Search Results (8230 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-4152 1 Elastic 1 Logstash 2025-04-12 N/A
Directory traversal vulnerability in the file output plugin in Elasticsearch Logstash before 1.4.3 allows remote attackers to write to arbitrary files via vectors related to dynamic field references in the path option.
CVE-2014-4940 1 Tera Charts Plugin Project 1 Tera-charts 2025-04-12 N/A
Multiple directory traversal vulnerabilities in Tera Charts (tera-charts) plugin 0.1 for WordPress allow remote attackers to read arbitrary files via a .. (dot dot) in the fn parameter to (1) charts/treemap.php or (2) charts/zoomabletreemap.php.
CVE-2015-2996 1 Sysaid 1 Sysaid 2025-04-12 N/A
Multiple directory traversal vulnerabilities in SysAid Help Desk before 15.2 allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the fileName parameter to getGfiUpgradeFile or (2) cause a denial of service (CPU and memory consumption) via a .. (dot dot) in the fileName parameter to calculateRdsFileChecksum.
CVE-2015-7250 1 Zte 2 Zxhn H108n R1a, Zxhn H108n R1a Firmware 2025-04-12 N/A
Absolute path traversal vulnerability in cgi-bin/webproc on ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allows remote attackers to read arbitrary files via a full pathname in the getpage parameter.
CVE-2015-5065 1 Intelligent-it 1 Paypal Currency Converter Basic For Woocommerce 2025-04-12 N/A
Absolute path traversal vulnerability in proxy.php in the google currency lookup in the Paypal Currency Converter Basic For WooCommerce plugin before 1.4 for WordPress allows remote attackers to read arbitrary files via a full pathname in the requrl parameter.
CVE-2016-1593 1 Novell 1 Service Desk 2025-04-12 N/A
Directory traversal vulnerability in the import users feature in Micro Focus Novell Service Desk before 7.2 allows remote authenticated administrators to upload and execute arbitrary JSP files via a .. (dot dot) in a filename within a multipart/form-data POST request to a LiveTime.woa URL.
CVE-2014-9493 2 Openstack, Redhat 2 Image Registry And Delivery Service \(glance\), Openstack 2025-04-12 N/A
The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.2.2 and 2014.1.4 allows remote authenticated users to read or delete arbitrary files via a full pathname in a file: URL in the image location property.
CVE-2015-2971 1 Seeds 1 Acmailer 2025-04-12 N/A
Directory traversal vulnerability in Seeds acmailer before 3.8.18 and 3.9.x before 3.9.12 Beta allows remote authenticated users to delete arbitrary files via a crafted string.
CVE-2013-6768 2 Google, Koushik Dutta 2 Android, Superuser 2025-04-12 N/A
Untrusted search path vulnerability in the CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.2.x and earlier allows attackers to trigger the launch of a Trojan horse app_process program via a crafted PATH environment variable for a /system/xbin/su process.
CVE-2015-4546 1 Emc 2 Rsa Certificate Manager, Rsa Onestep 2025-04-12 N/A
Directory traversal vulnerability in EMC RSA OneStep 6.9 before build 559, as used in RSA Certificate Manager and RSA Registration Manager through 6.9 build 558 and other products, allows remote attackers to read arbitrary files via a crafted KCSOSC_ERROR_PAGE parameter.
CVE-2013-3295 1 Exponentcms 1 Exponent Cms 2025-04-12 N/A
Directory traversal vulnerability in install/popup.php in Exponent CMS before 2.2.0 RC1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.
CVE-2016-6614 1 Phpmyadmin 1 Phpmyadmin 2025-04-12 N/A
An issue was discovered in phpMyAdmin involving the %u username replacement functionality of the SaveDir and UploadDir features. When the username substitution is configured, a specially-crafted user name can be used to circumvent restrictions to traverse the file system. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.
CVE-2015-0552 2 Gnome, Opensuse 2 Gcab, Opensuse 2025-04-12 N/A
Directory traversal vulnerability in the gcab_folder_extract function in libgcab/gcab-folder.c in gcab 0.4 allows remote attackers to write to arbitrary files via crafted path in a CAB file, as demonstrated by "\tmp\moo."
CVE-2014-4507 1 Theforeman 1 Foreman 2025-04-12 N/A
Directory traversal vulnerability in Smart-Proxy in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the dst parameter to tftp/fetch_boot_file.
CVE-2014-9512 3 Opensuse, Oracle, Samba 3 Opensuse, Solaris, Rsync 2025-04-12 N/A
rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path.
CVE-2013-2085 1 Owncloud 1 Owncloud 2025-04-12 N/A
Directory traversal vulnerability in apps/files_trashbin/index.php in ownCloud Server before 5.0.6 allows remote authenticated users to access arbitrary files via a .. (dot dot) in the dir parameter.
CVE-2014-4937 1 Bookx Plugin Project 1 Bookx 2025-04-12 N/A
Directory traversal vulnerability in includes/bookx_export.php BookX plugin 1.7 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
CVE-2015-5353 1 Novius-os 1 Novius Os 2025-04-12 N/A
Directory traversal vulnerability in Novius OS 5.0.1 (Elche) allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tab parameter to admin/.
CVE-2013-3706 1 Novell 1 Zenworks Configuration Management 2025-04-12 N/A
Directory traversal vulnerability in the PreBoot service in Novell ZENworks Configuration Management (ZCM) 11.2 allows remote attackers to read arbitrary files via a .. (dot dot) in a preboot update pathname, aka ZDI-CAN-1595.
CVE-2016-6138 1 Sap 1 Trex 2025-04-12 N/A
Directory traversal vulnerability in SAP TREX 7.10 Revision 63 allows remote attackers to read arbitrary files via unspecified vectors, aka SAP Security Note 2203591.