ReportizFlow
Filtered by vendor
Subscriptions
Total
9185 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-5301 | 1 Trustport | 1 Webfilter | 2025-04-11 | N/A |
| Directory traversal vulnerability in help.php in Trustport Webfilter 5.5.0.2232 allows remote attackers to read arbitrary files via a .. (dot dot) in the hf parameter. | ||||
| CVE-2012-1497 | 1 Movabletype | 4 Movable Type Advanced, Movable Type Enterprise, Movable Type Open Source and 1 more | 2025-04-11 | N/A |
| The default configuration of Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 supports the "mt:Include file=" attribute, which allows remote authenticated users to conduct directory traversal attacks and read arbitrary files by leveraging the template-designer role. | ||||
| CVE-2013-5692 | 1 X2engine | 1 X2crm | 2025-04-11 | N/A |
| Directory traversal vulnerability in X2Engine X2CRM before 3.5 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the file parameter to index.php/admin/translationManager. | ||||
| CVE-2013-6000 | 1 Tattyan | 1 Tattyan Hptown | 2025-04-11 | N/A |
| Directory traversal vulnerability in Tattyan HP TOWN before 5_10_1 allows remote attackers to read arbitrary files via a .. (dot dot) in a request. | ||||
| CVE-2013-6030 | 1 Emerson | 1 Network Power Avocent Mergepoint Unity 2016 Firmware | 2025-04-11 | N/A |
| Directory traversal vulnerability on the Emerson Network Power Avocent MergePoint Unity 2016 (aka MPU2016) KVM switch with firmware 1.9.16473 allows remote attackers to read arbitrary files via unspecified vectors, as demonstrated by reading the /etc/passwd file. | ||||
| CVE-2010-3488 | 1 Houbysoft | 1 Quickshare | 2025-04-11 | N/A |
| Directory traversal vulnerability in QuickShare 1.0 allows remote attackers to read arbitrary files via a ... (triple dot) in the URL. | ||||
| CVE-2013-6127 | 1 Wellintech | 1 Kingview | 2025-04-11 | N/A |
| The SUPERGRIDLib.SuperGrid ActiveX control in SuperGrid.ocx before 65.30.30000.10002 in WellinTech KingView before 6.53 does not properly restrict ReplaceDBFile method calls, which allows remote attackers to create or overwrite arbitrary files, and subsequently execute arbitrary programs, via the two pathname arguments, as demonstrated by a directory traversal attack. | ||||
| CVE-2013-6177 | 1 Emc | 1 Document Sciences Xpression | 2025-04-11 | N/A |
| Directory traversal vulnerability in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Enterprise Edition Publish Engine, and Enterprise Edition Compuset Engine, allows remote authenticated users to read arbitrary files by leveraging xDashboard access. | ||||
| CVE-2013-6226 | 1 Ajaxplorer | 1 Ajaxplorer | 2025-04-11 | N/A |
| Directory traversal vulnerability in plugins/editor.zoho/agent/save_zoho.php in the Zoho plugin in Pydio (formerly AjaXplorer) before 5.0.4 allows remote attackers to read or delete arbitrary files via unspecified vectors. | ||||
| CVE-2011-4835 | 1 Homeseer | 1 Homeseer Hs2 | 2025-04-11 | N/A |
| Directory traversal vulnerability in the web interface in HomeSeer HS2 2.5.0.20 allows remote attackers to access arbitrary files via unspecified vectors. | ||||
| CVE-2010-1948 | 1 Openmairie | 1 Openfoncier | 2025-04-11 | N/A |
| Directory traversal vulnerability in scr/soustab.php in openMairie Openfoncier 2.00, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter, a related issue to CVE-2007-2069. | ||||
| CVE-2011-0494 | 1 Ibm | 1 Tivoli Access Manager For E-business | 2025-04-11 | N/A |
| Directory traversal vulnerability in WebSEAL in IBM Tivoli Access Manager for e-business 5.1 before 5.1.0.39-TIV-AWS-IF0040, 6.0 before 6.0.0.25-TIV-AWS-IF0026, 6.1.0 before 6.1.0.5-TIV-AWS-IF0006, and 6.1.1 before 6.1.1-TIV-AWS-FP0001 has unspecified impact and attack vectors. NOTE: this might overlap CVE-2010-4622. | ||||
| CVE-2011-0518 | 1 Lotuscms | 1 Fraise | 2025-04-11 | N/A |
| Directory traversal vulnerability in core/lib/router.php in LotusCMS Fraise 3.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via the system parameter to index.php. | ||||
| CVE-2010-1081 | 2 Corejoomla, Joomla | 2 Com Communitypolls, Joomla\! | 2025-04-11 | N/A |
| Directory traversal vulnerability in the Community Polls (com_communitypolls) component 1.5.2, and possibly earlier, for Core Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. | ||||
| CVE-2022-4779 | 1 Elvexys | 1 Streamx | 2025-04-11 | 7.5 High |
| StreamX applications from versions 6.02.01 to 6.04.34 are affected by a logic bug that allows to bypass the implemented authentication scheme. StreamX applications using StreamView HTML component with the public web server feature activated are affected. | ||||
| CVE-2024-3195 | 1 Mailcleaner | 1 Mailcleaner | 2025-04-10 | 4.7 Medium |
| A vulnerability was found in MailCleaner up to 2023.03.14. It has been classified as critical. This affects an unknown part of the component Admin Endpoints. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-262311. | ||||
| CVE-2024-39903 | 1 Widgetti | 1 Solara | 2025-04-10 | 8.6 High |
| Solara is a pure Python, React-style framework for scaling Jupyter and web apps. A Local File Inclusion (LFI) vulnerability was identified in widgetti/solara, in version <1.35.1, which was fixed in version 1.35.1. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as '../' when serving static files. An attacker can exploit this flaw by manipulating the fragment part of the URI to read arbitrary files on the local file system. | ||||
| CVE-2024-27776 | 2 Canonical, Milesight | 2 Ubuntu Linux, Devicehub | 2025-04-10 | 9.8 Critical |
| MileSight DeviceHub - CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') may allow Unauthenticated RCE | ||||
| CVE-2024-3783 | 1 Whitebearsolutions | 1 Wbsairback | 2025-04-10 | 7.7 High |
| The Backup Agents section in WBSAirback 21.02.04 is affected by a Path Traversal vulnerability, allowing a user with low privileges to download files from the system. | ||||
| CVE-2024-51966 | 1 Esri | 1 Arcgis Server | 2025-04-10 | 4.9 Medium |
| There is a path traversal vulnerability in ESRI ArcGIS Server versions 11.3 and below. Successful exploitation may allow a remote authenticated attacker with admin privileges to traverse the file system to access files outside of the intended directory. There is no impact to integrity or availability due to the nature of the files that can be accessed, but there is a potential high impact to confidentiality. | ||||