Total
7262 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2010-1473 | 2 Johnmccollum, Joomla | 2 Com Advertising, Joomla\! | 2025-04-11 | 6.8 MEDIUM | N/A |
Directory traversal vulnerability in the Advertising (com_advertising) component 0.25 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. | |||||
CVE-2009-4960 | 1 Lanai-core | 1 Lanai-core | 2025-04-11 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in modules/backup/download.php in Lanai Core 0.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the f parameter. | |||||
CVE-2012-1497 | 1 Movabletype | 4 Movable Type Advanced, Movable Type Enterprise, Movable Type Open Source and 1 more | 2025-04-11 | 4.0 MEDIUM | N/A |
The default configuration of Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 supports the "mt:Include file=" attribute, which allows remote authenticated users to conduct directory traversal attacks and read arbitrary files by leveraging the template-designer role. | |||||
CVE-2010-2322 | 1 Matthias Klose | 1 Fastjar | 2025-04-11 | 2.6 LOW | N/A |
Absolute path traversal vulnerability in the extract_jar function in jartool.c in FastJar 0.98 allows remote attackers to create or overwrite arbitrary files via a full pathname for a file within a .jar archive, a related issue to CVE-2010-0831. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-3619. | |||||
CVE-2012-5171 | 1 Be-graph | 1 Bezip | 2025-04-11 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in Be Graph BeZIP before 3.10 allows remote attackers to create or overwrite arbitrary files via a crafted archive file. | |||||
CVE-2014-0803 | 2 Google, Yuichiro Okuyama | 3 Android, Tetra Filer, Tetra Filer Free | 2025-04-11 | 5.8 MEDIUM | N/A |
Directory traversal vulnerability in the tetra filer application 2.3.1 and earlier for Android 4.0.3, tetra filer free application 2.3.1 and earlier for Android 4.0.3, tetra filer application 1.5.1 and earlier for Android before 4.0.3, and tetra filer free application 1.5.1 and earlier for Android before 4.0.3 allows attackers to overwrite or create arbitrary files via unspecified vectors. | |||||
CVE-2011-1932 | 1 Widelands | 1 Widelands | 2025-04-11 | 6.4 MEDIUM | N/A |
Directory traversal vulnerability in io/filesystem/filesystem.cc in Widelands before 15.1 might allow remote attackers to overwrite arbitrary files via . (dot) characters in a pathname that is used for a file transfer in an Internet game. | |||||
CVE-2013-2979 | 1 Ibm | 2 Infosphere Optim Performance Manager, Optim Performance Manager | 2025-04-11 | 4.0 MEDIUM | N/A |
Directory traversal vulnerability in IBM Optim Performance Manager 4.1.1 and IBM InfoSphere Optim Performance Manager 5.x before 5.2 allows remote authenticated users to read arbitrary files via a crafted URL. | |||||
CVE-2013-2900 | 3 Debian, Google, Microsoft | 3 Debian Linux, Chrome, Windows | 2025-04-11 | 7.5 HIGH | N/A |
The FilePath::ReferencesParent function in files/file_path.cc in Google Chrome before 29.0.1547.57 on Windows does not properly handle pathname components composed entirely of . (dot) and whitespace characters, which allows remote attackers to conduct directory traversal attacks via a crafted directory name. | |||||
CVE-2010-2680 | 2 Harmistechnology, Joomla | 2 Com Jesectionfinder, Joomla\! | 2025-04-11 | 6.8 MEDIUM | N/A |
Directory traversal vulnerability in the JExtensions JE Section/Property Finder (jesectionfinder) component for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the view parameter to index.php. | |||||
CVE-2010-1062 | 1 Phpkobo | 1 Free Real Estate Contact Form Script | 2025-04-11 | 6.8 MEDIUM | N/A |
Directory traversal vulnerability in codelib/sys/common.inc.php in Phpkobo Free Real Estate Contact Form 1.09, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the LANG_CODE parameter. NOTE: some of these details are obtained from third party information. | |||||
CVE-2011-0426 | 1 Vmware | 2 Vcenter, Virtualcenter | 2025-04-11 | 4.3 MEDIUM | N/A |
Directory traversal vulnerability in vCenter Server in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1, and VMware VirtualCenter 2.5 before Update 6a, allows remote attackers to read arbitrary files via unspecified vectors. | |||||
CVE-2009-2693 | 1 Apache | 1 Tomcat | 2025-04-11 | 5.8 MEDIUM | N/A |
Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry. | |||||
CVE-2012-0419 | 1 Novell | 1 Groupwise | 2025-04-11 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in the agent HTTP interfaces in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 allows remote attackers to read arbitrary files via directory traversal sequences in a request. | |||||
CVE-2011-4518 | 1 Microsys | 1 Promotic | 2025-04-11 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in the PmWebDir object in the web server in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to read arbitrary files via unspecified vectors. | |||||
CVE-2012-5386 | 1 Nicolas Tormo | 1 Phppaleo | 2025-04-11 | 6.8 MEDIUM | N/A |
Directory traversal vulnerability in index.php in phpPaleo 4.8b180 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the phppaleo4_lang cookie, a different vulnerability than CVE-2012-1671. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2009-4986 | 1 In-portal | 1 In-portal | 2025-04-11 | 6.8 MEDIUM | N/A |
Directory traversal vulnerability in index.php in In-Portal 4.3.1, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the env parameter. | |||||
CVE-2010-0676 | 2 Joomla, Weberr | 2 Joomla\!, Com Rwcards | 2025-04-11 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in index.php in the RWCards (com_rwcards) component 3.0.18 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter. | |||||
CVE-2013-7138 | 1 Horizon Quick Content Management System Project | 1 Horizon Quick Content Management System | 2025-04-11 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in lib/functions/d-load.php in Horizon Quick Content Management System (QCMS) 4.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the start parameter. | |||||
CVE-2014-0751 | 1 Ge | 3 Intelligent Platforms Proficy Hmi\%2fscada Cimplicity, Intelligent Platforms Proficy Hmi\/scada Cimplicity, Intelligent Platforms Proficy Process Systems With Cimplicity | 2025-04-11 | 7.5 HIGH | N/A |
Directory traversal vulnerability in CimWebServer.exe (aka the WebView component) in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY before 8.2 SIM 24, and Proficy Process Systems with CIMPLICITY, allows remote attackers to execute arbitrary code via a crafted message to TCP port 10212, aka ZDI-CAN-1623. |