2016-7569 | 1 Docker2aci Project | 1 Docker2aci | 2017-02-05 | 4.3 MEDIUM | 5.5 MEDIUM |
| Directory traversal vulnerability in docker2aci before 0.13.0 allows remote attackers to write to arbitrary files via a .. (dot dot) in the embedded layer data in an image. | |||||
| CVE-2016-5941 | 1 Ibm | 1 Kenexa Lms | 2017-02-05 | 3.5 LOW | 5.7 MEDIUM |
| IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing dot dot sequences (/../) to view arbitrary files on the system. | |||||
| CVE-2016-2087 | 1 Hexchat Project | 1 Hexchat | 2017-02-02 | 6.8 MEDIUM | 7.4 HIGH |
| Directory traversal vulnerability in the client in HexChat 2.11.0 allows remote IRC servers to read or modify arbitrary files via a .. (dot dot) in the server name. | |||||
| CVE-2016-6517 | 1 Liferay | 1 Liferay | 2017-01-26 | 7.5 HIGH | 9.8 CRITICAL |
| Directory traversal vulnerability in Liferay 5.1.0 allows remote attackers to have unspecified impact via a %2E%2E (encoded dot dot) in the minifierBundleDir parameter to barebone.jsp. | |||||
| CVE-2017-5480 | 1 B2evolution | 1 B2evolution | 2017-01-18 | 5.5 MEDIUM | 8.1 HIGH |
| Directory traversal vulnerability in inc/files/files.ctrl.php in b2evolution through 6.8.3 allows remote authenticated users to read or delete arbitrary files by leveraging back-office access to provide a .. (dot dot) in the fm_selected array parameter. | |||||
| CVE-2016-9950 | 2 Apport Project, Canonical | 2 Apport, Ubuntu Linux | 2017-01-07 | 9.3 HIGH | 7.8 HIGH |
| An issue was discovered in Apport before 2.20.4. There is a path traversal issue in the Apport crash file "Package" and "SourcePackage" fields. These fields are used to build a path to the package specific hook files in the /usr/share/apport/package-hooks/ directory. An attacker can exploit this path traversal to execute arbitrary Python files from the local system. | |||||
| CVE-2014-2626 | 1 Hp | 1 Network Virtualization | 2017-01-07 | 9.4 HIGH | N/A |
| Directory traversal vulnerability in the toServerObject function in HP Network Virtualization 8.6 (aka Shunra Network Virtualization) allows remote attackers to create files, and consequently execute arbitrary code, via crafted input, aka ZDI-CAN-2024. | |||||
| CVE-2014-2625 | 1 Hp | 1 Network Virtualization | 2017-01-07 | 8.5 HIGH | N/A |
| Directory traversal vulnerability in the storedNtxFile function in HP Network Virtualization 8.6 (aka Shunra Network Virtualization) allows remote attackers to read arbitrary files via crafted input, aka ZDI-CAN-2023. | |||||
| CVE-2013-5528 | 1 Cisco | 1 Unified Communications Manager | 2017-01-04 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in the Tomcat administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via directory traversal sequences in an unspecified input string, aka Bug ID CSCui78815. | |||||
| CVE-2016-9210 | 1 Cisco | 1 Unified Communications Manager | 2017-01-04 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the Cisco Unified Reporting upload tool accessed via the Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to modify arbitrary files on the file system. More Information: CSCvb61698. Known Affected Releases: 11.5(1.11007.2). Known Fixed Releases: 12.0(0.98000.168) 12.0(0.98000.178) 12.0(0.98000.399) 12.0(0.98000.510) 12.0(0.98000.536) 12.0(0.98500.7). | |||||
| CVE-2015-1087 | 1 Apple | 1 Iphone Os | 2017-01-03 | 2.1 LOW | N/A |
| Directory traversal vulnerability in Backup in Apple iOS before 8.3 allows attackers to read arbitrary files via a crafted relative path. | |||||
| CVE-2014-8019 | 1 Cisco | 1 Enterprise Content Delivery System | 2017-01-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Cisco Enterprise Content Delivery System (ECDS) allows remote attackers to read arbitrary files via a crafted URL, aka Bug ID CSCuo90148. | |||||
| CVE-2013-7174 | 1 Qnap | 1 Qts | 2016-12-31 | 7.8 HIGH | N/A |
| Absolute path traversal vulnerability in cgi-bin/jc.cgi in QNAP QTS before 4.1.0 allows remote attackers to read arbitrary files via a full pathname in the f parameter. | |||||
| CVE-2013-6030 | 1 Emerson | 1 Network Power Avocent Mergepoint Unity 2016 Firmware | 2016-12-31 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability on the Emerson Network Power Avocent MergePoint Unity 2016 (aka MPU2016) KVM switch with firmware 1.9.16473 allows remote attackers to read arbitrary files via unspecified vectors, as demonstrated by reading the /etc/passwd file. | |||||
| CVE-2013-3706 | 1 Novell | 1 Zenworks Configuration Management | 2016-12-31 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the PreBoot service in Novell ZENworks Configuration Management (ZCM) 11.2 allows remote attackers to read arbitrary files via a .. (dot dot) in a preboot update pathname, aka ZDI-CAN-1595. | |||||
| CVE-2016-2933 | 1 Ibm | 1 Bigfix Remote Control | 2016-12-30 | 6.8 MEDIUM | 6.8 MEDIUM |
| Directory traversal vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote authenticated administrators to read arbitrary files via a crafted request. | |||||
| CVE-2016-10038 | 1 Modx | 1 Modx Revolution | 2016-12-29 | 7.5 HIGH | 7.3 HIGH |
| Directory traversal in /connectors/index.php in MODX Revolution before 2.5.2-pl allows remote attackers to perform local file inclusion/traversal/manipulation via a crafted dir parameter, related to browser/directory/remove. | |||||
| CVE-2015-1884 | 1 Ibm | 2 Business Process Manager, Websphere | 2016-12-28 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 and WebSphere Lombardi Edition (WLE) 7.2 through 7.2.0.5 allows remote authenticated users to read arbitrary files via a crafted internationalization-file URL. | |||||
| CVE-2015-7006 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2016-12-24 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in the BOM (aka Bill of Materials) component in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code via a crafted CPIO archive. | |||||