Medium
CVE-2013-5107
Directory traversal vulnerability in RockMongo 1.1.5 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the ROCK_LANG cookie, as demonstrated in a login.index action to…
Tag: Path Traversal
All CVEs associated with "Path Traversal". Page 51/72 • 8591 CVEs.
Subscribe CVEs: RSS for “Path Traversal” · RSS (High+Critical only)
About “Path Traversal”
A curated feed of “Path Traversal”-related CVEs appears below. We currently track 8591 CVEs for this tag (all time). In the last 365 days, 1471 were published. Average CVSS is 6.8 (all time; 6.9 over 365d), and 49% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), CWE-23 - Relative Path Traversal, CWE-35 - Path Traversal: '.../...//'.
In our taxonomy this topic maps to a MODERATE impact class. Common exploitation patterns for this weakness can lead to moderate. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2013-12-14
2013-12-13
Medium
CVE-2013-7091
Directory traversal vulnerability in /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz in Zimbra 7.2.2 and 8.0.2 allows remote attackers to read arbitrary files via a .. (…
2013-12-07
Medium
CVE-2013-6397
Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) or full pathname in the tr parameter to solr/selec…
2013-12-05
Medium
CVE-2013-3921
Directory traversal vulnerability in Easytime Studio Easy File Manager 1.1 for iOS allows remote attackers to read arbitrary files via a ..%2f (encoded dot dot slash) to the default URI.
Medium
CVE-2013-6000
Directory traversal vulnerability in Tattyan HP TOWN before 5_10_1 allows remote attackers to read arbitrary files via a .. (dot dot) in a request.
2013-11-26
Medium
CVE-2013-3923
Directory traversal vulnerability in SavySoda WiFi HD Free before 7.0 allows remote attackers to read arbitrary files via a ..%2f (encoded dot dot slash) in a GET request.
Medium
CVE-2013-4524
Directory traversal vulnerability in repository/filesystem/lib.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 allows remote authenticated users to read…
2013-11-25
High
CVE-2013-3922
Directory traversal vulnerability in Gummy Bear Studios FTP Drive + HTTP Server 1.0.4 and earlier allows remote attackers to read arbitrary files via a ..%2f (encoded dot dot slash) in a GET request.
2013-11-23
Medium
CVE-2013-6864
Directory traversal vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenti…
2013-11-21
Low
CVE-2013-6177
Directory traversal vulnerability in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Enterprise Edition Publish E…
2013-11-20
Medium
CVE-2013-6827
Absolute path traversal vulnerability in admin/viewmsg.php in PineApp Mail-SeCure allows remote attackers to read arbitrary files via a full pathname in the msg parameter.
Medium
CVE-2013-6821
Directory traversal vulnerability in the Exportability Check Service in SAP NetWeaver allows remote attackers to read arbitrary files via unspecified vectors.
2013-11-18
Medium
CVE-2013-6688
Directory traversal vulnerability in the license-upload interface in the Enterprise License Manager (ELM) component in Cisco Unified Communications Manager 9.1(1) and earlier allows remote authentica…
High
CVE-2013-4510
Directory traversal vulnerability in the client in Tryton 3.0.0, as distributed before 20131104 and earlier, allows remote servers to write arbitrary files via path separators in the extension of a r…
2013-11-14
High
CVE-2013-6226
Directory traversal vulnerability in plugins/editor.zoho/agent/save_zoho.php in the Zoho plugin in Pydio (formerly AjaXplorer) before 5.0.4 allows remote attackers to read or delete arbitrary files v…
2013-11-08
High
CVE-2013-5554
Directory traversal vulnerability in the web-management interface in the server in Cisco Wide Area Application Services (WAAS) Mobile before 3.5.5 allows remote attackers to upload and execute arbitr…
2013-11-06
Critical
CVE-2013-3626
Directory traversal vulnerability in the Session Server in Attachmate Verastream Host Integrator (VHI) 6.0 through 7.5 SP 1 HF 1 allows remote attackers to upload and execute arbitrary files via a cr…
2013-11-05
Medium
CVE-2013-5688
Multiple directory traversal vulnerabilities in index.php in AjaXplorer 5.0.2 and earlier allow remote authenticated users to read arbitrary files via a ../%00 (dot dot backslash encoded null byte) i…
2013-11-02
High
CVE-2013-6023
Directory traversal vulnerability in the TVT TD-2308SS-B DVR with firmware 3.2.0.P-3520A-00 and earlier allows remote attackers to read arbitrary files via .. (dot dot) in the URI.
Medium
CVE-2013-1084
Directory traversal vulnerability in the GetFle method in the umaninv service in Novell ZENworks Configuration Management (ZCM) 11.2.3 allows remote attackers to read arbitrary files via a .. (dot do…
2013-10-26
Medium
CVE-2013-4885
The http-domino-enum-passwords.nse script in NMap before 6.40, when domino-enum-passwords.idpath is set, allows remote servers to upload "arbitrarily named" files via a crafted FullName parameter in…
2013-10-25
Medium
CVE-2013-6128
The KCHARTXYLib.KChartXY ActiveX control in KChartXY.ocx before 65.30.30000.10002 in WellinTech KingView before 6.53 does not properly restrict SaveToFile method calls, which allows remote attackers…
Medium
CVE-2013-6127
The SUPERGRIDLib.SuperGrid ActiveX control in SuperGrid.ocx before 65.30.30000.10002 in WellinTech KingView before 6.53 does not properly restrict ReplaceDBFile method calls, which allows remote atta…
2013-10-19
Medium
CVE-2013-5534
Directory traversal vulnerability in the attachment service in the Voice Message Web Service (aka VMWS or Cisco Unity Web Service) in Cisco Unity Connection allows remote authenticated users to creat…
2013-10-11
Medium
CVE-2013-4173
Directory traversal vulnerability in the trend-data daemon (xymond_rrd) in Xymon 4.x before 4.3.12 allows remote attackers to delete arbitrary files via a .. (dot dot) in the host name in a "drophost…
Medium
CVE-2013-5528
Directory traversal vulnerability in the Tomcat administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via directory traversal…
2013-10-05
Medium
CVE-2012-4141
Directory traversal vulnerability in the CLI parser in Cisco NX-OS allows local users to create arbitrary script files via a relative pathname in the "file name" parameter, aka Bug IDs CSCua71557 and…
2013-10-04
High
CVE-2013-3541
Directory traversal vulnerability in cgi-bin/admin/fileread in AirLive WL2600CAM and possibly other camera models allows remote attackers to read arbitrary files via a .. (dot dot) in the READ.filePa…
2013-10-02
Medium
CVE-2013-5979
Directory traversal vulnerability in Spring Signage Xibo 1.2.x before 1.2.3 and 1.4.x before 1.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter to index.php.
Medium
CVE-2012-4104
Absolute path traversal vulnerability in the image-download process in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to overwrite or delete arbitrary fi…
2013-09-30
High
CVE-2013-5692
Directory traversal vulnerability in X2Engine X2CRM before 3.5 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the file parameter to inde…
2013-09-28
Critical
CVE-2013-2068
Multiple directory traversal vulnerabilities in the AgentController in Red Hat CloudForms Management Engine 2.0 allow remote attackers to create and overwrite arbitrary files via a .. (dot dot) in th…
2013-09-23
Critical
CVE-2013-5486
Directory traversal vulnerability in processImageSave.jsp in DCNM-SAN Server in Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to write arbitrary files via the c…
2013-09-16
Medium
CVE-2013-5751
Directory traversal vulnerability in SAP NetWeaver 7.x allows remote attackers to read arbitrary files via unspecified vectors.
Medium
CVE-2013-4315
Directory traversal vulnerability in Django 1.4.x before 1.4.7, 1.5.x before 1.5.3, and 1.6.x before 1.6 beta 3 allows remote attackers to read arbitrary files via a file path in the ALLOWED_INCLUDE_…
2013-09-12
Medium
CVE-2013-5216
Directory traversal vulnerability in logreader/uploadreader.jsp in CapaSystems Performance Guard before 6.2.102 allows remote attackers to read arbitrary files via unspecified vectors.
2013-09-10
Critical
CVE-2013-3658
Directory traversal vulnerability in VMware ESXi 4.0 through 5.0, and ESX 4.0 and 4.1, allows remote attackers to delete arbitrary host OS files via unspecified vectors.
2013-09-09
Medium
CVE-2013-4900
Directory traversal vulnerability in DeWeS web server 0.4.2 and possibly earlier, as used in Twilight CMS, allows remote attackers to read arbitrary files via a ..%5c (dot dot encoded backslash) in a…
2013-09-05
Medium
CVE-2013-1645
Directory traversal vulnerability in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 allows remote authenticated users to read arbitrary files via a .. (dot dot)…
2013-08-30
Medium
CVE-2013-4702
Multiple directory traversal vulnerabilities in the doApiAction function in data/class/api/SC_Api_Operation.php in LOCKON EC-CUBE 2.12.0 through 2.12.5 on Windows allow remote attackers to read arbit…
2013-08-29
Medium
CVE-2013-5648
Absolute path traversal vulnerability in the handleStartDataFile function in DigiDocSAXParser.c in libdigidoc 3.6.0.0, as used in ID-software before 3.7.2 and other products, allows remote attackers…
2013-08-28
Medium
CVE-2013-3598
Directory traversal vulnerability in servlet/CreateTemplateServlet in SearchBlox before 7.5 build 1 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the name parameter.
2013-08-27
Low
CVE-2013-2988
Absolute path traversal vulnerability in the server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1, 10.1.1, 10.2, and 10.2.1 allows remote authenticated users to read files by leveraging the Re…
Low
CVE-2013-2978
Absolute path traversal vulnerability in the server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1, 10.1.1, 10.2, and 10.2.1 allows remote authenticated users to read files by leveraging the Re…
2013-08-22
Medium
CVE-2013-2979
Directory traversal vulnerability in IBM Optim Performance Manager 4.1.1 and IBM InfoSphere Optim Performance Manager 5.x before 5.2 allows remote authenticated users to read arbitrary files via a cr…
2013-08-21
High
CVE-2013-2900
The FilePath::ReferencesParent function in files/file_path.cc in Google Chrome before 29.0.1547.57 on Windows does not properly handle pathname components composed entirely of . (dot) and whitespace…
2013-08-16
High
CVE-2013-5301
Directory traversal vulnerability in help.php in Trustport Webfilter 5.5.0.2232 allows remote attackers to read arbitrary files via a .. (dot dot) in the hf parameter.
2013-08-12
Medium
CVE-2013-3457
Absolute path traversal vulnerability in the web interface in Cisco Finesse allows remote attackers to read directory contents via a direct request to a directory URL, aka Bug ID CSCug16772.
2013-08-09
Medium
CVE-2013-2117
Directory traversal vulnerability in the cgit_parse_readme function in ui-summary.c in cgit before 0.9.2, when a readme file is set to a filesystem path, allows remote attackers to read arbitrary fil…
Critical
CVE-2013-0150
Directory traversal vulnerability in an unspecified signed Java applet in the client-side components in F5 BIG-IP APM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, FirePass 6.0.0 through 6.1.0 and…
2013-08-06
Critical
CVE-2013-5022
Absolute path traversal vulnerability in the 3D Graph ActiveX control in cw3dgrph.ocx in National Instruments LabWindows/CVI 2012 SP1 and earlier, LabVIEW 2012 SP1 and earlier, and other products all…
Critical
CVE-2013-5021
Multiple absolute path traversal vulnerabilities in National Instruments cwui.ocx, as used in National Instruments LabWindows/CVI 2012 SP1 and earlier, National Instruments LabVIEW 2012 SP1 and earli…
2013-07-25
High
CVE-2013-3429
Multiple directory traversal vulnerabilities in Cisco Video Surveillance Manager (VSM) before 7.0.0 allow remote attackers to read system files via a crafted URL, related to the Cisco_VSBWT (aka Broa…
2013-07-18
Medium
CVE-2013-4668
Directory traversal vulnerability in File Roller 3.6.x before 3.6.4, 3.8.x before 3.8.3, and 3.9.x before 3.9.3, when libarchive is used, allows remote attackers to create arbitrary files via a craft…
2013-07-03
Medium
CVE-2013-2984
Directory traversal vulnerability in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allows remote authenticated users to read or modify files via unspecified vectors.
2013-06-30
Medium
CVE-2013-3654
Directory traversal vulnerability in LOCKON EC-CUBE 2.12.0 through 2.12.4 allows remote attackers to read arbitrary image files via vectors related to data/class/SC_CheckError.php and data/class/SC_F…
Medium
CVE-2013-3650
Directory traversal vulnerability in the lfCheckFileName function in data/class/pages/LC_Page_ResizeImage.php in LOCKON EC-CUBE before 2.12.5 allows remote attackers to read arbitrary image files via…
2013-06-17
Medium
CVE-2013-2981
Directory traversal vulnerability in the Web Console in IBM Data Studio 3.1.0 and 3.1.1 allows remote attackers to read arbitrary files via unspecified vectors.
2013-06-14
High
CVE-2013-3574
Absolute path traversal vulnerability in hpdiags/frontend2/commands/saveCompareConfig.php in HP Insight Diagnostics 9.4.0.4710 allows remote attackers to write data to arbitrary files via a full path…
2013-06-01
High
CVE-2013-0136
Multiple directory traversal vulnerabilities in the EditDocument servlet in the Frontend in Mutiny before 5.0-1.11 allow remote authenticated users to upload and execute arbitrary programs, read arbi…
2013-05-23
Medium
CVE-2011-4518
Directory traversal vulnerability in the PmWebDir object in the web server in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to read arbitrary files via unspecified vectors.
2013-05-09
High
CVE-2013-1224
Directory traversal vulnerability in the Resource Manager in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 allows remote attackers to overwrite arbitrary files via a crafted (…
2013-05-08
Medium
CVE-2013-3504
Directory traversal vulnerability in monarch.cgi in the MONARCH component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to overwrite arbitrary files by leveraging access to…
2013-05-01
Medium
CVE-2013-1156
Directory traversal vulnerability in Cisco Prime Central for Hosted Collaboration Solution allows remote attackers to read arbitrary files via a crafted URL, aka Bug ID CSCud51034.
Critical
CVE-2013-0673
Directory traversal vulnerability in the web interface in the Health Monitor service in MatrikonOPC A&E Historian 1.0.0.0 allows remote attackers to read and delete arbitrary files via a crafted URL.
Medium
CVE-2013-0141
Directory traversal vulnerability in McAfee ePolicy Orchestrator (ePO) before 4.5.7 and 4.6.x before 4.6.6 allows remote attackers to upload arbitrary files via a crafted request over the Agent-Serve…
2013-04-29
Medium
CVE-2012-5221
Directory traversal vulnerability in the PostScript Interpreter, as used on the HP LaserJet 4xxx, 5200, 90xx, M30xx, M4345, M50xx, M90xx, P3005, and P4xxx; LaserJet Enterprise P3015; Color LaserJet 3…
2013-04-26
Medium
CVE-2013-3240
Directory traversal vulnerability in the Export feature in phpMyAdmin 4.x before 4.0.0-rc3 allows remote authenticated users to read arbitrary files or possibly have unspecified other impact via a pa…
2013-04-24
Medium
CVE-2013-0544
Directory traversal vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 on Linux…
2013-03-29
High
CVE-2013-1082
Directory traversal vulnerability in DUSAP.php in Novell ZENworks Mobile Management before 2.7.1 allows remote attackers to include and execute arbitrary local files via the language parameter.
Critical
CVE-2013-1080
The web server in Novell ZENworks Configuration Management (ZCM) 10.3 and 11.2 before 11.2.4 does not properly perform authentication for zenworks/jsp/index.jsp, which allows remote attackers to cond…
Medium
CVE-2013-1079
Directory traversal vulnerability in the ISCreateObject method in an ActiveX control in InstallShield\ISProxy.dll in AdminStudio in Novell ZENworks Configuration Management (ZCM) 10.3 through 11.2 al…
2013-03-26
Medium
CVE-2013-1608
Directory traversal vulnerability in the Management Console on the Symantec NetBackup (NBU) appliance 2.0.x allows remote attackers to read arbitrary files via unspecified vectors.
2013-03-21
Medium
CVE-2013-0679
Directory traversal vulnerability in the web server in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote authenticated users to read arbitrary files v…
Medium
CVE-2013-0671
Directory traversal vulnerability in Siemens WinCC (TIA Portal) 11 allows remote authenticated users to read HMI web-application source code and user-defined scripts via a crafted URL.
2013-03-20
Medium
CVE-2013-0332
Multiple directory traversal vulnerabilities in ZoneMinder 1.24.x before 1.24.4 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) view, (2) request, or (3) action parameter.
2013-03-15
High
CVE-2013-2560
Directory traversal vulnerability in the web interface on Foscam devices with firmware before 11.37.2.49 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI, as demonstrated…
2013-03-13
Medium
CVE-2013-1469
Directory traversal vulnerability in install.php in Piwigo before 2.4.7 allows remote attackers to read and delete arbitrary files via a .. (dot dot) in the dl parameter.
High
CVE-2013-0084
Directory traversal vulnerability in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to bypass intended read restrictions for content, and hijack user…
2013-03-11
High
CVE-2013-1081
Directory traversal vulnerability in MDM.php in Novell ZENworks Mobile Management (ZMM) 2.6.1 and 2.7.0 allows remote attackers to include and execute arbitrary local files via the language parameter.
High
CVE-2013-1627
Absolute path traversal vulnerability in NTWebServer.exe in Indusoft Studio 7.0 and earlier and Advantech Studio 7.0 and earlier allows remote attackers to read arbitrary files via a full pathname in…
2013-03-05
High
CVE-2013-0911
Directory traversal vulnerability in Google Chrome before 25.0.1364.152 allows remote attackers to have an unspecified impact via vectors related to databases.
2013-02-24
Critical
CVE-2012-4705
Directory traversal vulnerability in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via vectors involving a crafted pathname.
2013-02-15
Medium
CVE-2013-0705
Directory traversal vulnerability in LSI 3ware Disk Manager (3DM) before 2 allows remote attackers to read arbitrary files via unspecified vectors.
Medium
CVE-2013-0704
Directory traversal vulnerability in the GREE application before 1.3.3 for Android allows remote attackers to obtain sensitive information via a crafted URL, which is not properly handled during inte…
Critical
CVE-2012-4701
Directory traversal vulnerability in Tridium Niagara AX 3.5, 3.6, and 3.7 allows remote attackers to read sensitive files, and consequently execute arbitrary code, by leveraging (1) valid credentials…
2013-02-08
Medium
CVE-2013-0262
rack/file.rb (Rack::File) in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATH_INFO environment variable…
2013-02-06
Medium
CVE-2012-2293
Directory traversal vulnerability in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allows remote authenticated users to upload files, and consequently execute arbitrary…
2013-01-31
Medium
CVE-2012-6522
Directory traversal vulnerability in the getContent function in codes/wcms.php in w-CMS 2.01 allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter. NOTE: some of thes…
2013-01-27
Medium
CVE-2013-0653
Directory traversal vulnerability in substitute.bcl in the WebView CimWeb subsystem in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPL…
2013-01-26
Medium
CVE-2012-6276
Directory traversal vulnerability in the web-based management interface on the TP-LINK TL-WR841N router with firmware 3.13.9 build 120201 Rel.54965n and earlier allows remote attackers to read arbitr…
2013-01-19
High
CVE-2012-5185
Directory traversal vulnerability in the Olive Toast Documents Pro File Viewer (formerly Files HD) app before 1.11.1 for iOS allows remote attackers to read or delete files by leveraging guest access.
2013-01-17
Low
CVE-2012-5972
Directory traversal vulnerability in the web server in SpecView 2.5 build 853 and earlier allows remote attackers to read arbitrary files via a ... (dot dot dot) in a URI.
2013-01-15
High
CVE-2013-0831
Directory traversal vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to have an unspecified impact by leveraging access to an extension process.
2013-01-12
Medium
CVE-2012-6500
Directory traversal vulnerability in download.lib.php in Pragyan CMS 3.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the fileget parameter in a profile action to…
2013-01-03
Medium
CVE-2012-6495
Multiple directory traversal vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users w…
Medium
CVE-2012-6080
Directory traversal vulnerability in the _do_attachment_move function in the AttachFile action (action/AttachFile.py) in MoinMoin 1.9.3 through 1.9.5 allows remote attackers to overwrite arbitrary fi…
2012-12-26
Medium
CVE-2012-4616
Directory traversal vulnerability in the Web UI in EMC Data Protection Advisor (DPA) 5.6 through SP1, 5.7 through SP1, and 5.8 through SP4 allows remote attackers to read arbitrary files via unspecif…
2012-12-24
Medium
CVE-2012-5931
Directory traversal vulnerability in the set_log_config function in regclnt.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 allows remote authenticated users to create or ov…
2012-12-21
Medium
CVE-2012-6324
Directory traversal vulnerability in VMware vCenter Server Appliance (vCSA) 5.0 before Update 2 and 5.1 before Patch 1 allows remote authenticated users to read arbitrary files via unspecified vector…
Critical
CVE-2012-1712
Directory traversal vulnerability in the Liferay component in Oracle Sun GlassFish Web Space Server before 10.0 Update 7 Patch 2 has unknown impact and attack vectors.
2012-12-19
Medium
CVE-2012-5978
Multiple directory traversal vulnerabilities in the (1) View Connection Server and (2) View Security Server in VMware View 4.x before 4.6.2 and 5.x before 5.1.2 allow remote attackers to read arbitra…
Medium
CVE-2012-5969
Multiple directory traversal vulnerabilities on the Huawei E585 device allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the PATH_INFO of an sdcard/ request or (2) modify arbit…
2012-12-13
High
CVE-2012-4991
Multiple directory traversal vulnerabilities in Axway SecureTransport 5.1 SP2 and earlier allow remote authenticated users to (1) read, (2) delete, or (3) create files, or (4) list directories, via a…
2012-12-05
Medium
CVE-2012-4347
Multiple directory traversal vulnerabilities in the management console in Symantec Messaging Gateway (SMG) 9.5.x allow remote authenticated users to read arbitrary files via a .. (dot dot) in the (1)…
2012-12-03
Low
CVE-2012-6064
Directory traversal vulnerability in lib/filemanager/imagemanager/images.php in CMS Made Simple (CMSMS) before 1.11.2.1 allows remote authenticated administrators to delete arbitrary files via a .. (…
2012-11-30
Medium
CVE-2012-4834
Directory traversal vulnerability in LayerLoader.jsp in the theme component in IBM WebSphere Portal 7.0.0.1 and 7.0.0.2 before CF19 and 8.0 before CF03 allows remote attackers to read arbitrary files…
2012-11-26
Critical
CVE-2010-5286
Directory traversal vulnerability in Jstore (com_jstore) component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the con…
Medium
CVE-2010-5281
Directory traversal vulnerability in ibrowser.php in the CMScout 2.09 IBrowser TinyMCE Plugin 1.4.1, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot d…
High
CVE-2010-5280
Directory traversal vulnerability in the Community Builder Enhanced (CBE) (com_cbe) component 1.4.8, 1.4.9, and 1.4.10 for Joomla! allows remote attackers to include and execute arbitrary local files…
Medium
CVE-2012-6038
admin/core/admin_func.php in razorCMS before 1.2.1 does not properly restrict access to certain administrator directories and files, which allows remote authenticated users to read, edit, rename, mov…
2012-11-18
Critical
CVE-2012-4959
Directory traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to upload and execute files via a 130 /FSF/CMD request with a .. (dot dot) in a FILE element of…
High
CVE-2012-4958
Directory traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to read arbitrary files via a 126 /FSF/CMD request with a .. (dot dot) in a FILE element of an…
High
CVE-2012-4957
Absolute path traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to read arbitrary files via a /FSF/CMD request with a full pathname in a PATH element of an…
2012-11-17
Medium
CVE-2012-5907
Directory traversal vulnerability in json.php in TomatoCart 1.2.0 Alpha 2 and possibly earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the module parameter in a "3" acti…
2012-11-08
Medium
CVE-2012-5171
Directory traversal vulnerability in Be Graph BeZIP before 3.10 allows remote attackers to create or overwrite arbitrary files via a crafted archive file.
2012-11-01
High
CVE-2012-5687
Directory traversal vulnerability in the web-based management feature on the TP-LINK TL-WR841N router with firmware 3.13.9 build 120201 Rel.54965n and earlier allows remote attackers to read arbitrar…
2012-10-31
Medium
CVE-2012-4940
Multiple directory traversal vulnerabilities in the View Log Files component in Axigen Free Mail Server allow remote attackers to read or delete arbitrary files via a .. (dot dot) in (1) the fileName…
2012-10-25
Medium
CVE-2011-5219
Directory traversal vulnerability in examples/show_code.php in mPDF 5.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.
Medium
CVE-2011-5217
Directory traversal vulnerability in the PXE Mtftp service in Hitachi JP1/ServerConductor/DeploymentManager before 08-55 Japanese and before 08-51 English allows remote attackers to read arbitrary fi…