Total
6174 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-4680 | 1 Ioserver | 1 Ioserver | 2013-07-25 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in the XML Server in IOServer before 1.0.19.0, when the Root Directory pathname lacks a trailing \ (backslash) character, allows remote attackers to read arbitrary files or list arbitrary directories via a .. (dot dot) in a URI. | |||||
| CVE-2010-1217 | 2 Je Form Creator, Joomla | 2 Je Form Creator, Joomla | 2013-07-23 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in the JE Form Creator (com_jeformcr) component for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via directory traversal sequences in the view parameter to index.php. NOTE: the original researcher states that the affected product is JE Tooltip, not Form Creator; however, the exploit URL suggests that Form Creator is affected. | |||||
| CVE-2013-1224 | 1 Cisco | 1 Unified Customer Voice Portal | 2013-07-08 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in the Resource Manager in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 allows remote attackers to overwrite arbitrary files via a crafted (1) HTTP or (2) HTTPS request that triggers incorrect parameter validation, aka Bug ID CSCub38369. | |||||
| CVE-2013-4097 | 1 Ds3 | 1 Authentication Server | 2013-07-01 | 5.0 MEDIUM | N/A |
| ServerAdmin/TestDRConnection.jsp in DS3 Authentication Server allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in a -REG-E-OPEN error message. | |||||
| CVE-2013-4093 | 1 Imperva | 1 Securesphere | 2013-07-01 | 5.0 MEDIUM | N/A |
| The SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows remote attackers to obtain sensitive information via (1) a direct request to dwr/call/plaincall/AsyncOperationsContainer.getOperationState.dwr, which reveals the installation path in the s0.filePath field, or (2) a T/keyManagement request to plain/settings.html, which reveals a temporary path in an error message. | |||||
| CVE-2011-4518 | 1 Microsys | 1 Promotic | 2013-06-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the PmWebDir object in the web server in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2013-0136 | 1 Mutiny | 3 Mutiny, Mutiny Appliance, Mutiny Virtual Appliance | 2013-06-03 | 8.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in the EditDocument servlet in the Frontend in Mutiny before 5.0-1.11 allow remote authenticated users to upload and execute arbitrary programs, read arbitrary files, or cause a denial of service (file deletion or renaming) via (1) the uploadPath parameter in an UPLOAD operation; the paths[] parameter in a (2) DELETE, (3) CUT, or (4) COPY operation; or the newPath parameter in a (5) CUT or (6) COPY operation. | |||||
| CVE-2012-4705 | 1 3s-software | 1 Codesys Gateway-server | 2013-05-21 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via vectors involving a crafted pathname. | |||||
| CVE-2013-3504 | 1 Gwos | 1 Groundwork Monitor | 2013-05-08 | 5.5 MEDIUM | N/A |
| Directory traversal vulnerability in monarch.cgi in the MONARCH component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to overwrite arbitrary files by leveraging access to the nagios account. | |||||
| CVE-2013-1156 | 1 Cisco | 1 Prime Central For Hosted Collaboration Solution | 2013-05-01 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Cisco Prime Central for Hosted Collaboration Solution allows remote attackers to read arbitrary files via a crafted URL, aka Bug ID CSCud51034. | |||||
| CVE-2013-0673 | 1 Matrikonopc | 1 Matrikonopc A\&e Historian | 2013-05-01 | 9.4 HIGH | N/A |
| Directory traversal vulnerability in the web interface in the Health Monitor service in MatrikonOPC A&E Historian 1.0.0.0 allows remote attackers to read and delete arbitrary files via a crafted URL. | |||||
| CVE-2010-2322 | 1 Matthias Klose | 1 Fastjar | 2013-04-19 | 2.6 LOW | N/A |
| Absolute path traversal vulnerability in the extract_jar function in jartool.c in FastJar 0.98 allows remote attackers to create or overwrite arbitrary files via a full pathname for a file within a .jar archive, a related issue to CVE-2010-0831. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-3619. | |||||
| CVE-2010-0831 | 1 Matthias Klose | 1 Fastjar | 2013-04-19 | 5.8 MEDIUM | N/A |
| Directory traversal vulnerability in the extract_jar function in jartool.c in FastJar 0.98 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in a non-initial pathname component in a filename within a .jar archive, a related issue to CVE-2005-1080. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-3619. | |||||
| CVE-2012-4596 | 1 Mcafee | 1 Email Gateway | 2013-04-11 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in McAfee Email Gateway (MEG) 7.0.0 and 7.0.1 allows remote authenticated users to bypass intended access restrictions and download arbitrary files via a crafted URL. | |||||
| CVE-2012-0419 | 1 Novell | 1 Groupwise | 2013-04-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the agent HTTP interfaces in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 allows remote attackers to read arbitrary files via directory traversal sequences in a request. | |||||
| CVE-2011-1595 | 1 Rdesktop | 1 Rdesktop | 2013-04-05 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in the disk_create function in disk.c in rdesktop before 1.7.0, when disk redirection is enabled, allows remote RDP servers to read or overwrite arbitrary files via a .. (dot dot) in a pathname. | |||||
| CVE-2013-1079 | 1 Novell | 1 Zenworks Configuration Management | 2013-04-02 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in the ISCreateObject method in an ActiveX control in InstallShield\ISProxy.dll in AdminStudio in Novell ZENworks Configuration Management (ZCM) 10.3 through 11.2 allows remote attackers to execute arbitrary local DLL files via a crafted web page that also calls the Initialize method. | |||||
| CVE-2012-0410 | 1 Novell | 1 Groupwise | 2013-04-02 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in WebAccess in Novell GroupWise before 8.03 allows remote attackers to read arbitrary files via the User.interface parameter. | |||||
| CVE-2013-1082 | 1 Novell | 1 Zenworks Mobile Management | 2013-03-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in DUSAP.php in Novell ZENworks Mobile Management before 2.7.1 allows remote attackers to include and execute arbitrary local files via the language parameter. | |||||
| CVE-2013-1608 | 1 Symantec | 1 Netbackup Appliance | 2013-03-26 | 6.7 MEDIUM | N/A |
| Directory traversal vulnerability in the Management Console on the Symantec NetBackup (NBU) appliance 2.0.x allows remote attackers to read arbitrary files via unspecified vectors. | |||||