ReportizFlow
Filtered by vendor
Subscriptions
Total
8493 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-7985 | 1 Espocrm | 1 Espocrm | 2025-04-12 | N/A |
| Directory traversal vulnerability in EspoCRM before 2.6.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter to install/index.php. | ||||
| CVE-2014-9119 | 1 Db Backup Project | 1 Db Backup | 2025-04-12 | N/A |
| Directory traversal vulnerability in download.php in the DB Backup plugin 4.5 and earlier for Wordpress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | ||||
| CVE-2014-100015 | 1 Solidworks | 1 Product Data Management | 2025-04-12 | N/A |
| Directory traversal vulnerability in pdmwService.exe in SolidWorks Workgroup PDM 2014 allows remote attackers to write to arbitrary files via a .. (dot dot) in the filename in a file upload. | ||||
| CVE-2015-1365 | 1 Pixabay Images Project | 1 Pixabay Images | 2025-04-12 | N/A |
| Directory traversal vulnerability in pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress allows remote attackers to write to arbitrary files via a .. (dot dot) in the q parameter. | ||||
| CVE-2015-6459 | 1 Ge | 1 Mds Pulsenet | 2025-04-12 | N/A |
| Absolute path traversal vulnerability in the download feature in FileDownloadServlet in GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise before 3.1.5 allows remote attackers to read or delete arbitrary files via a full pathname. | ||||
| CVE-2015-1003 | 1 Ininet Solutions | 1 Scada Web Server | 2025-04-12 | N/A |
| Directory traversal vulnerability in IniNet embeddedWebServer (aka eWebServer) before 2.02 allows remote attackers to read arbitrary files via a crafted pathname. | ||||
| CVE-2013-4413 | 2 Ruby-lang, Schneems | 2 Ruby, Wicked | 2025-04-12 | N/A |
| Directory traversal vulnerability in controller/concerns/render_redirect.rb in the Wicked gem before 1.0.1 for Ruby allows remote attackers to read arbitrary files via a %2E%2E%2F (encoded dot dot slash) in the step. | ||||
| CVE-2015-6406 | 1 Cisco | 1 Emergency Responder | 2025-04-12 | N/A |
| Directory traversal vulnerability in the Tools menu in Cisco Emergency Responder 10.5(1.10000.5) allows remote authenticated users to write to arbitrary files via a crafted filename, aka Bug ID CSCuv21781. | ||||
| CVE-2015-7237 | 1 Mcafee | 1 Mcafee Agent | 2025-04-12 | N/A |
| Directory traversal vulnerability in the remote log viewing functionality in McAfee Agent (MA) 5.x before 5.0.2 allows remote attackers to obtain sensitive information via unspecified vectors. | ||||
| CVE-2014-2864 | 1 Paperthin | 1 Commonspot Content Server | 2025-04-12 | N/A |
| Multiple directory traversal vulnerabilities in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allow remote attackers to have an unspecified impact via a filename parameter containing directory traversal sequences. | ||||
| CVE-2015-4703 | 1 Rename Project | 1 Rename | 2025-04-12 | N/A |
| Absolute path traversal vulnerability in mysqldump_download.php in the WordPress Rename plugin 1.0 for WordPress allows remote attackers to read arbitrary files via a full pathname in the dumpfname parameter. | ||||
| CVE-2015-8565 | 1 Joomla | 1 Joomla\! | 2025-04-12 | N/A |
| Directory traversal vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via unknown vectors. | ||||
| CVE-2014-2863 | 1 Paperthin | 1 Commonspot Content Server | 2025-04-12 | N/A |
| Multiple absolute path traversal vulnerabilities in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allow remote attackers to have an unspecified impact via a full pathname in a parameter. | ||||
| CVE-2014-9155 | 1 Avatar Uploader Project | 1 Avatar Uploader | 2025-04-12 | N/A |
| Directory traversal vulnerability in the Avatar Uploader module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.0-beta6 for Drupal allows remote authenticated users to read arbitrary files via a .. (dot dot) in the path of a cropped picture in the uploader panel. | ||||
| CVE-2014-9574 | 1 Fluxbb | 1 Fluxbb | 2025-04-12 | N/A |
| Directory traversal vulnerability in install.php in FluxBB before 1.5.8 allows remote attackers to include and execute arbitrary local install.php files via a .. (dot dot) in the install_lang parameter. | ||||
| CVE-2013-6768 | 2 Google, Koushik Dutta | 2 Android, Superuser | 2025-04-12 | N/A |
| Untrusted search path vulnerability in the CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.2.x and earlier allows attackers to trigger the launch of a Trojan horse app_process program via a crafted PATH environment variable for a /system/xbin/su process. | ||||
| CVE-2015-6003 | 1 Qnap | 1 Qts | 2025-04-12 | N/A |
| Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account. | ||||
| CVE-2014-5197 | 1 Splunk | 1 Splunk | 2025-04-12 | N/A |
| Directory traversal vulnerability in (1) Splunk Web or the (2) Splunkd HTTP Server in Splunk Enterprise 6.1.x before 6.1.3 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URI, related to search ids. | ||||
| CVE-2016-10039 | 1 Modx | 1 Modx Revolution | 2025-04-12 | 7.3 High |
| Directory traversal in /connectors/index.php in MODX Revolution before 2.5.2-pl allows remote attackers to perform local file inclusion/traversal/manipulation via a crafted dir parameter, related to browser/directory/getfiles. | ||||
| CVE-2015-0665 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2025-04-12 | N/A |
| The Hostscan module in Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local users to write to arbitrary files via crafted IPC messages, aka Bug ID CSCus79173. | ||||