Search Results (9683 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-1192 1 Kgb Project 1 Kgb 2025-04-12 N/A
Absolute path traversal vulnerability in kgb 1.0b4 allows remote attackers to write to arbitrary files via a full pathname in a crafted archive.
CVE-2015-2925 4 Canonical, Debian, Linux and 1 more 7 Ubuntu Linux, Debian Linux, Linux Kernel and 4 more 2025-04-12 N/A
The prepend_path function in fs/dcache.c in the Linux kernel before 4.2.4 does not properly handle rename actions inside a bind mount, which allows local users to bypass an intended container protection mechanism by renaming a directory, related to a "double-chroot attack."
CVE-2015-1398 1 Magento 1 Magento 2025-04-12 N/A
Multiple directory traversal vulnerabilities in Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 allow remote authenticated users to include and execute certain PHP files via (1) .. (dot dot) sequences in the PATH_INFO to index.php or (2) vectors involving a block value in the ___directive parameter to the Cms_Wysiwyg controller in the Adminhtml module, related to the blockDirective function and the auto loading mechanism. NOTE: vector 2 might not cross privilege boundaries, since administrators might already have the privileges to execute code and upload files.
CVE-2016-5418 3 Libarchive, Oracle, Redhat 11 Libarchive, Linux, Enterprise Linux and 8 more 2025-04-12 N/A
The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file.
CVE-2016-2205 1 Symantec 2 Workspace Streaming, Workspace Virtualization 2025-04-12 N/A
Directory traversal vulnerability in the file-download configuration file in the management console in Symantec Workspace Streaming (SWS) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 and Symantec Workspace Virtualization (SWV) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 allows remote authenticated users to read unspecified application files via unknown vectors.
CVE-2015-1191 1 Zlib 1 Pigz 2025-04-12 N/A
Multiple directory traversal vulnerabilities in pigz 2.3.1 allow remote attackers to write to arbitrary files via a (1) full pathname or (2) .. (dot dot) in an archive.
CVE-2015-7601 1 Pcman\'s Ftp Server Project 1 Pcman\'s Ftp Server 2025-04-12 N/A
Directory traversal vulnerability in PCMan's FTP Server 2.0.7 allows remote attackers to read arbitrary files via a ..// (dot dot double slash) in a RETR command.
CVE-2014-2314 2 Atlassian, Microsoft 2 Jira, Windows 2025-04-12 N/A
Directory traversal vulnerability in the Issue Collector plugin in Atlassian JIRA before 6.0.4 allows remote attackers to create arbitrary files via unspecified vectors.
CVE-2014-2313 2 Atlassian, Microsoft 2 Jira, Windows 2025-04-12 N/A
Directory traversal vulnerability in the Importers plugin in Atlassian JIRA before 6.0.5 allows remote attackers to create arbitrary files via unspecified vectors.
CVE-2015-8357 1 Bitrix 1 Xscan 2025-04-12 N/A
Directory traversal vulnerability in the bitrix.xscan module before 1.0.4 for Bitrix allows remote authenticated users to rename arbitrary files, and consequently obtain sensitive information or cause a denial of service, via a .. (dot dot) in the file parameter to admin/bitrix.xscan_worker.php.
CVE-2015-1003 1 Ininet Solutions 1 Scada Web Server 2025-04-12 N/A
Directory traversal vulnerability in IniNet embeddedWebServer (aka eWebServer) before 2.02 allows remote attackers to read arbitrary files via a crafted pathname.
CVE-2015-0911 1 Dounokouno 1 Transmitmail 2025-04-12 N/A
Directory traversal vulnerability in TAGAWA Takao TransmitMail 1.0.11 through 1.5.8 allows remote attackers to read arbitrary files via vectors related to attachment handling.
CVE-2016-2289 1 Iconics 1 Webhmi 2025-04-12 N/A
Directory traversal vulnerability in ICONICS WebHMI 9 and earlier allows remote attackers to read configuration files, and consequently discover password hashes, via unspecified vectors.
CVE-2015-7254 1 Huawei 3 Hg532e, Hg532n, Hg532s 2025-04-12 N/A
Directory traversal vulnerability on Huawei HG532e, HG532n, and HG532s devices allows remote attackers to read arbitrary files via a .. (dot dot) in an icon/ URI.
CVE-2015-7250 1 Zte 2 Zxhn H108n R1a, Zxhn H108n R1a Firmware 2025-04-12 N/A
Absolute path traversal vulnerability in cgi-bin/webproc on ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allows remote attackers to read arbitrary files via a full pathname in the getpage parameter.
CVE-2014-2324 5 Contec, Debian, Lighttpd and 2 more 7 Sv-cpt-mc310, Sv-cpt-mc310 Firmware, Debian Linux and 4 more 2025-04-12 N/A
Multiple directory traversal vulnerabilities in (1) mod_evhost and (2) mod_simple_vhost in lighttpd before 1.4.35 allow remote attackers to read arbitrary files via a .. (dot dot) in the host name, related to request_check_hostname.
CVE-2015-7683 1 Font Project 1 Font 2025-04-12 N/A
Absolute path traversal vulnerability in Font.php in the Font plugin before 7.5.1 for WordPress allows remote administrators to read arbitrary files via a full pathname in the url parameter to AjaxProxy.php.
CVE-2015-3627 2 Docker, Redhat 3 Docker, Libcontainer, Rhel Extras Other 2025-04-12 N/A
Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an image.
CVE-2014-7818 2 Opensuse, Rubyonrails 3 Opensuse, Rails, Ruby On Rails 2025-04-12 N/A
Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.20, 4.0.x before 4.0.11, 4.1.x before 4.1.7, and 4.2.x before 4.2.0.beta3, when serve_static_assets is enabled, allows remote attackers to determine the existence of files outside the application root via a /..%2F sequence.
CVE-2013-5655 1 Xiaowen Huang 1 Yingzhi Python Programming Language 2025-04-12 N/A
Directory traversal vulnerability in the FTP server in YingZhi Python Programming Language for iOS 1.9 allows remote attackers to read and possibly write arbitrary files via a .. (dot dot) in the default URI.